Abstract: Methods, system, and apparatus, including computer programs encoded on computer storage media for data processing are provided. One of the methods includes: establishing a logic contract of a blockchain and one or more data contracts corresponding to the logic contract; deploying the logic contract and the one or more data contracts in the blockchain; storing data of a target block in the blockchain into the one or more data contracts; computing a hash value of each of the one or more data contracts; and determining a hash value of the target block in the blockchain based on the hash value of each of the one or more data contracts.

Abstract: A method, an apparatus, a system and a computing system for policy deployment of a trusted server are provided. The method includes sending a metric policy of at least one metric object and a verification policy of at least one verification object in a process of policy deployment of a trusted server to a service center; the trusted server receiving reminder information returned by the service center, wherein the reminder information is used for representing a reminder to the trusted server to redeploy a metric algorithm and a verification algorithm that are consistent if a metric algorithm of a metric object is detected to be inconsistent with a verification algorithm of a corresponding verification object. The present disclosure solves the technical problems of poor independence and flexibility due to the use of a same metric algorithm for all metric objects by existing trusted server policy management solutions.

Abstract: The disclosure describes methods and systems for a storage device that includes one or more memory devices, where the memory devices store a second challenge question and a first response key. The system also includes an interface and a storage controller coupled to the interface and coupled to the memory devices. The storage controller generates an enable signal for enabling access to the memory devices. The system also includes a security module coupled to the storage controller and configured to send and receive challenge requests and challenge responses, where the security module includes a first challenge question and a second response key corresponding to each of the memory devices.

Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data. The user migrates trust to another device by providing the root certificate and intermediate certificate as a certificate chain to a second device, which then adds a new intermediate certificate to create a longer certificate chain with the same root certificate. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate from the second user device, and matches that with the user identification data stored in a database.

Abstract: A system comprises a first computer interface that includes a first plurality of single bit bus lines that communicate with a computer accessory; and a second computer interface that includes a second plurality of single bit bus lines that communicate with a vehicle computer. The second plurality of single bit bus lines are less than the first plurality of single bit bus lines for preventing bits of the data bits that are on a most significant bit (MSB) bus of the first plurality of single bit bus lines from communicating with a region of an address space in a memory of the on-board vehicle computer.

Abstract: Techniques are provided for software license optimization using machine learning-based user clustering. One method comprises obtaining key performance indicators indicating individual usage by a plurality of users of a software product; applying at least one function to the key performance indicators to obtain a plurality of time dependent features; processing the time dependent features using a machine learning model to cluster the users into a plurality of persona clusters; and determining a number of each available license type for the software product for the plurality of users based on the persona clusters. The key performance indicators comprise, for example, user behavioral data with respect to usage of the software product and/or performance data with respect to usage of the software product. One or more policies can be determined for managing an allocation of the available license types for the software product to the plurality of users.

Abstract: The invention relates to methods and devices for enabling authentication of a user based on biometric data. In an aspect of the invention a method performed by a trusted network node is provided for enabling authentication of a user of a second client device based on biometric data captured by a first client device.

Abstract: Systems and methods involve an input layer function of a function-as-a-service (FaaS) pipeline that receives trigger data from a trigger layer function of one or more processors of enterprise processing systems, calls one or more processors of an enrich layer function of the FaaS pipeline that adds enriching context to the trigger data, and creates an event based at least in part on the enriched trigger data. A route layer function of the FaaS pipeline invoked by the input layer function creates an action based on the event created by the input layer function. An action layer function of the FaaS pipeline invoked by the route layer function creates a command based on the action created by the route layer function, and the action layer function sends a remediation action to a command layer function of the enterprise processor based on the action created by the route layer function.

Abstract: A transaction method includes: receiving, by a secure function module of a transaction terminal, a first transaction message sent by a transaction application module, where the first transaction message includes a first identifier and/or a secure transaction data requirement parameter; obtaining, by the secure function module, secure transaction data according to the first transaction message, or the first transaction message and a second identifier, where the second identifier is used to uniquely identify the secure function module; sending, by the secure function module, the secure transaction data to the transaction application module; and sending, by the transaction application module, a second transaction message to an acquiring terminal, where the second transaction message includes the secure transaction data, the first identifier, and a third identifier, and the third identifier is used to identify the transaction terminal.

Abstract: According to an example aspect, there is provided an apparatus configured to participate in establishment of a secured protocol connection, receive over a first interface a certificate in connection with the establishment of the secured protocol connection, receive, in connection with the establishment of the secured protocol connection, over a second interface, information concerning the certificate, and compare the certificate to the information concerning the certificate.

Abstract: A technical solution for providing data associated with a predetermined, finite lifetime for access via a distributed ledger is provided. A member computing entity receives a submission provided by a supplying member computing entity associated with a supplying member of a distributed ledger; generates a token and attributing the token to a member account corresponding to the supplying member; attributes a value to the token; and makes the submitted instance of data available for access via the distributed ledger. The submission comprises a submitted instance of data. The submitted instance of data (a) is configured to be provided to a consuming member computing entity via the distributed ledger and (b) is associated with a predetermined lifetime. The value of the token changes with time based on (a) a remaining lifetime of the submitted instance of data, (b) a depreciation policy/protocol corresponding to the distributed ledger, or (c) both.

Abstract: An electronic device protecting privacy of a user is provided. The electronic device includes a transceiver configured to transmit and receive wireless communication signals of Wi-Fi networks, and at least one processor configured to detect occurring of an event for identifying a location of the electronic device, determine whether to use the Wi-Fi networks for identifying the location of the electronic device, control the transceiver to perform an active scan, when the Wi-Fi networks is used to identify the location of the electronic device, and control the transceiver to transmit one or more probe request frames including a virtual media access control (MAC) address to an access point of the Wi-Fi networks for identifying the location of the electronic device, when the transceiver to be performed in the active scan.

Abstract: A method for facilitating the broadcast of encrypted data includes: storing a content encryption key and a server private key of a first cryptographic key pair; storing a recipient profile, the profile being related to a recipient computing device including a recipient public key of a second cryptographic key pair; receiving a broadcast request from a broadcast computing device including an broadcast message encrypted using the content encryption key; identifying a unique identifier; transmitting a data message including the encrypted broadcast message and the unique identifier; receiving a key request from the recipient computing device including the unique identifier; verifying that the unique identifier included in the key request is equivalent to the identified unique identifier; encrypting the content encryption key using the recipient public key; and transmitting the encrypted content encryption key to the recipient computing device.

Abstract: A host machine operated for a specific purpose can have restricted access to other components in a multi-tenant environment in order to provide for the security of the host machine. The access restriction can prevent the host machine from obtaining updates to critical system-level configurations, but such information can be obtained through a signed command received to an API for the host machine. The command can be signed by a quorum of operators, and the host machine can be configured to verify the signatures and the quorum before processing the command. The host machine can store the updates to ephemeral storage as well as persistent storage, such that upon a reboot or power cycle the host machine can operate with current configuration data.

Abstract: Systems and methods for protecting and deduplicating streams of data in a cloud based platform. A platform is configured with multiple services and can communicate with multiple clients. The platform receives all requests at an endpoint and distributes the requests to workers using multiple queues. The platform may be stateless and is scalable. The meta-data is handled separately from the data in one example.

Abstract: According to one embodiment, a malware detection and visualization system includes one or more processors; and a storage module communicatively coupled to the one or more processors, the storage module comprises logic, upon execution by the one or more processors, that accesses a first set of information that comprises (i) information directed to a plurality of observed events and (ii) information directed to one or more relationships that identify an association between different observed events of the plurality of observed events; and generates a reference model based on the first set of information, the reference model comprises at least a first event of the plurality of observed events, a second event of the plurality of observed events, and a first relationship that identifies that the second event is based on the first event, wherein at least one of (i) the plurality of observed events or (ii) the one or more relationships constitutes an anomalous behavior is provided.

Abstract: A method for flow-based authorization includes receiving, at an electronic device, an input from an input agent and passing the input through a path of components to determine one or more action agents. Further, the method includes determining a flow for the input, wherein the flow comprises a representation of all possible paths between the input agent and the one or more action agents and providing a common language permission statement based on the flow.

Abstract: The present application provides example website login methods and apparatuses. One example method includes identifying a website jump trigger indication to jump from a first website to a second website. A first token is then obtained from a cookie store of the web browser, the first token associated with a website identifier of the second website and a device fingerprint indicating a running environment at a time when the password-free proxy login was previously set. In response to determining that a current running environment corresponds to the device fingerprint, a second token corresponding to the first token is obtained, wherein the second token comprises an access token indicating that the second website grants password-free login permissions. A password-free login request is sent to the second website including the second token. In response to the second website verifying the second token, the second website is logged into without a password.

Abstract: FIDO authentication is augmented to include a behavioral score indicating that during a secure network session between a host and client device, the client device is being operated by a user with expected behavioral actions. The authenticated network session is maintained, stepped-up, or ended based on either or a combination of a positive response to a FIDO challenge and threshold of match between a current behavioral profile and a stored behavioral profile for the user.

Abstract: A machine instruction is provided that includes an opcode field to provide an opcode, the opcode to identify a perform pseudorandom number operation, and a register field to be used to identify a register, the register to specify a location in memory of a first operand to be used. The machine instruction is executed, and execution includes for each block of memory of one or more blocks of memory of the first operand, generating a hash value using a 512 bit secure hash technique and at least one seed value of a parameter block of the machine instruction; and storing at least a portion of the generated hash value in a corresponding block of memory of the first operand, the generated hash value being at least a portion of a pseudorandom number.