Abstract: Technologies are shown for HGM based control for smart contract execution. HGM control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The HGM control rules are applied to HGMs collected from the call stack to allow or prohibit specific HGMs observed in functions or function call chains. HGM control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the HGM control rules, then the function call can be blocked from executing or completing execution. The HGM control rules can be generated by executing known sets of acceptable or vulnerable smart contracts and collecting the resulting HGMs.

Abstract: A server of a distributed cloud computing network receives, over a tunnel established between a customer-premises equipment and the compute server, traffic from an Internet-of-Things (IoT) device that is connected to the CPE. The server enforces an egress traffic policy to determine whether the traffic is permitted to be transmitted to the destination. If the traffic is not permitted to be transmitted to the destination, the server drops the traffic. If the traffic is permitted to be transmitted to the destination, the server transmits the traffic to the destination.

Abstract: Technologies are shown for HGM based control for smart contract execution. HGM control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The HGM control rules are applied to HGMs collected from the call stack to allow or prohibit specific HGMs observed in functions or function call chains. HGM control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the HGM control rules, then the function call can be blocked from executing or completing execution. The HGM control rules can be generated by executing known sets of acceptable or vulnerable smart contracts and collecting the resulting HGMs.

Abstract: Disclosed is technology for storing original work data on a derivative work data blockchain along with code for verifying that derivative work data is derivative of the original work data. The technology involves receiving derivative work data from a submitting entity along with proof data showing that the derivative work is derivative of the original work. If the derivative work data is verified as derivative, then the derivative work data is appended to the derivative work data blockchain.

Abstract: Technologies are shown for system level function based access control for smart contract execution on a blockchain. Access control rules control function calls at a system level by utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for execution of a smart contract. The access control rules are applied to the function call stack to allow or prohibit specific functions or function call chains. Access control rules can also define allowed or prohibited parameter data in the function call chain. If the function call chain or parameters do not meet the requirements defined in the access control rules, then the function call can be blocked from executing or completing execution. The access control rules can produce sophisticated access control policies based on complex function call chains.

Abstract: Disclosed is technology for storing original work data on a derivative work data blockchain along with code for verifying that derivative work data is derivative of the original work data. The technology involves receiving derivative work data from a submitting entity along with proof data showing that the derivative work is derivative of the original work. If the derivative work data is verified as derivative, then the derivative work data is appended to the derivative work data blockchain.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: Technologies are shown for system level function based access control for smart contract execution on a blockchain. Access control rules control function calls at a system level by utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for execution of a smart contract. The access control rules are applied to the function call stack to allow or prohibit specific functions or function call chains. Access control rules can also define allowed or prohibited parameter data in the function call chain. If the function call chain or parameters do not meet the requirements defined in the access control rules, then the function call can be blocked from executing or completing execution. The access control rules can produce sophisticated access control policies based on complex function call chains.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: Technologies are shown for storing sub-component state data for a resource on a blockchain involving generating a resource data block that corresponds to a resource that includes links that correspond to sub-components of the resource, generating a first sub-component state data block for a sub-component of the resource on a blockchain that includes first state data for the first sub-component, and setting the link for the sub-component to reference the first sub-component state data block. Subsequently, a second sub-component state data block can be generated for the sub-component with second state data and the second sub-component state data block linked to the first sub-component state data block.

Abstract: Techniques are shown for key management using a traceable key block-chain ledger involving creating a cryptographic key at a key source, generating a key block on a block-chain ledger corresponding to the cryptographic key, and securely modifying the key block to include metadata describing the key source. The techniques also involve performing a first key transaction with the cryptographic key, generating a first transaction block on the block-chain ledger corresponding to the first key transaction with the cryptographic key, linking the first transaction block to the key block and securely modifying the first transaction block to include metadata describing the first key transaction with the cryptographic key.

Abstract: Technologies are shown for storing component state data for a resource on a blockchain involving generating a resource data block that corresponds to a resource that includes links that correspond to components of the resource, generating a first component state data block for a component of the resource on a blockchain that includes first state data for the first component, and setting the link for the component to reference the first component state data block. Subsequently, a second component state data block can be generated for the component with second state data and the second component state data block linked to the first component state data block.

Abstract: Systems and methods for managing keys in a computer memory are described. In some embodiments, location addresses are determined for two key elements. A periodic time interval that is based on a time duration for performing a transaction involving a distance between the key elements is determined. One key element may be stored at a location address and then relocated to another location address after the periodic time interval has passed. In some embodiments, areas the computer memory may remain static during relocation of the key element.

Abstract: Techniques are shown for key tracing using a traceable key block-chain ledger involving, in response to detection of an attack on a resource protected by a cryptographic key, retrieving a key block-chain ledger corresponding to the cryptographic key having one or more transaction blocks. Each transaction block corresponds to a key transaction with the cryptographic key and includes metadata describing the key transaction with the cryptographic key. Metadata from the transaction blocks in the key block-chain ledger is used to trace the key transactions of the cryptographic key to a point of attack. A transaction block corresponding to the point of attack is determined and an alert is generated indicating the point of attack with metadata from the transaction block corresponding to the point of attack.

Abstract: Methods, systems, and media for improving computer security and performance of security are disclosed. In one example, a computer security system comprises a key management monitor, and two key elements comprising a first key element and a second key element. The first key element is stored at a first location address within a computer memory and the second key element is stored at a second location address. The key management monitor is configured to determine or receive a time duration for performing a data dump of contents of the computer memory. In one example, the key management monitor is further configured to control a location of the first key element within the computer memory, wherein the location address of the first key element is changed within a time period that is less than the time duration for performing the data dump of contents of the computer memory.

Abstract: Technologies are shown for selecting a provider to service a client service request using a predictive metrics based consensus protocol to select a provider and create a service request transaction block to service the client service request. A client service request is received and forwarded to a set of providers. Proposed transactions are received from the providers and scored based on a predictive metric. A proposal transaction is selected based on the scoring and the selected transaction is written as a block on a service transaction blockchain. The provider for the selected transaction detects the block on the blockchain and performs the requested service. The client detects the block on the blockchain and transfers payment to the provider. Selection can be based on predictive metrics in the providers or macro metrics determined in miner nodes in combination with provider reputation, currency, load sharing, fairness, provisioning, and static and dynamic criteria.

Abstract: Technologies are shown for authenticating service requests on a communication link established using a digital certificate owned by an entity, where permissions data is associated with the digital certificate. A service request is received from the entity through the communication link. Responsive to the service request, the permissions data associated with the digital certificate is obtained and the service request checked against the permissions data associated with the digital certificate. If the service request is permitted based on the permissions data, the service request is processed. If the service request is not permitted based on the permissions data, the service request is rejected. The permissions data can be stored on a blockchain with a blockchain address in the certificate, in a certificate authority for the certificate, or locally on a server receiving the service request.

Abstract: Delivery routing for an item is dynamically changed based on environmental conditions the item experiences during transport. The item may be associated with thresholds describing environmental conditions which must be maintained to avoid damage to the item. If sensors associated with the item detect deviation from the set thresholds during transport, instructions to reroute the item may be dynamically generated and provided to a vehicle or shipping agent responsible for transporting the item. Options for rerouting the item include returning it to the sender, disposing of it in a nearby disposal facility, sending to an inspection facility, or sending it on to the original destination location. The environmental thresholds associated with an item, records of conditions measured by sensors during transport, and alternative delivery locations may be stored in a distributed ledger such as a blockchain. Entities associated with the shipment may have access to the distributed ledger.

Abstract: Techniques are shown for key tracing using a traceable key block-chain ledger involving, in response to detection of an attack on a resource protected by a cryptographic key, retrieving a key block-chain ledger corresponding to the cryptographic key having one or more transaction blocks. Each transaction block corresponds to a key transaction with the cryptographic key and includes metadata describing the key transaction with the cryptographic key. Metadata from the transaction blocks in the key block-chain ledger is used to trace the key transactions of the cryptographic key to a point of attack. A transaction block corresponding to the point of attack is determined and an alert is generated indicating the point of attack with metadata from the transaction block corresponding to the point of attack.

Abstract: Techniques are shown for key management using a traceable key block-chain ledger involving creating a cryptographic key at a key source, generating a genesis block for a key block-chain ledger corresponding to the cryptographic key, and securely modifying the genesis block to include metadata describing the key source. The techniques also involve performing a first key transaction with the cryptographic key, generating a first transaction block corresponding to the first key transaction with the cryptographic key and adding the first transaction block to the key block-chain ledger, and securely modifying the first transaction block to include metadata describing the first key transaction with the cryptographic key.