Abstract: A method and apparatus is presented for announcing the existence of cryptographic key pairs within a distributed ledger system in which no central trusted authority is available, consisting of sending a key announcement message by a network connected device to other network connected devices over a peer-to-peer network for inclusion in the distributed ledger. Once a valid key announcement message for a public key is included in the ledger, any future transactions that reference an address associated with the public key or other messages concerning said public key are accepted by other network connected devices on the peer-to-peer network and are included in the distributed ledger. If transactions or other messages reference an address not associated with an announced public key, they may be rejected by the peer-to-peer network and may not be included in the distributed ledger.

Abstract: Aspects of the present invention provide an approach for performing network intrusion detection and prevention service (NIDPS) detection on a proxy server in a networked computing environment. In an embodiment, the proxy server has a front end proxy, a NIDPS component, and a back end proxy installed on it. The front end proxy decodes communications sent by external users to content servers over a network that are intercepted by the proxy server and forwards the communications to the NIDPS component. The NIDPS component performs NIDPS detection to detect whether communications comprise a network threat. Communications that have been verified as not comprising a network threat are forwarded to the back end proxy for routing to their destinations. Communications that have been verified as threats are forwarded to a cognitive engine, which initiates an automatic scaling of the NIDPS component in response to indications of network threats from the NIDPS component.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for embedding copyright information in one or more pages for presenting digital content. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with the digital content; identifying one or more attributes associated with a page design of one or more blank pages of an electronic file; embedding the unique ID in the one or more blank pages by changing the one or more attributes to be representative of the unique ID; allocating the digital content to at least one of the one or more information-embedded pages; and distributing, by the computing device, the one or more information-embedded pages allocated with the digital content to the blockchain network.

Abstract: Embodiments described herein disclose methods and systems for authorizing transactions received from client applications. The transaction request can include a first access token. After validating the first access token, the system can determine whether additional authentication is needed to authorize the transaction. If additional authentication is needed, the system can determine the authentication requirements. Once the additional authentication is received and verified, the system can generate a second access token and authorize the transaction by releasing the first access token.

Abstract: Embodiments are described for enhanced security in a switched network using RSA security between hops of a transmission path of a data frame from an origination node to a destination node, via one or more intervening switches. Each switch and node in a switched network can be configured for “RSA security enabled” or “RSA security disabled.” RSA security can be enabled, or disabled, for the whole network. RSA security can be enabled for all switches (but not nodes) or selectively enabled for switches. If two adjacent devices (nodes or switches) have RSA security enabled, then an RSA secure frame is generated to transmit data on that hop of a transmission path between an originating node and destination node. RSA encryption keys can be different for each hop on the transmission path. RSA token seeds can be regenerated periodically to increase the difficulty of learning an encryption key for any hop.

Abstract: Provided are a method and an apparatus for providing a trust-based media service. First user related data and second user related data are collected from a media service and other service, the trust is analyzed based on the collected data, trust information including the trust index of the first user or the second user is obtained, and the trust information is provided. The trust index is calculated based on a value of trustworthiness for a user obtained based on a first individual measurement index calculated based on the collected data and a value of relationship between the first user and the second user obtained based on a second individual measurement index calculated based on the collected data.

Abstract: A method, apparatus and product for identifying a bot agent using behavioral features. The method comprising obtaining a set of behavioral features of a usage of an input device during an interaction of an agent with a page, wherein the set of behavioral features are consistent with a human-generated interaction, wherein the set of behavioral features are generated based on events obtained from a client device used by the agent; automatically estimating whether the agent is a bot based on comparison of the set of behavioral features with one or more additional sets of behavioral features, wherein the one or more additional sets of behavioral features were previously obtained based on interactions of one or more agents with one or more pages; and in response to an estimation that the agent is a bot, performing a responsive action.

Abstract: A system for detecting and mitigating forged authentication object attacks is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A plurality of system nodes coupled via a dedicated private network is described herein. A user can access data stored in one or more system nodes if a multi-factor authentication is successful. The multi-factor authentication can include using the structure of a person's vein (or artery) as one of the factors used to determine whether to authenticate a user. The structure of a person's vein (or artery) can be captured using a vein reader coupled to or embedded within a user device. For example, the vein reader can be coupled to the user's smartphone or can be embedded within the user's smartphone. Once captured, the vein reader can encode the user's vein structure to produce a vein ID that can then be used for authentication purposes.

Abstract: Technique for creating a strong authentication for a user using a portable electronic device held by the user. A central server requests an external authentication service provider, which provides a first set of user information, to authenticate the user. The user captures a still or moving image of a valid physical piece of user identification and the central server performs optical character recognition on the image, thereby obtaining a second set of user information. The central server compares the first and second sets of user information. In case the first and second sets of user information match, the portable electronic device is associated with the user and a piece of user-specific authentication information.

Abstract: A system intercepts, at an application programming interface (API) gateway, a request for access to a computing resource and obfuscates metadata associated with the request. The metadata is obfuscated by at least encrypting the metadata to generate encrypted metadata. The API gateway further generates a second request to include the encrypted metadata. The second request is then used to access the computing resource in response to the first request such that when the computing resource is accessed, the metadata associated with the computing resource is encrypted.

Abstract: A method for computing a shared key (K) for encrypting data between a first device and a second device. The method includes communicating a first private ephemeral key (XA), and a first parameter set (YA) to a second device. The first parameter set (YA) includes identity data (IDA) that identifies the first device, a random point (VA) on an elliptic curve, and a first public key (UA). The first device receives a second private ephemeral key (XB) and a second parameter set (YB). The second parameter set (YB) includes identity data (IDB) that identifies the second device, a random point (VB) on the elliptic curve, and a second public key (UB). Verifying operations are performed to verify the second public key (UB) and the second private ephemeral key (XB) as valid. A shared key (K) is then computed based at least on the first parameter set (YA), the second parameter set (YB), the first private ephemeral key (XA), and the second private ephemeral key (XB).

Abstract: Profile_ID files, containing proprietary hardware operating details of an originating user who originates a process recipe, are encrypted before dissemination of the process recipe to an end user. Blockchain technology is used to enable the end user to validate the encrypted process recipe and control uniform validated process across multiple chambers and locations.

Abstract: A wireless device enterprise management system and a method for operating the management system in a controlled environment is disclosed. The enterprise management system includes implementing a container-based file system on wireless devices within the controlled environment. Enterprise management system manages and controls the organization of files into one or more containers on each wireless device. Each container is associated with one or more execution rules that allow or restrict execution of files that are located in the container.

Abstract: Concepts and technologies of network service control for remote access to wireless radio networks are provided herein. In an embodiment, a client network can be provided by a network access point that can include a processor that is configured to detect a guest user equipment and determine whether the guest user equipment is a recognized device. In response to determining that the guest user equipment is not a recognized device, the processor can create an identity verification request message that seeks approval from a host device to allow the guest user equipment to access the client network. The processor can provide the identity verification request message to the host device and receive a trigger response message. The processor can create a network access package that provides the guest user equipment with access credentials to access the client network and provide the network access package to the guest user equipment.

Abstract: A method comprises obtaining, from a client device, a first set of application authentication credentials formatted in accordance with a first authentication protocol. The first set of application authentication credentials corresponds to a first user profile. The method includes translating the first set of application authentication credentials to a second set of application authentication credentials. The second set of application authentication credentials is formatted in accordance with a second authentication protocol different from the first authentication protocol and corresponds to the first user profile. The method includes providing the second set of application authentication credentials to an application authentication system. The method includes, in response to providing the second set of application authentication credentials to the application authentication system, obtaining, from the application authentication system, an application authentication indicator.

Abstract: A storage device includes: a controller; a storage medium coupled to the controller; and a data security bridge comprising a security module and a key management module; wherein the security module is configured to perform data encryption and/or data decryption; and wherein the key management module is configured to obtain a first security key stored in the storage device, obtain a second security key received by the storage device, and perform a user authentication based on the first security key and the second security key.

Abstract: A data processing method may include: determining, by a transaction initiation node in a blockchain, transaction data of a transaction and information to be hidden in the transaction data; obtaining, by using the transaction data as an input of a predetermined one-way function, a transaction root of the transaction, and constructing, based on the transaction root, proof data corresponding to the information to be hidden; and, after signing the transaction root, initiating a transaction request to write the transaction root and the proof data on the blockchain, for a node in the blockchain to perform consensus verification on the transaction root and the proof data, and approve or reject the transaction request based on a verification result.

Abstract: Techniques are disclosed relating to detecting potential malware. A computer system may access process information identifying a set of software modules stored in a memory space allocated for a computer process. The computer system may determine address ranges that are respectively associated with a software module and define a segment in the memory space where program instructions are stored corresponding to that software module. The computer system may access thread information specifying, for each of a set of threads, a start address that identifies a location from which an initial program instruction is to be retrieved to begin execution of that thread. The computer system may make a determination that a thread is associated with a start address identifying a location outside of all address ranges, but within the memory space. Based on the determination, the computer system may classify the thread as being associated with malicious activity.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for embedding copyright information in one or more pages for presenting digital content. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with the digital content; identifying one or more attributes associated with a page design of one or more blank pages of an electronic file; embedding the unique ID in the one or more blank pages by changing the one or more attributes to be representative of the unique ID; allocating the digital content to at least one of the one or more information-embedded pages; and distributing, by the computing device, the one or more information-embedded pages allocated with the digital content to the blockchain network.