Abstract: One aspect of the invention provides a method for secure sharing of data. The method includes: receiving, from a first computing device and by a security node for the first computing device, a hashed identifier for a data source; generating, in response to the receiving, a blinding function value dependent on the hashed identifier; and transmitting, to the first computing device, the blinding function value for storage of a set of data and linking the set of data to the data source.

Abstract: Described herein are techniques for enabling remote implementation and enforcement of usage settings on one or more user devices. In some embodiments, a wireless carrier network maintains information on relationships between various user devices. Each relationship may be active under specified conditions (e.g., time and/or location) and is associated with usage settings that dictate one or more rules to be enforced while the relationship is active. In some embodiments, a set of usage settings may be generated for a particular user device based on all active relationships associated with that user device. The set of usage settings may be enforced by a mobile application installed upon a user device or by a wireless carrier network that blocks certain network traffic to and/or from the user device.

Abstract: A token transaction comprising a first token output, the first token output comprising a first token locking script and a first token amount, wherein the first token locking script comprises a variable component and a constant component, wherein the variable component comprises a first payment address, embedded in a payment template, and wherein the constant component comprises a token mechanics sub-component.

Abstract: In some aspects, a verification system can receive a verification query from a verifier computing system for requesting verification of characteristics of an entity involved in an online interaction. The verification query can include a unique identifier (“UID”) of the entity. The verification computing system can query a verification repository in the verification computing system based on the UID. Additionally, the verification computing system can query an external-source cache using the UID. In response to determine a match for the UID in the external-source cache, the verification computing system can request external sensitive data records for the entity from an external source corresponding to the external-source cache. Generating consolidated sensitive data records can involve consolidating the external sensitive data records and internal sensitive data records obtained through querying the verification repository.

Abstract: A secure computation system includes first, second, and third secure-computation-apparatuses each having a tripartite-share of a concealed input vector. The first secure-computation-apparatus converts its tripartite-share into a bipartite-share with the third secure-computation-apparatus; calculates a third vector obtained by subtracting a second permutation of a first vector and a second vector from its permutation of its bipartite-share; and transmits the third vector and the second permutation to the second secure-computation-apparatus. The third secure-computation-apparatus converts its tripartite-share into a bipartite-share with the first secure-computation-apparatus; calculates a fourth vector obtained by adding the first vector to a first permutation of its bipartite-share; transmits the fourth vector to the third secure-computation-apparatus: set the second vector as a bipartite-share with the second secure-computation-apparatus.

Abstract: A system and a method for writing and retrieval of data in a distributed ledger is provided and includes receiving a first dataset including data entries between a start instant and an end instant of a current regular time interval from nodes that are online and recording in a current main block; and receiving one or more second datasets including data entries between respective start instants, preceding the current regular time interval, and respective end instants of corresponding one or more given regular time intervals, from nodes that were offline at the respective end instants of the corresponding one or more given regular time intervals and are online then and recording in corresponding one or more current temporal side blocks; and pegging the temporal side blocks to the main block, and committing to the distributed ledger.

Abstract: A secret calculation system includes an acquisition unit that acquires each of a plurality of pieces of processing target data indicating data encrypted using a plurality of pieces of different key information generated by a plurality of information processing systems, from a corresponding information terminal of a plurality of information terminals, a secret calculation unit that generates result data indicating a result of calculation based on the plurality of pieces of processing target data in a state where the plurality of pieces of processing target data are encrypted, and a providing unit that provides the result data to the plurality of information terminals.

Abstract: The disclosed systems and methods may request a merchant identifier associated with a merchant from a third party, receive the merchant identifier, retrieve or receive a first uniform resource locator (URL) associated with the merchant, and store the merchant identifier and the first URL in a database. In response to a web browser extension detecting that a user is preparing to make an online purchase associated with the merchant, the system may receive an age request for an age of the merchant from a user device and identify the merchant identifier in the database based on a second URL included in the age request. The system may then request the age of the merchant from the database based on the merchant identifier, receive the age of the merchant from the third party, and transmit the age of the merchant to the user device for display.

Abstract: Solutions for ARP-based annotations for virtual machines. In some solutions, a hypervisor implemented in a first host might determine that a first process is executing on the first host. The hypervisor can determine first context information for the first process, generate an Address Resolution Protocol (ARP) request, and/or transmit a first packet comprising the ARP request and the context information to a central controller as an indication that the first process is executing on the first host.

Abstract: A system configured to implement mobile number security protections includes a computer system configured to obtain one or more of time dependent data, encryption data, and device related data; the computer system is further configured to generate a system generated code based on one or more of the time dependent data, the encryption data, and the device related data; the computer system is further configured to receive a wireless device generated code generated by a wireless device; and the computer system is further configured to compare the wireless device generated code generated by the wireless device to the system generated code generated by the computer system.

Abstract: Systems, methods, and apparatus are provided for reverse authentication across communication channel technologies. An enterprise call application may publish an event associated with an active call to a real-time monitoring application. Each event may include an agent identifier and a customer identifier. The real-time monitoring application may maintain an event queue for the active call. The event queue may be associated with the customer identifier. A web services application may interface between the central server and a mobile device. The webs services application may subscribe to the event queue at the real-time monitoring application and push a call status to a mobile device application. The mobile device application may display the call status and the agent identifier at the mobile device application.

Abstract: The present disclosure presents blockchain-based cyber security management systems and related methods. One such method comprises obtaining cyber intelligence input data from a cyber defender computing device, wherein the cyber defender computing device manages network security of a network, wherein the cyber intelligence input data identifies a cyber attacker or a victim of a cyber attack on the network; executing one or more Cyber Security Management (CSM) functions with the cyber intelligence input data received from the cyber defender computing device and cyber data stored in the blockchain ledger, wherein the cyber data stored in the blockchain ledger provides details on a cyber attack on a network that is managed by another cyber defender computing device; and outputting an alert to the cyber defender computing device with a potential cyber attacker or potential victim of the cyber attack on the network managed by the cyber defender computing device.

Abstract: In one embodiment, an illustrative method herein may comprise: determining, by a device of a communication session, that a new epoch has occurred within the communication session, wherein the communication session has one or more member devices; generating, by the device and in response to the new epoch, a new key encryption key and a key bundle comprising one or more keys to decrypt content of the communication session from one or more previous epochs of the communication session; encrypting, by the device, the key bundle with the new key encryption key to create an encrypted key bundle; and sharing, from the device, the encrypted key bundle with the one or more member devices to allow the one or more member devices to access the content of the communication session from the one or more previous epochs.

Abstract: Systems and methods are provided to build a machine learned exploitability risk model that predicts, based on the characteristics of a set of machines, a normalized risk score quantifying the risk that the machines are exploitable by a set of attacks. To build the model, a training dataset is constructed by labeling characteristic data of a population of machines with exploitation test results obtained by simulating a set of attacks on the population. The model is trained using the training data to accurately predict a probability that a given set of machines is exploitable by the set of attacks. In embodiments, the model may be used to make quick assessments about how vulnerable a set of machines are to the set of attacks. In embodiments, the model may be used to compare the effectiveness of different remediation actions to protect against the set of attacks.

Abstract: An information processing apparatus, comprising a setting unit that executes a security setting on the information processing apparatus based on an installation environment of the information processing apparatus, wherein the setting unit executes the security setting again at a specific timing.

Abstract: The disclosed technologies include receiving a request from a second computing device to verify ownership of a blockchain address. A challenge content is generated and sent to the requestor. A signature is received comprising a hash of the challenge content generated using a private key. A public key corresponding to the private key is obtained, and the signature is validated using the public key. In response to validating the signature, a characteristic is associated with a user associated with the blockchain address.

Abstract: A Transport Layer Security (TLS) handshake can be terminated early—i.e., before certificate validation—to reduce server-side demand, which can be particularly advantageous in counteracting Denial-of-Service (DOS) attacks and the like. To this end, an endpoint may provide a one-time password (OTP) in the client hello message during the initial steps of a TLS handshake or similar connection protocol. A gateway, upon receiving the client hello message, may generate its own OTP for comparison with the OTP in the client hello message. The endpoint and gateway may advantageously generate the OTP based on a secret provided by a threat management facility with a preexisting secure connection to the two entities. If the OTP provided in the client hello message and the OTP generated on the gateway are the same, then the TLS handshake may continue; otherwise, the Transmission Control Protocol (TCP) connection will be terminated by the gateway.

Abstract: A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

Abstract: A system and method for authenticating an application that employs cryptographic keys and functions is provided with white box cryptography employed to secure the application, and to secure communications with the application. The white box includes a transformation of the application and the keys. A secure channel between the white box and a crypto token is used for communications. In some cases, the transformed keys can be employed in authenticating the white box to the crypto token. The presence of a valid crypto token can be periodically determined. In the presence of a valid crypto token, the white box can provide a verifiable message to a remote server. The remote server can verify the message and initiate a service.

Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.