Abstract: Methods and systems for using ephemeral URL passwords to deter high volume attacks is described. A request to access one of several protected URLs is detected from a client computing device. A URL password is received from the client computing device. The request is redirected to the protected URL upon determining that the received URL password is valid for the one of the several of protected URLs.

Abstract: An information security system that includes a data control engine configured to receive a data file and to segment the data file into a set of data blocks that each contain a portion of data from the data file. The data control engine is further configured to associate the set of data blocks with a reference tag and to store an association between the set of data blocks and the reference tag. The data control engine is further configured to identify an access key for encrypting each data block, to encrypt each data block with a corresponding access key, and to store an association between each data block and each corresponding access key. The data control engine is further configured to store each data block in a memory and to store location information identifying the location of each data block in the memory.

Abstract: An example operation may include one or more of receiving a data block for storage on a blockchain from an orderer node, the data block comprising a full-step hash of a storage request and a reduced-step hash of the storage request, performing an approximate hash verification on the data block based on the reduced-step hash of the storage request included in the data block, and in response to a success of the approximate hash verification, committing the data block among a hash-linked chain of data blocks stored within a distributed ledger of a blockchain.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: An approach is provided that receives a set of actual hardware power consumption details and a set of software activity details with all of the details pertaining to the use of a computer system at a first time. Based on the set of software activity details, the approach determines a set of expected hardware power consumption details. The set of actual hardware power consumption details are compared to the set of expected hardware power consumption details. If the comparison identifies variances between the actual and expected data, then a security threat is flagged and threat responses are performed.

Abstract: The disclosed computer-implemented method for running applications on a multi-tenant container platform may include (1) receiving, at a host administrator service on a container host computing device and via a host administrator service socket handle, a request for a privileged operation from an application running in a non-privileged container, (2) performing, based on a user identifier of the application, a security check of a user associated with the application, (3) comparing, when the security check results in approval, a process identifier of the requested privileged operation against a whitelist of permitted operations to determine the requested privileged operation is permissible, and (4) initiating running, when the requested privileged operation is permissible, the requested privileged operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Accelerator access control whereby an application's access to an accelerator is revoked in order to allow the system to perform a system function. In one or more embodiments, when an application is executing, a credit system is utilized to provide credits for controlled access to the accelerator. When request information is received to remove access to a credit associated with the application's access to the accelerator, the credit is marked to fail with operating system interfaces. Also, in one or more embodiments, if the credit is in use for accessing the accelerator, an effective address associated with the credit is unmapped from the accelerator.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate container inspection components of a container-based virtualization environment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a container inspection control component that can define one or more constrained capabilities of a container inspection. The computer executable components can further comprise a container inspection component that can inspect a virtual container based on the one or more constrained capabilities.

Abstract: Privacy protection methods, systems, and apparatus, including computer programs encoded on computer storage media, are provided. One of the methods is performed by a second computing device and includes: receiving a data request for object data from a first computing device, wherein the object data is associated with an object and is stored in the second computing device; performing encryption of the object data using a public key associated with the object based on the data request to generate a first ciphertext; obtaining verification data based on the first ciphertext for verifying whether a ciphertext to be verified corresponds to the object data; and sending the verification data to the first computing device for the first computing device to execute a cryptography protocol with a third computing device based on the verification data.

Abstract: A method for performing authentication of a client device using a hash chain includes: receiving a first data request from a client device, the first data request including at least a user identifier and a first hash value; transmitting a first data response message to the client device; receiving a second data request from the client device, the second data request including at least the user identifier and a second hash value; generating a validating hash value by applying a hashing algorithm to the second hash value; validating the first hash value as being equal to the generated validating hash value; and transmitting a second data response message to the client device upon successful validation of the first hash value, wherein the second data response message includes one or more data values associated with the user identifier.

Abstract: A server in a blockchain distribution network includes a processor and a transceiver operatively coupled to the processor. The transceiver is configured to receive bytes of a transaction from a first peer node. The transceiver is also configured to propagate the bytes of the transaction to one or more additional peer nodes and to one or more additional servers in the blockchain distribution network. The transceiver is also configured to receive bytes of a blockchain from a second peer node. The blockchain includes information regarding a plurality of transactions, and the plurality of transactions includes the transaction. The transceiver is further configured to propagate the bytes of the blockchain to the one or more additional peer nodes and to the one or more additional servers in the blockchain distribution network.

Abstract: A system, method, and computer program product are provided for centralized consent management. In operation, the consent management system receives user selections from a user indicating which user data is capable of being utilized for analysis by a company. The consent management system stores the user selections of which user data is capable of being utilized for analysis by the company in a consent database. The consent management system generates a consent vector corresponding to the user selections of which user data is capable of being utilized for analysis by the company. Additionally, the consent management system associates the consent vector with a consent vector identification. Further, the consent management system tags incoming data with the consent vector identification to associate a user consent with the incoming data. The consent management system stores and encodes the incoming data.

Abstract: A computer-implemented method (100) and system (1) for determining a metadata M for securing a controlled digital resource such as computer software using a distributed hash table (13) and a peer-to-peer distributed ledger (14). This is a blockchain such as the Bitcoin blockchain. The method includes determining (110) a data associated with the computer software and determining (120) a first hash value based on the computer software. A second hash value based on the data and the computer software may be determined (130). The method further includes sending 140, over a communications network (5), the data, the first hash value and the second hash value to an entry for storage in a distributed hash table (13). The second hash value may be a key of a key-value pair. The data and the first hash value may be a value in the key-value pair. A metadata (M) that is based on the second hash value may be determined (150) for storage on the peer-to-peer distributed ledger (14).

Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses a cryptographic keys that are based on location data. An example method may include: determining location data of a computing device; transforming the location data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate location data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed location data; and using the cryptographic key to enable access to a protected resource.

Abstract: Techniques are described for managing authentication tokens associated with a secure account maintained by a business or organization. In one example, this disclosure describes a method that includes storing interaction information associated with an account maintained by an organization, wherein the interaction information includes information about authentication tokens used during a plurality of prior authentication procedures performed for the account, receiving, over a network, a request to authenticate a user to access the account, determining, based on the stored interaction information, an authentication token to be used to authenticate the user, wherein the authentication token is different than a prior authentication token used during the plurality of prior authentication procedures performed for the account, presenting a prompt for the authentication token; and determining, based on information received in response to the prompt, whether the user is authorized to access the account.

Abstract: Disclosed is a multi-region data center connectivity solution for seamless integration between multi-region data center users and content. The solution supports user pinning (e.g., users and their personal content can be pinned to a particular geographical location/data center); protects personal content (e.g., personal content uploaded by a user is stored in that user's pinned geographical location/data center); and enables data sharing between multi-region data center users in a manner that is seamless and transparent to end users, while respecting user privacy, complying with data sovereignty requirements, and maintaining system anonymity.

Abstract: Disclosed herein are system, method, and device embodiments for an authentication workflow incorporating blockchain technology. An embodiment operates by requesting, from a distributed authentication service, transmission of a time-based one-time password to a communication endpoint associated with an end-user, receiving a time-based one-time password submission from a user device associated with the end-user, retrieving a plurality of distributed ledger entries (e.g., a plurality of blocks of a blockchain), and validating the time-based one-time password submission based on the plurality of distributed ledger entries as a part of a two factor authentication workflow.

Abstract: Methods and systems for using ephemeral URL passwords to deter high volume attacks is described. A request to access one of several protected URLs is detected from a client computing device. A URL password is received from the client computing device. The request is redirected to the protected URL upon determining that the received URL password is valid for the one of the several of protected URLs.

Abstract: A method, apparatus and device for storing vehicular data. An embodiment of a method for storing vehicular data includes: analyzing importance of received vehicular data to determine a storage level of the vehicular data; acquiring a corresponding key and a corresponding encryption algorithm based on the storage level of the vehicular data; encrypting the vehicular data using the acquired key and the acquired encryption algorithm; and storing encrypted vehicular data in a storage area corresponding to the storage level of the vehicular data. The embodiment may improve the safety of vehicular data by encrypted storage of the data in different levels, effectively prevent important vehicular data from being illegally read or maliciously falsified, and improve the storage efficiency of the vehicular data.

Abstract: Methods aiding in proving shuffles of re-encryptions of ciphertexts and a mixnet employing such methods. A method for compacting ciphertexts includes encrypting a plaintext using an asymmetric key encryption scheme for a ciphertext, dividing the ciphertext into partial ciphertexts, encrypting each of the partial ciphertexts using the asymmetric key encryption scheme to obtain re-encrypted partial ciphertexts, creating hash exponents from a digest of a cryptographic hash function taking the partial ciphertexts, the re-encrypted partial ciphertexts and arbitrary salt values as argument of the cryptographic hash function, calculating a compacted ciphertext by multiplying all of the partial ciphertexts exponentiated by a respective one of the plurality of hash exponents, and calculating a compacted re-encrypted ciphertext by multiplying all of the re-encrypted partial ciphertexts exponentiated by a respective one of the hash exponents.