Abstract: According to one embodiment, a method, computer system, and computer program product for preventing intrusions on a network is provided. The present invention may include generating a sandbox environment responsive to detecting an attacker in the network, wherein the sandbox environment comprises dynamically generated data tailored to the target of the attacker; and moving the attacker to the sandbox environment.

Abstract: Mechanisms are provided for computing device attestation. An attestation request is received, from a requestor computing device, for attestation of a target computing device. The attestation request includes a computing device network address of the target computing device. A first lookup operation of the computing device network address is performed in a domain name service (DNS) server to obtain a device name for the target computing device. A second lookup operation of the device name is performed in the DNS server to obtain a text resource record corresponding to the device name. The text resource record stores attestation information for the target computing device corresponding to the device name. Attestation information is extracted from the text resource record and returned to the requestor computing device to perform attestation of the target computing device.

Abstract: A first patient intervention is identified. The first patient intervention regards a first patient record that includes one or more attributes related to a first patient. The first patient intervention is transmitted to a first program split of a secure multi-party computation. A conflict is detected in the first patient intervention and an existing medical situation regarding the first patient. The conflict is detected by the first program split of the secure multi-party computation and by a third program split of the secure multi-party computation. Based on the detected conflict, a notification is generated by the first program split. The notification is based on the detected conflict. The notification based on the detected conflict is provided to a first client.

Abstract: Methods for cellular network authentication utilizing unlinkable anonymous credentials are disclosed. In embodiments, a method includes: contacting, by a computing device, a mobile device network with a request to connect to the mobile device network; conducting, by the computing device, an interactive credential issuance protocol with an Issuer of the mobile device network to generate an unlinkable anonymous credential; and connecting, by the computing device, to the mobile device network based on a Verifier of the mobile device network verifying the computing device based on the unlinkable anonymous credential.

Abstract: According to one embodiment, a method, computer system, and computer program product for preventing intrusions on a network is provided. The present invention may include generating a sandbox environment responsive to detecting an attacker in the network, wherein the sandbox environment comprises dynamically generated data tailored to the target of the attacker; and moving the attacker to the sandbox environment.

Abstract: Technology for voting, or endorsing with votes, a set of subjects under review, such as a group of human individual peers or a set of products. Each voter in this system is provided with an amount of voting credits that may be allocated among and between at least some of the subjects under review. In some embodiments a discounting scheme is applied to the voting credit allocations so that multiple credits allocated to a single subject will typically count for fewer net “votes” for the subject as the number of credits allocated to that single subject increases. In some embodiments, the discounting scheme is polynomial voting.

Abstract: A document of written content may be obtained. The document may be a candidate for inclusion in a corpus. A first entity associated with the document may be identified. A first discrete entity associated with the first entity may be identified. The relationship associated with the first entity and the first discrete entity may be analyzed. Based on the analyzing, a likelihood that the document contains content that would be detrimental for inclusion in the corpus may be determined.

Abstract: Methods for cellular network authentication utilizing unlinkable anonymous credentials are disclosed. In embodiments, a method includes: contacting, by a computing device, a mobile device network with a request to connect to the mobile device network; conducting, by the computing device, an interactive credential issuance protocol with an Issuer of the mobile device network to generate an unlinkable anonymous credential; and connecting, by the computing device, to the mobile device network based on a Verifier of the mobile device network verifying the computing device based on the unlinkable anonymous credential.

Abstract: Embodiments are disclosed for a method for private transfer learning. The method includes generating a machine learning model comprising a training application programming interface (API) and an inferencing API. The method further includes encrypting the machine learning model using a predetermined encryption mechanism. The method additionally includes copying the encrypted machine learning model to a trusted execution environment. The method also includes executing the machine learning model in the trusted execution environment using the inferencing API.

Abstract: Methods and systems for artificially intelligent security incident and event management using an attention-based deep neural network and transfer learning are disclosed. A method includes: collecting, by a computing device, system and network activity events in bulk; forming, by the computing device, a corpus using the collected system and network activity events; correlating, by the computing device, discrete events of the system and network activity events into offenses; adding, by the computing device, additional features to the corpus representing the offenses and disposition decisions regarding the offenses; training, by the computing device, a deep neural network using the corpus; and tuning, by the computing device, the deep neural network for a monitored computing environment using transfer learning.

Abstract: A computer-implemented method, system, and/or computer program product provides security in a communication network between a user device and a computer related device, and receives payment for services offered through a distributed registry associated with the communication network. One or more processors provide a distributed registry that specifies a plurality of services available to support communications between a user device and a computer related device on a communication network. The processor(s) dynamically construct one or more multi-node transient processing pathways between the user device and the computer related device based on the services. The processor(s) present the plurality of services specified by the distributed registry to the user device, and append metadata describing a current cryptocurrency cost of the services.

Abstract: Methods for cellular network authentication utilizing unlinkable anonymous credentials are disclosed. In embodiments, a method includes: contacting, by a computing device, a mobile device network with a request to connect to the mobile device network; conducting, by the computing device, an interactive credential issuance protocol with an Issuer of the mobile device network to generate an unlinkable anonymous credential; and connecting, by the computing device, to the mobile device network based on a Verifier of the mobile device network verifying the computing device based on the unlinkable anonymous credential.

Abstract: A method, apparatus and computer program product to detect whether specific sensitive data of a client is present in a cloud computing infrastructure is implemented without requiring that data be shared with the cloud provider, or that the cloud provider provide the client access to all data in the cloud. Instead of requiring the client to share its database of sensitive information, preferably the client executes a tool that uses a cryptographic protocol, namely, Private Set Intersection (PSI), to enable the client to detect whether their sensitive information is present on the cloud. Any such information identified by the tool is then used to label a document or utterance, send an alert, and/or redact or tokenize the sensitive data.

Abstract: Training a deep neural network model using a trusted execution environment is provided. A selection of two or more encrypted files owned by different entities within a plurality of encrypted files containing sensitive datasets is made by a user of a client device. The two or more encrypted files owned by the different entities are decrypted within the trusted execution environment to form decrypted sensitive datasets owned by the different entities. The decrypted sensitive datasets owned by the different entities are combined within the trusted execution environment to form combined sensitive data owned by the different entities. The deep neural network model is generated within the trusted execution environment based on the combined sensitive data owned by the different entities. The deep neural network model is trained within the trusted execution environment using the combined sensitive data owned by the different entities.

Abstract: Aspects described herein include a computer-implemented method (and related system and computer program product) comprising receiving, from a bonding service, an authorization request for a predefined authorized use of a good or service by a user. The authorization request indicates that the user meets one or more predefined criteria for the predefined authorized use. The method further comprises determining one or more penalty conditions of a bonding agreement for the predefined authorized use by the user, and receiving, from the bonding service, a confirmation that the user agrees to meet the one or more penalty conditions of the bonding agreement. The method further comprises receiving, from an owner of the good or service, an authorization of the authorization request, and transmitting, responsive to authorization of the authorization request, a token to the bonding service that enables the user to access the predefined authorized use of the good or service.

Abstract: A service running on a server includes a method running on a server, for example as a cloud server to provide a decentralized computing solution. The solution includes an audit service, a tax service or a combination thereof. The service includes providing a distributed registry that specifies a plurality of services available to support communications between a user device and a computer related device on a communication network. The pluralities of services specified by the distributed registry are presented to the user device. A request is received from the user device for a particular service from the plurality of services. The request may be made using a zero-knowledge protocol to maintain privacy of a user of the user device. The particular service includes an additional requested service for at least one of an auditability and taxability service. The particular service is provided along with the additional requested service.

Abstract: A system includes a memory having instructions therein and at least one processor in communication with the memory. The at least one processor is configured to execute the instructions to communicate, into a user device, a deep neural network comprising a predictive audio spectral mask. The at least one processor is also configured to execute the instructions to: generate data corresponding to ambient sound via a multi-microphone device; separate amplitude data and/or phase data from the data via the deep neural network comprising the predictive audio spectral mask; and determine, via the user device and based on the amplitude data and/or phase data, a location of origin of target speech relative to the user device. The at least one processor is configured to execute the instructions to display, via the user device, the location of origin of the target speech relative to the user device.

Abstract: Technology for voting, or endorsing with votes, a set of subjects under review, such as a group of human individual peers or a set of products. Each voter in this system is provided with an amount of voting credits that may be allocated among and between at least some of the subjects under review. In some embodiments a discounting scheme is applied to the voting credit allocations so that multiple credits allocated to a single subject will typically count for fewer net “votes” for the subject as the number of credits allocated to that single subject increases. In some embodiments, the discounting scheme is polynomial voting.

Abstract: An example operation may include one or more of connecting, by a multi-party smart contract server, to a blockchain network configured to store cryptographic proofs, generating, by the multi-party smart contract server, a proposed transaction, providing, by the multi-party smart contract server, the proposed transaction to a plurality of participant nodes, receiving, by the multi-party smart contract server, responses to the proposed transaction from the participant nodes, executing, by the multi-party smart contract server, a smart contract to request from respondent participant nodes attestations of required conditions of the smart contract, receiving and verifying, by the multi-party smart contract server, the attestations from the respondent participant nodes, and executing the proposed transaction and posting a cryptographic proof of a successful execution to the blockchain, by the multi-party smart contract server, in response to a satisfaction of the required conditions of the smart contract.

Abstract: Disclosed are techniques for post-quantum encrypted trusted execution environments on edge devices. An edge computing device includes a trusted execution environment that encompasses at least some SIMD processing units such as Graphics Processing Units (GPUs). A data record, such as machine learning inferences from a machine learning or artificial intelligence model, is generated on the edge computing device within the trusted execution environment and encrypted with post-quantum encryption (such as lattice based encryption) using SIMD processing units in the trusted execution environment. Workloads received for the trusted execution environment, also encrypted with post-quantum encryption, are decrypted using the SIMD processing units in the trusted execution environment.