Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for embedding copyright information in one or more pages for presenting digital content. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with the digital content; identifying one or more attributes associated with a page design of one or more blank pages of an electronic file; embedding the unique ID in the one or more blank pages by changing the one or more attributes to be representative of the unique ID; allocating the digital content to at least one of the one or more information-embedded pages; and distributing, by the computing device, the one or more information-embedded pages allocated with the digital content to the blockchain network.

Abstract: A single architected instruction to verify a signed message is executed. The executing includes determining a verify function of a plurality of verify functions supported by the instruction to be performed and obtaining input for the instruction. The input includes a message and a key. Based on the verify function to be performed and the input, a signature of the message is verified.

Abstract: A system for securing a secret word during a read of the secret word from a read-only memory (ROM) is disclosed. The system includes a memory controller coupled to the ROM and a random number generator coupled to the memory controller. The random number generator is configured to generate a random number. The system further includes a number shuffler coupled to the random number generator and the memory controller. The number shuffler is configured to generate a bit read order based on the random number and the memory controller is configured to read bits of the secret word from the ROM according to the bit read order.

Abstract: A data processing method may include: determining, by a transaction initiation node in a blockchain, transaction data of a transaction and information to be hidden in the transaction data; obtaining, by using the transaction data as an input of a predetermined one-way function, a transaction root of the transaction, and constructing, based on the transaction root, proof data corresponding to the information to be hidden; and, after signing the transaction root, initiating a transaction request to write the transaction root and the proof data on the blockchain, for a node in the blockchain to perform consensus verification on the transaction root and the proof data, and approve or reject the transaction request based on a verification result.

Abstract: Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.

Abstract: Virtual desktops are hosted on one or more remote desktop hosts at one or more private locations of an enterprise, remote from a service provider location, and behind a firewall on a private computer network. The desktops are remotely managed through resources at a service provider data center, optionally along with other virtual desktops hosted on desktop hosts at the service provider data center. The remote desktop hosts can be pre-configured with known storage, compute and connectivity resources. The remote desktop hosts can be remotely managed through a resource management appliance, i.e., a management system running resource management software, which can be located at either the service provider data center or the tenant data center.

Abstract: A non-transitory computer-readable medium includes an encrypted dataset, a first access control measure, and instructions. The encrypted dataset includes a first encrypted block of data, encrypted using a first encryption algorithm, and a second encrypted block of data, encrypted using a second encryption algorithm stronger than the first. The first access control measure is associated with a first access control characteristic and is configured to selectively prevent access to the encrypted dataset. The instructions are configured, when executed by a processor of a device of a first user, to determine that a first characteristic of the first user matches the first access control characteristic. In response, the instructions are configured to decrypt the encrypted dataset to form a plain text dataset and provide the device of the first user access to the plain text dataset. Decrypting the encrypted dataset includes decrypting the first and second blocks of data.

Abstract: An identity of a user on a first computing node of a plurality of nodes within a computing environment is authenticated. A first authentication score for the user is calculated at the first computing node using at least one machine learning model. The first authentication score characterize interactions of the user with the first computing node. Subsequent to such authentication, traversal of the user from the first computing node to other computing nodes among the plurality of computing nodes are monitored. An authentication score characterizing interactions of the user with the corresponding computing node are calculated at each of the nodes using respective machine learning models executing on such nodes The respective machine learning models use, as an attribute, an authentication score calculated at a previously traversed computing node. Thereafter, an action is initiated at one of the computing nodes based on the calculated authentication scores.

Abstract: Provided is a process control device, etc. capable of more reliably maintaining the soundness of an information processing system with regard to cybersecurity. A processing control device calculates a sum of a value indicating a risk included in processing information that includes one or more processing executed on an information processing apparatus during a certain period; and restricts processing to the information processing apparatus when the calculated sum value for the processing information satisfies a predetermined restriction condition.

Abstract: A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a modification request to modify data in a target volume. If so, target analysis logic determines whether the request is for a target volume that is within a first or second protected volume. If the request is to modify data stored in the first protected volume, the request is blocked. If the request is to modify data in a second protected volume, then a whitelist is examined to determine whether the requesting process and user are on the whitelist. If not, the request is also blocked.

Abstract: A point-to-point Virtual Private Network (VPN) tunnel is established for facilitating fully cloaked transmission of a data packet from a source endpoint device to a destination endpoint device. The data packet includes a payload portion, an inner header, and an outer header. An ‘end-to-end key’, a ‘next-hop-destination key’ and a plurality of ‘next-hop’ keys are calculated. The end-to-end key is used at the source endpoint device and the destination endpoint device respectively to encrypt and decrypt the payload portion. The next-hop keys are used to encrypt the inner header during the hop-to-hop communication from one intermediary node to another, along the incrementally constructed path connecting the source endpoint device with the destination endpoint device. The encryption of the payload portion is maintained throughout the hop-to-hop communication regardless of the number of intermediary nodes traversed by the data packet en route to the destination endpoint device.

Abstract: A method includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with digital content, wherein the copyright information and the digital content are recorded on a blockchain of a blockchain network; identifying a plurality of color values associated with one or more color attributes of at least a portion of the digital content; and embedding the unique ID in the digital content by changing one or more color values of the plurality of color values to be representative of the unique ID, wherein the embedding produces information-embedded digital content that enables retrieval of the copyright information from the blockchain based on the unique ID, and wherein a visual difference between the digital content and the information-embedded digital content is not apparent to an unaided human eye.

Abstract: A computer-implemented method for propagating access to assets across a plurality of datasources. The method may include receiving user input via an administrative user interface that comprises selection of the datasources. A plurality of provisionable assets including at least one provisionable asset from each of the datasources may be automatically retrieved. Asset designations of at least some of the provisionable assets may be received via the administrative user interface. A plurality of asset paths corresponding to the designated assets may be automatically determined. The asset paths may be automatically assigned to an authorized role and automatically consolidated for collective invocation in response to queries.

Abstract: Embodiments of the present disclosure pertain to accessing computing resources. In one embodiment, the present disclosure includes a computer implemented method comprising storing at least one credential for accessing a first system, storing a plurality of user credentials for a plurality of users having access to a second system, linking the plurality of user credentials for the plurality of users having access to the second system to the at least one credential for accessing the first system, receiving a first user credential for a first user from the second system over a first connection, authenticating the first user credential, wherein the first user credential is authenticated when the first user credential matches one of the stored plurality of user credentials, and establishing a second connection between the first system and the second system using the at least one credential when the first user credential is authenticated.

Abstract: A method for accessing a resource utilizing a reusable access token. The method includes one or more computer processors generating an initial token, wherein the initial token is associated with a remotely stored backup copy of the initial token. The method further includes transmitting the initial token to a client device. The method further includes receiving a modified token from the client device. The method further includes responding to receiving the modified token by determining that the received modified token is valid. The method further includes responding to determining that the received modified token is valid by granting access to a protected resource.

Abstract: A method includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with digital content, wherein the copyright information and the digital content are recorded on a blockchain of a blockchain network; identifying a plurality of color values associated with one or more color attributes of at least a portion of the digital content; and embedding the unique ID in the digital content by changing one or more color values of the plurality of color values to be representative of the unique ID, wherein the embedding produces information-embedded digital content that enables retrieval of the copyright information from the blockchain based on the unique ID, and wherein a visual difference between the digital content and the information-embedded digital content is not apparent to an unaided human eye.

Abstract: A random number generator generates a random number by using at least two algorithms. A security device includes the random number generator. The random number generator includes a random seed generator and a post processor. The random seed generator is configured to receive an entropy signal and to generate a random seed of a digital region generated by using the entropy signal. The post processor is configured to generate a random number from the random seed by using a first algorithm and a second algorithm. A bias property represents unbiasedness of a result value, and a bias property of the first algorithm is different from a bias property of the second algorithm.

Abstract: A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.

Abstract: Methods for encoding a file and de-duplicating a coded packet of the file are presented. The encoding method includes: identifying a file to be stored; encoding the file to generate a plurality of coded packets; generating a hash code associated with the file; distributing the plurality of coded packets to a plurality of storage nodes; and storing the hash code associated with the file in a hash server. The de-duplicating method includes: receiving a coded packet at a storage node; retrieving a hash code, from the hash server, corresponding to the coded packet; determining whether the coded packet has been stored in the storage node based upon the hash code; in response to determination that the coded packet has being stored, discarding the coded packet; and in response to determination that the coded packet has not being stored, storing the coded packet in the storage node.

Abstract: A method and apparatus is presented for announcing the existence of cryptographic key pairs within a distributed ledger system in which no central trusted authority is available, consisting of sending a key announcement message by a network connected device to other network connected devices over a peer-to-peer network for inclusion in the distributed ledger. Once a valid key announcement message for a public key is included in the ledger, any future transactions that reference an address associated with the public key or other messages concerning said public key are accepted by other network connected devices on the peer-to-peer network and are included in the distributed ledger. If transactions or other messages reference an address not associated with an announced public key, they may be rejected by the peer-to-peer network and may not be included in the distributed ledger.