Abstract: A method comprises predefining a reference data item; creating a relation and inserting a given data item of the set of data items into the relation; inserting each data item of the set of data items into the created relation using a traversal method, wherein the order comparing step comprises in case a comparison result of the currently traversed data item with the reference data item is different from a comparison result of the to be inserted data item with the reference data item inverting the decision logic, and using the inverted decision logic in the decision step; and providing the created relation.

Abstract: A system including: a transceiver; a boot processor configured to: capture an image of a container of the system, determine whether the system container image has been modified, and post, to a node of a distributed ledger network, a first attestation based on a determination of whether an anomaly exists in the system container image; a system processor; and a memory storing instructions that instruct the system processor to: receive a request to connect to an external device, request a second attestation from a node of the distributed ledger network as to whether an anomaly exists in the external device container image, determine whether an anomaly exists in the external device container image, and either: establish, in response to determining that an anomaly does not exist, a connection with the external device, or deny the request to connect to the external device in response to determining that an anomaly exists.

Abstract: Novel tools and techniques are provided for implementing a telemetry hub, and, more particularly, to methods, systems, and apparatuses for implementing a telemetry hub that obtains sensor data from a plurality of sources and that determines one or more first actions to take in response to receiving the first sensor data. In operation, a telemetry hub might receive first sensor data from one or more sensors. The telemetry hub may determine whether the first sensor data can be trusted and whether the first sensor data is valid. Based on a determination that the first sensor data can be trusted and is valid, the telemetry hub might analyze the first sensor data to determine one or more first actions to take. The telemetry hub might then implement the one or more first actions based at least in part on the analysis of the first sensor data.

Abstract: A system stores transaction data in a ring chain architecture. A ring chain comprises blocks of data stored as a length-limited block chain in a ring buffer configuration. A block of transactions is stored on a ring chain until enough new blocks are added to overwrite the ring buffer with new blocks. The system stores multiple ring chains that update at varying frequencies. A new block on a lower frequency ring chain stores an aggregation of data from the blocks that were added to a higher frequency ring chain in the time since the previous addition of a block to the lower frequency ring chain. Thus, a system of ring chains stores progressively summarized state transition data over progressively longer time intervals while maintaining immutability of the record and reducing storage requirements.

Abstract: An example operation may include one or more of receiving one or more responses to a storage request for a blockchain from one or more endorser nodes of the blockchain, extracting transaction data of the storage request included in the one or more responses, generating a zero-knowledge proof of endorsement based on the extracted transaction data and the one or more responses, and transmitting the zero-knowledge proof to a blockchain node for inclusion within a data block among a hash-linked chain of data blocks.

Abstract: Systems, methods, and other embodiments described herein relate to securing personally identifiable information associated with riding in a vehicle. In one embodiment, a method includes, in response to receiving, in a mobile device from the vehicle, telematics data about a current trip of the vehicle, securing the telematics data according to at least a mobile cryptographic key associated with the mobile device to provide the telematics data as secured data that is obfuscated. The method includes generating, by the mobile device, a secure packet including at least the secured data and a signature from the vehicle associated with the secured data. The method includes communicating, by the mobile device, the secure packet to a remote computing device to cause the remote computing device to securely store the secured data without identifying a user associated with the mobile device.

Abstract: Disclosed embodiments include techniques for automatically provisioning dynamic privileged access resources. Aspects may involve receiving a notification that an identity is seeking to participate in a privileged session with an access-restricted network resource, and automatically provisioning, in response to the notification, a privileged access resource for use by the identity in participating in the privileged session with the access-restricted network resource. Further, aspects may include determining that the privileged session with the access-restricted network resource has ended, and automatically deprovisioning, based on the determination, the privileged access resource.

Abstract: A method and system for managing shared use of an asset. An asset device and an owner device accomplish an initial setup procedure to register the owner with the asset. One or more secure policies are then sent from the owner device, or another device authorized to create policies, to one or more user devices. The policies express user conditions and limitations for using the asset. Subsequently, the user device transmits the secure policy to the asset device. Once the policy has been transferred from the user device to the asset device, user associated with the user device can request use of the asset and will be granted the requested use if the requested use is permitted by the policy.

Abstract: Techniques for securing communication. The techniques include using at least one device to perform method for encrypting input data using a cipher associated with a plurality of languages including a first language, the first language associated with a first set of ciphertext symbols, a first permutation for the first set, and a first partition for the first permutation. The method includes obtaining, from the input data, a first plaintext symbol; mapping the first plaintext symbol to a first ciphertext symbol using the cipher, the mapping including: identifying a first set of candidate ciphertext symbols using the first plaintext symbol, the first permutation, and the first partition; and identifying, at random, the first ciphertext symbol from the first set of candidate ciphertext symbols; and outputting the first ciphertext symbol.

Abstract: A method of integrating a cryptographically secured digital asset into a digital video game application includes receiving a digital asset identification (ID) code representative of cryptographically secure digital asset. The digital asset ID code exists together with a unique owner ID code on a distributed blockchain ledger, and includes a code string segmented into a series of code subsets. A first plurality of the code subsets includes data indicative of a plurality of attributes of the digital asset. The digital asset ID code is provided to a virtual object generator, which returns a virtual object constructed from the first plurality of the code subsets of the unique owner ID code, and where the virtual object further including a plurality of object attributes. At least one of the character attributes is then modified according to at least one of the object attributes.

Abstract: Highly secure portable storage device may include a security controller, a data transfer controller and a memory controller. The security controller self-verifies, without a host, an access code. After the verification, the security controller may retrieve a concealed encryption key and a transformation key that were previously self-generated by the security controller. The encryption keys are not generated by the host, a user, or the memory controller. The transformation key is sent to the memory controller via a side channel during a first time period. The concealed encryption key is sent to the memory controller via the side channel during a different time period. After extracting an operating encryption key, the memory controller may notify the data transfer controller to initiate an enumeration process with the host. Data transfer from and to the host is performed via interfaces different from the side channel. Other methods and implementations are also described.

Abstract: An example operation may include one or more of connecting to a blockchain configured to store transactions executed by the participating node, executing a transaction to produce a transaction trail, assigning a transaction identifier (ID) to the transaction, generating a transaction tag based on the transaction ID, and sending to the blockchain the transaction tag and the transaction trail to be entered into the blockchain.

Abstract: The present application relates to the field of Internet of Things technologies, and in particular, to a message queuing telemetry transport (MQTT) data transmission method, apparatus, and system, so as to provide a solution for simply implementing a security function of the MQTT protocol. A data obtaining relationship between an MQTT publishing device and an MQTT subscribing device is verified before MQTT data publishing, and data sending is controlled by using an SDP gateway. Therefore, security of the MQTT data publishing can be effectively ensured. Moreover, protocol modification is relatively little, and implementation is simple.

Abstract: Presented are cryptographic digital assets for retail products, methods for making/using such cryptographic digital assets, and computing systems for generating, intermingling, and exchanging blockchain-protected products. A method for provisioning cryptographic digital assets associated with retail product transfers includes broadcasting notifications of a future transaction of a retail product, and receiving, over a distributed computing network from the computing devices of multiple users, requests to participate in the transaction. A select number of users is added to a virtual line associated with the retail product transaction; from the virtual line, a first user is selected to receive the retail product and a second user is selected to receive a cryptographic digital asset containing a digital retail product and a unique digital asset code.

Abstract: A non-transitory computer readable medium stores a program causing a computer to execute a process that includes, for example, receiving an entry of information from a requesting user who has requested a clue about user information, specifying, from registered users, at least one candidate corresponding to the requesting user in accordance with the received entry of information, and controlling a display to display, on a same screen, (i) user information of the specified at least one candidate that is partially masked and (ii) a button for calling up an authentication screen. The authentication screen is a screen on which a password corresponding to the user information of the specified at least one candidate is entered.

Abstract: A non-transitory computer-readable recording medium storing a program that causes a computer to execute a process, the process includes comparing first data previously acquired from a data transmission source device and second data currently acquired from the device to specify a difference portion of the second data as compared with the first data; determining a dividing position of the second data so that the difference portion is made into a single block; dividing the second data into first blocks at the dividing position; transmitting, to the device, a first hash value for each of the first blocks and information on the dividing position; and receiving, from the device, the second block corresponding to a second hash value different from the first hash value for each of the first blocks, among second blocks obtained by dividing third data held by the device based on the information on the dividing position.

Abstract: A data processing apparatus includes: a monitoring unit that monitors a message from a sender to a user group; an extraction unit that, in a case where the message includes a link to a file, extracts one or more of authorized user groups authorized to access the file; and an update unit that, in a case where the user group that has received the message includes a user who is not authorized to access the file, updates user group information to add the user to one or more of the one or more authorized user groups extracted by the extraction unit.

Abstract: Generation of one or more models is caused based on selecting training data comprising a plurality of features including a prevalence feature for each vulnerability of a first plurality of vulnerabilities. The one or more models enable predicting whether an exploit will be developed for a vulnerability and/or whether the exploit will be used in an attack. The one or more models are applied to input data comprising the prevalence feature for each vulnerability of a second plurality of vulnerabilities. Based on the application of the one or more models to the input data, output data is received. The output data indicates a prediction of whether an exploit will be developed for each vulnerability of the second plurality. Additionally or alternatively, the output data indicates, for each vulnerability of the second plurality, a prediction of whether an exploit that has yet to be developed will be used in an attack.

Abstract: An example operation may include one or more of creating, via chaincode, a link between a non-participant system and a data field stored on a private blockchain, where the data field comprises participant data of the private blockchain, detecting a change in a value of the participant data based on a read operation from the data field stored on the private blockchain, generating a notification of the changed value of the participant data, and transmitting the notification to the non-participant system based on the link between the non-participant system and the data field.

Abstract: The invention relates generally to systems and methods for protecting patient privacy when health care information is shared between various entities and, in particular, to systems and methods that implement a multi-stage sanitizing routine for de-identifying patient data from medical reports and diagnostic images to ensure patient privacy, while preserving the ability for sanitized medical reports and diagnostic images to be re-identified.