Abstract: Storage devices and systems implementing blockchain networks based on proof of space (PoS) are described. A PoS module may be configured to perform PoS processing of PoS data transferred through an interface circuit to generate operation data. A security module may be configured to perform encryption of user data (to generate first encrypted data) and encryption of the operation data (to generate second encrypted data) using different encryption algorithms. A nonvolatile memory device may then store the first encrypted data and the second encrypted data in different namespaces (e.g., user data may be stored in a user namespace and PoS data may be stored in a PoS namespace). Accordingly, interference and/or malicious effect between the user data and the PoS data may be reduced (e.g., blocked) and stability of the PoS algorithm may be enhanced.

Abstract: A computer-implemented method of generating a security language query from a user input query includes receiving, at a computer system, an input security hunting user query indicating a user intention; selecting, using a trained machine learning model and based on the input security hunting query, an example user security hunting query and corresponding example security language query; generating, using the trained machine learning model, query metadata from the input security hunting query; generating a prompt, the prompt comprising: the input security hunting user query; the selected example user security hunting query and the corresponding example security language query; and the generated query metadata; inputting the prompt to a large language model; receiving a security language query from the large language model corresponding to the input security hunting query reflective of the user intention.

Abstract: A method for managing a digital identity system includes generating a user digital identity for a user, generating an asset digital identity for an asset, generating a user public key and a user private key after the user digital identity is generated, generating descriptive data related to the asset, generating a data public key and a data private key after the descriptive data is generated, encrypting the data with the data public key to generate encrypted data, saving the data private key on a user end, uploading the encrypted data to a cloud database, a platform reading the encrypted data from the cloud database, a data requester querying and requesting for data, forwarding a data request to a data owner in an qualified data owner set and granting a data access to the data request if the data owner accepts the data request.

Abstract: An apparatus for verifying validity of transactions and/or blocks includes: a processor, a memory, and a communication device, wherein the processor executes a program stored in the memory to perform: verifying validity of a predetermined number of transactions and/or blocks among a plurality of transactions and/or blocks received from at least one peer in a blockchain system; and determining an increase or a decrease of the predetermined number according to a verification result of the predetermined number of transactions and/or blocks is provided.

Abstract: A method of managing distribution of a document and access to its contents with security in a network having nodes is described. The nodes may have digital processors for remote communication over a wide area network and local data stores. The exemplary method includes a node sending a document in encrypted format and including a payload, and control data including destination data, access control data, and signature data, and a document destination list. The sending node may only send the document to nodes on the destination list. A node may receive the document, decrypt at least some of the document, and process the document according to the control data by extracting the control data and managing document payload access and document storage and user access according to the control data.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: Techniques of service to service authentication in distributed computing systems are disclosed herein. One example technique includes identifying a token type of a security token and an authentication scheme indicated in an access request for authenticating the access request. The example technique also includes using a combination of the identified token type of the security token and the authentication scheme indicated in the access request as a key to locate an authentication pattern in a mapping table and identifying an authentication policy corresponding to the authentication pattern. The example technique can then include applying the identified authentication policy to the received data package to authenticate the access request based on the security token and conditionally providing the client service access to the platform service.

Abstract: A system for generating an identity-based Non-Fungible Token (NFT) that uses, as a least a portion of the input file, a verified identity of the user. Once generated, the identity-based NFT is stored within a distributed trust computing network, which provides for verifying the authenticity and unalerted state of the NFT. Subsequently, the identity-based NFT can be accessed via the distributed trust computing network to verify the identity of the user. Additionally, the NFT may use other verified data as a portion of the input file, such as verified identity of users having a familial relationship with the user, verified life events, and/or verified user preferences. Further, the NFT may include one or more markers that identify a familial relationship and are configured to link the NFT to other NFTs associated with the related users.

Abstract: A first computer, in data registration processing: determines a type of biometric information for encryption with which the data is to be encrypted; acquires the determined type of biometric information for encryption from a user of the first computer; generates, from each piece of the acquired biometric information for encryption, a public key based on a predetermined algorithm; transmits the public key to a second computer; and transmits the data encrypted with the public key to the third computer, the first computer, in data presentation processing: acquires the encrypted data from a third computer; acquires the determined type of biometric information for decryption from the user of the first computer; generates, from each piece of the acquired biometric information for decryption, a private key based on the predetermined algorithm; decrypts the encrypted data with use of the private key; and presents each piece of the decrypted registered data.

Abstract: A machine learning model is scanned to detect actual or potential threats. The threats can be detected before execution of the machine learning model or during an isolated execution environment. The threat detection may include performing a machine learning file format check, vulnerability check, tamper check, and stenography check. The machine learning model may also be monitored in an isolated environment during an execution or runtime session. After performing a scan, the system can generate a signature based on actual, potential, or absence of detected threats.

Abstract: System and method for detecting and curing a hollowing attack is disclosed herein. The method comprises monitoring real-time process memory parameters of a target process; retrieving real-time process memory parameters of the target process; comparing the real-time process memory parameters of the target process with reference process parameters of the target process stored in a system storage of the computing system and parameters of the process creation call-back notification; detecting a hollowing attack based on the comparison in previous step; in response to detecting the hollowing attack, determining a threat source file of malicious code; determining address space of the hollowed process on the computing system based on system log data; and curing the computing system by blocking execution of the threat source file and deleting threat resources associated therewith from the computing system.

Abstract: Techniques are disclosed relating to automating authentication decisions for a multi-factor authentication scheme based on computer learning. In disclosed embodiments, a mobile device receives a first request corresponding to a factor in a first multi-factor authentication procedure. Based on user input approving or denying the first request, the mobile device sends a response to the first request and stores values of multiple parameters associated with the first request. The mobile device receives a second request corresponding to a factor in a second multi-factor authentication procedure where the second request is for authentication for a different account than the first request. The mobile device automatically generates an approval response to the second request based on performing a computer learning process on inputs that include values of multiple parameters for the second request and the stored values of the multiple parameters associated with the first request.

Abstract: Systems and methods for validating transfers between cryptographic addresses is disclosed. The systems and methods can include receiving instructions to transfer a first plurality of tokens from a first cryptographic address to a second cryptographic address. The transfer can be validated with a portion of the distributed validation processors. The method can include transferring a first plurality of tokens to the second cryptographic address. The method can include transferring a second plurality of tokens to a first distributed validation processor of the plurality of distributed validation processors. After a predetermined period of time and/or subsequent validations by the first distributed validation processors, the method can include transferring an amount greater than the second plurality of tokens to the first cryptographic address.

Abstract: An authentication correlation (AC) computing device is provided. The AC computing device includes a processor and a memory. The AC computing device receives a first authentication request from a requesting computer device including an account identifier, a first timestamp, and at least one authentication factor, and determines a first security level of the first authentication request. The AC computing device stores the first security level and the first timestamp. The AC computing device is also configured to receive a second authentication request including the account identifier and a second timestamp, determine that the second authentication satisfies an authentication rule based on the account identifier, the second timestamp, and the stored authentication data wherein the rule defines a timeframe and an authentication threshold, and generate an authentication response based on the determination and the authentication rule wherein the authentication response includes an approval indicator.

Abstract: A method of protecting data applied in a computer device is provided. A designated file is encrypted by using a symmetric key to obtain an encrypted file. The symmetric key is encrypted by using a first public key of a first pair of keys and a first ciphertext is obtained. Information related to the designated file is obtained, and the related information of the designated file is uploaded to a blockchain. When decrypting the encrypted file, the related information of the designated file is downloaded from the blockchain to obtain the related information of the designated file. The symmetric key is obtained by decrypting a first ciphertext of the related information by using a first private key of the first pair of keys, and a decrypted file is obtained by decrypting the encrypted file by using the symmetric key.

Abstract: A computer-implemented method (100) and system (1) for determining a metadata M for securing a controlled digital resource such as computer software using a distributed hash table (13) and a peer-to-peer distributed ledger (14). This is a blockchain such as the Bitcoin blockchain. The method includes determining (110) a data associated with the computer software and determining (120) a first hash value based on the computer software. A second hash value based on the data and the computer software may be determined (130). The method further includes sending 140, over a communications network (5), the data, the first hash value and the second hash value to an entry for storage in a distributed hash table (13). The second hash value may be a key of a key-value pair. The data and the first hash value may be a value in the key-value pair. A metadata (M) that is based on the second hash value may be determined (150) for storage on the peer-to-peer distributed ledger (14).

Abstract: In some examples, a first computing device associated with a first site may receive a certificate of a second computing device associated with a second site that is different from the first site. The first computing device may send, to the second computing device, a credential of a user associated with the second site. In addition, the first computing device may send to the second computing device, a certificate of the first computing device. Furthermore, based at least on authentication of the credential of the user by the second computing device, trusted communications may be established between the first computing device and the second computing device.

Abstract: A security guarantee method and apparatus for a full life cycle of a packet are disclosed. The method includes: in response to a data packet generated at a communication source, performing by a distributed network node, authenticity verification on a source address and an identity of the data packet; in a network forwarding process of the data packet, performing by the distributed network node, collaborative sampling on the data packet and performing credibility verification on related routing behaviors; in response to the data packet reaching a destination end, verifying by the destination end, the legality of the data packet.

Abstract: Disclosed are an authentication information processing method and apparatus and a user terminal including an authentication information processing method and apparatus. The authentication information processing method performed by the disclosed authentication information processing apparatus comprises the steps of: obtaining biometric information of a user; obtaining a unique key corresponding to the authentication information processing apparatus; and generating an authentication key by using at least a part of the biometric information and at least a part of the unique key.

Abstract: A cryptographic method including: generating by a first device having a datum x an RSA module N; computing by the first device a number C=gbaxh1, g being an element of sub-group G of order bd, h1 being an element of sub-group H of order f, and a, b, d, f being integers, b and f being mutually prime, and x and y being less than d/a; sending C to a second device having datum y; computing by the second device D=Cu·bd?ay(gh3)vh2, u and v being random numbers and h2 and h3 being elements of H, and a first fingerprint (gh3)v; sending to the first device, D and the first fingerprint; computing by the first device (Df)f?, f?=1/f; obtaining based on (Df)f? a second fingerprint; and determining whether x is greater than or equal to y or x is less than y by comparing the first and the second fingerprints.