Abstract: An example operation may include one or more of connecting, by an attester node, to a blockchain network A configured to store hashes of blocks A, coupling, by the attester node, the blockchain network A with a blockchain network B configured to store hashes of blocks B, receiving, by the attester node, a request from the blockchain network A to send a hash of a block A produced at a time t1 (AHash_1) to the blockchain network B, confirming, by the attester node, that the blockchain network A has stored a hash of a block B produced at a time t0 (BHash_0), sending, by the attester node, the AHash_1 to the blockchain network B to be stored, receiving, by the attester node, a hash of the block B produced at the time t1 (BHash_1) from the blockchain network B, confirming, by the attester node, that the blockchain network B has stored a hash of a block A produced at the time t0 (AHash_0), and providing, by the attester node, the BHash_1 to the blockchain network A to be stored, wherein the t0 is less than the t1.

Abstract: In an embodiment, a method comprises intercepting, from a server computer, a first set of instructions that define a user interface; executing, using a headless browser, the first set of instructions without presenting the user interface; rendering a second set of instructions, which when executed by a client application on a client computer, cause the client computer to present the user interface, wherein the second set of instructions are different than the first set of instructions; sending the second set of instructions to the client computer.

Abstract: The present invention relates to a system for monitoring the integrity of a component delivered to a client system by a server system and processable and/or executable on the client system, having an integration system and having a sensor, wherein the integration system integrates the sensor into the component delivered by the server system to the client system, and wherein the sensor is configured such that it is executed on the processing and/or execution of the component and recognizes modifications of the component.

Abstract: A data input method and apparatus, and user equipment are provided. The method includes: when it is determined that an operation of a user on the user equipment UE is not performed in a preset display area, deliver an event corresponding to the operation to a first operating environment for processing, where the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment. This can better improve security of an event generated when the user operates a program that runs in a Normal World of the user equipment, and can directly operate an event that runs in the Normal World.

Abstract: Disclosed herein are methods, devices, and apparatuses, including computer programs stored on computer-readable media, for processing certificates in a blockchain system. One of the methods includes: causing a smart contract to be generated in the blockchain system, wherein the smart contract includes computer-readable instructions for processing certificates; after the smart contract is generated, sending a first request for a first transaction to the blockchain system, the first transaction causing the blockchain system to execute the smart contract to generate a certificate specification based on the first request; receiving, from the blockchain system, the certificate specification; and sending, to the blockchain system, a second request for a plurality of second transactions, the plurality of second transactions causing the blockchain system to execute the smart contract to generate a plurality of certificates.

Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web application may execute in a web browser at a client computing device. The web browser may generate a document comprising a secure display element. The web browser may request to render the document at the client computing device. A cryptographic tool of the web browser may decrypt the first encrypted value to generate a first clear value. The web browser may render the document at an output device of the client computing device using the clear value. The web browser may also be programmed to prevent the web application from accessing the first clear value.

Abstract: A disclosed method of operating a representational state transfer (REST) server to respond to receiving a batch request includes: extracting a first requested item from the batch request; opening an output stream to a client network; writing a response opening of a batch response to the output stream; writing a first response item opening of the batch response to the output stream; in response to determining that a first REST service indicated by the first requested item is authorized to be invoked based on access control lists (ACLs), invoking the first REST service to stream a first response item body of the batch response to the output stream; writing a first response item closing of the batch response to the output stream; and writing a response closing of the batch response to the output stream, wherein the batch response is in valid JavaScript Object Notation (JSON).

Abstract: An example operation may include one or more of connecting, by an attester node, to a source blockchain network configured to store hashes of source blocks, collaboratively coupling, by the attester node, the source blockchain network with a target blockchain network configured to store hashes of target blocks, receiving, by the attester node, a request from the source blockchain network to store the hash of the source block on the target blockchain network, confirming, by the attester node, that the source network has a previously stored hash of the target block, in response to the confirmation that the source blockchain network has a previously stored hash of the target block, allowing, by the attester node, to store the hash of the source block on the target blockchain network, and continuing, by the attester node, a collaboration between the source blockchain network and the target blockchain network.

Abstract: A method includes retrieving a registered response obtained in a registration process, the registered response being a physically unclonable function (PUF)-based response associated with a device; retrieving a registered helper data obtained in the registration process, the registered helper data corresponding to the registered response; generating a cipher text by encrypting a message with the registered response; and sending to the device over a public channel the cipher text with the registered helper data.

Abstract: A method is provided for transmitter authentication including generating a noise vector using a generative adversarial network generator model, wherein a signature of a first transmitter is embedded into a signal output by the first transmitter based at least on the noise vector; and using the signature to identify the first transmitter.

Abstract: A method may include obtaining a list of to-be-analyzed modules of an application. The list of to-be-analyzed modules may include a first module including a statement. The method may further include generating initial results by performing an initial iteration of a static analysis that analyzes each module in the list of to-be-analyzed modules, determining, by the initial iteration, that the statement is a function call to a second module not in the list of to-be-analyzed modules, in response to the determination, assigning, by the initial iteration, an abstract value to a memory address associated with the statement, adding, to the abstract value, a tag including a name of the second module, updating, using the tag and the initial results, the list of to-be-analyzed modules, and generating next results by performing a next iteration of the static analysis that analyzes each module in the updated list of to-be-analyzed modules.

Abstract: A computer-implemented method verifies an image based authentication via one or more processors performing operations including receiving image data corresponding to a face identified by a facial recognition system, processing the received raw image data via a deep neural network trained on training data that includes images of both verified and fake faces to perform a temporal facial analysis, and generating a verification signal in response to the temporal facial analysis to indicate whether the raw image data is fake.

Abstract: A computer-implemented consolidation method is provided for identifying software vulnerability anomalies in a source code. This method includes providing a plurality of diagnostic tools; receiving the source code; selecting a subset plurality of tools; scanning the source code by the subset plurality for the anomalies to produce a diagnostic output; sorting the output by removing anomaly duplicates into a report; and saving the report into memory. Each tool among the plurality is able to detect the anomalies in software.

Abstract: In response to determining that a graphical user interface displayed on the display device of a mobile device at the time a screenshot capture request is received is being generated at least in part by an enterprise application executing within a protected workspace container in the mobile device, a secure screenshot save operation is performed. The secure screenshot save operation includes i) storing, within the mobile device, a screenshot image of the graphical user interface displayed on the display device of the mobile device at the time the screenshot capture request is received, and ii) preventing the screenshot image from being accessed by any personal application executing on the mobile device outside of the protected workspace container.

Abstract: A user authentication system includes an image capture device and a controller communicatively coupled to the image capture device. The controller receives first image data associated with user identification information and generates a first set of biometric data based on the first image data. The controller also receives second image data associated with a first user action in response to the first set of biometric data approximately matching a first set of authenticated biometric data. The controller further generates a second set of biometric data based on the second image data and receives third image data associated with a second user action. The controller also generates a third set of biometric data based on the third image data. The controller further grant access to a user account in response to the second and third sets of biometric data approximately matching second and third sets of authenticated biometric data, respectively.

Abstract: A method for checking policy compliance of events of an event stream includes receiving the events; grouping a plurality of the received events into a plurality of slices based upon a policy specification and an event classification; determining whether a policy violation has occurred by concurrently evaluating at least two of the slices according to the policy specification; and in a case in which the policy violation is determined, reporting the policy violation.

Abstract: In one example, a first enclave for use by a first counterparty to a smart contract is identified. A second enclave for use by a second counterparty to the smart contract may be identified. Secrets associated with the first counterparty to the first enclave may be caused to be securely provided. Secrets associated with the second counterparty to the second enclave may be caused to be securely provided. A cryptlet is caused to be provided to the first enclave. The cryptlet may be caused to be provided to the second enclave. A payload is received from the first enclave. A payload may be received from the second enclave. Validation may be caused to be performed for a plurality of payloads. The plurality of payloads may include the payload from the first enclave and the payload from the second enclave.

Abstract: Methods and systems for provisioning transferable access tokens are disclosed. An access device associated with a resource provider can communicate with a first communication device as part of an interaction between a first user and the resource provider. The access device can generate an authorization request message comprising a first access token and an interaction value. The access device can transmit the authorization request message to an authorization computer. The authorization computer can authorize the interaction and generate an authorization response message. After authorizing the interaction, the authorization computer can provide a transferable access token to the first communication device. The first communication device can transmit the transferable access token to a second communication device, so that a second user can use the transferable access token in an interaction.

Abstract: An apparatus includes an interface and storage circuitry. The interface is configured to communicate with a memory including multiple memory cells that store data as respective analog values. The memory is addressable using physical addresses. The storage circuitry is configured to perform a first read operation from a physical address, and determine a first sequence of analog values retrieved by the first read operation, to further perform a second read operation from the physical address, and determine a second sequence of analog values retrieved by the second read operation, to evaluate a variation between the first sequence and the second sequence, and to determine that an unauthorized re-programming to the physical address has occurred between the first read operation and the second read operation, in response to the evaluated variation exceeding a predefined variation level.

Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the cap ability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.