Abstract: A token management system includes a generation unit that generates a non-fungible token associated with a product identifier in a distributed ledger, a management unit that associates the non-fungible token with a first public key, and a second public key for licensing processing in the distributed ledge, and a transfer unit that performs transaction processing of changing the first public key associated with the non-fungible token on the basis of a first private key is realized.

Abstract: Certain aspects of the present disclosure provide techniques for privacy-preserving execution of a workflow in a software application. Embodiments include generally includes receiving homomorphically encrypted inputs from a client device corresponding to user-provided data needed to calculate a result for a step of a workflow in the software application. A result is calculated for the step of the workflow using the received homomorphically encrypted inputs. The calculated result is returned to the client device. The calculated result is homomorphically encrypted as a result of calculating the result using the received homomorphically encrypted inputs.

Abstract: Systems and methods for entitlement tracking and control with blockchain technology are provided. A server node may receive usage information indicating usage of a licensed component by a remote device. The server node may generate a datablock that includes the usage information and append the datablock to a blockchain. The server node may acquire, from the blockchain, a license smart contract. The license smart contract may include control logic to control access to the license component. The server node may control access to the license component by the remote device based on the usage information and the control logic.

Abstract: Various embodiments are generally directed to identity verification using autonomous vehicles. A security policy may be used to determine when identity verification using autonomous vehicles is required. The autonomous vehicle may be deployed to a location to verify the identity of the user based on one or more of images, audio data, biometric data, and wireless data connections.

Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: Embodiments for mitigating security vulnerabilities in a heterogeneous computing system are provided. Anomalous cache coherence behavior may be dynamically detected between a host and one or more accelerators using a cache controller at a shared last level cache based upon a pair-based coherence messages functioning as a proxy for indicating one or more security attack protocols.

Abstract: Various embodiments relate to a method performed by a processor of a computing system. An example method includes determining a first cryptographic algorithm utilized in a first block of a first blockchain. The first block of the first blockchain has a first unique block identifier. A second cryptographic algorithm utilized in a second block of the first blockchain is determined. The second block of the first blockchain having a second unique block identifier. A first cryptographic algorithm status transition (“CAST”) event is defined if the second cryptographic algorithm is different than the first cryptographic algorithm. A first CAST record is defined upon occurrence of the first CAST event. The first CAST record includes the second cryptographic algorithm and the second unique block identifier. The first CAST record is digitally signed and stored on a second blockchain. The second blockchain may be referenced out-of-band of the first blockchain.

Abstract: A system and method for cryptographic verification of entity/vehicle authenticity, comprising generating a Vehicle Identification Number (VIN)—Key for an individual platform/vehicle; applying the VIN—Key to components of the platform/vehicle; receiving input for the platform/vehicle; validating the authenticity of the input and/or the platform/vehicle; performing the operation of the input if it was validated; terminating the operation if it was not validated; logging the operation; and decommissioning the platform/vehicle at the end of life.

Abstract: Granting guest devices access to a network using out-of-band authorization including receiving, over an out-of-band network, a password for an in-band network from a guest device, wherein the password is generated on the guest device; storing the password received over the out-of-band network as an authorized password for the in-band network; receiving, from the guest device using an in-band protocol, a request to join the in-band network, wherein the request to join the in-band network comprises the password previously received from the guest device over the out-of-band network; and granting the guest device access to the in-band network based on a determination that the password received in the request to join the in-band network matches the password previously received from the guest device over the out-of-band network.

Abstract: Embodiment create and validate a digital record that represents an asset. Embodiments obtain a first private key and a first public key that corresponds to a creator of the digital record and generates one or more parameters for the digital record, where a first parameter of the parameters is related to transactions of the digital record. Embodiments generate one or more rules for the digital record, where a first rule of the rules corresponds to the first parameter and constrains the transactions. Using the first private key, embodiments compute a first digital signature of all of the first public key, the parameters and the rules and creates a first digital record comprising the first public key, the parameters, the rules and the first digital signature.

Abstract: In various embodiments, a method for performing a lattice-based cryptographic operation is provided. The method includes obtaining a noise polynomial, a secret polynomial and a public polynomial, disguising at least one of the noise polynomial, the secret polynomial and the public polynomial by means of multiplying it with a random blinding polynomial, calculating the sum of the noise polynomial with the product of the public polynomial and the secret polynomial based on the disguised at least one polynomial, and determining a result of the lattice-based cryptographic operation based on the calculated sum of the noise polynomial with the product of the public polynomial and the secret polynomial.

Abstract: A system and method use a physical unclonable function in a PUF circuit on an integrated circuit to generate a security key, and stabilize the security key by storage in a set of nonvolatile memory cells. The stabilized security key is moved from the set of nonvolatile memory cells to a cache memory, and utilized as stored in the cache memory in a security protocol. Also, data transfer from the PUF circuit to the set of nonvolatile memory cells can be disabled after using the PUF circuit to produce the security key, at a safe time, such as after the security key has been moved from the set of nonvolatile memory cells to the cache memory.

Abstract: A computer includes a memory and a processor programmed to execute instructions stored in the memory. The instructions include filtering dependency code from a binary file to separate the dependency code from custom code in the binary file. The instructions further include evaluating the custom code in the binary file for a security risk.

Abstract: Embodiments include methods and systems for detecting security risks in network pages, comprising providing at least one secure transaction page to a secure transaction provider, the secure transaction page enabling the secure transaction provider to request secure transactions, determining a request rate for the secure transaction page associated with the secure transaction provider, determining a predetermined threshold for a change in request rate for the secure transaction page by the secure transaction provider, determining that the predetermined threshold, for the change in request rate for the secure transaction page by the secure transaction provider, has been exceeded, and providing a notification to the secure transaction provider based on the determination that the predetermined threshold, for the change in request rate for the secure transaction page by the secure transaction provider, has been exceeded.

Abstract: A method for managing engagement and presentation content of an electronic document involves providing container metadata identifying engagement containers within the electronic document, providing engagement data linked to the engagement containers, the engagement data comprising parameters of an engagement based on the segments of content in the linked engagement containers, executing a procedure to traverse engagement containers identified in the container metadata. The procedure includes accepting, based on user input, data responsive to the engagement, and assigning a score for the current engagement container based on the received data and the parameters defined in the engagement metadata.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to detect attacks in V2X networks. An example apparatus includes a challenge handler to (a) transmit a first challenge packet to a first vehicle to request a transmission of a first response, (b) instruct a second challenge packet to be transmitted to a second vehicle to request a transmission of a second response, (c) increment a first counter when the first response is not obtained, (d) increment a second counter when the second response is not obtained, and (e) after repeating (a)-(d), determine that the first and second vehicles are phantom vehicles associated with an attacker with a half-duplex radio when at least one of the first or second counters satisfy a threshold, and a network interface to instruct a third vehicle associated with the V2X network to ignore future messages from the phantom vehicles based on the determination.

Abstract: Disclosed herein is a virtual assistant system having a biometric authentication device coupled to an electronic voice-based virtual assistant device. The biometric authentication device is configured to authenticate a user based on biometric data of the user to allow the user access to features of the electronic voice-based virtual assistant device.

Abstract: It is known in the art to route client traffic to a network security gateway using the domain name system, or DNS. More specifically, a local DNS resolver on a private network may apply security intelligence to client DNS lookup requests, based on the domains that clients are seeking to resolve. If a requested domain represents a known security threat, the client can be blocked or directed to the network security gateway instead of to the desired host. This routing of the client request to the network security gateway can be accomplished by giving the client the IP address of the network security gateway instead of the actual IP address corresponding to the domain name, in response to a given DNS name query from the client. Request routing can be accomplished using other techniques, such as IP layer routing, as well.

Abstract: Methods, systems and computer programs are presented for classifying malware using audio signal processing. One method includes an operation for converting a non-audio data file to an audio signal. Audio features are extracted from the audio signal and are used to classify the non-audio data file.