Abstract: Quantum computers pose significant threat to modern day cryptography. To mitigate this risk, migration of enterprise applications to a quantum safe state is needed. Crypto inventory, an automatic process to discover all crypto application programming interfaces usage in an enterprise application, is a first problem to be addressed in the migration journey. Embodiments of the present disclosure provide a method and system for a dynamic generation of rules. An input program statement includes an unseen crypto application programming interface (API) is received which represents a method invocation. The invoked method is mapped by the input program statement with a rules database to infer and generate new rules for an unseen crypto application programming interface (API) belonging to (a) a same library by a weighted distance approach, (b) a library implementing known contracts by a graph traversal approach, and (c) a library implementing unknown contracts by a pattern matching approach respectively.

Abstract: Even though serverless computing has advantages like lower cost, simplified scalability, simplified backend code and quicker turnaround, they have also given rise to a new form of cyber-attacks. Most of the conventional approaches are reactive based where steps are taken to control the aftereffects of an attack and preventive mechanism is of less focus. The present honeypot based approach for serverless cloud architecture, honeypots capture unauthorized users in order to provide security of the overall system. The honeypots redirect the attackers to a set of dummy nodes that form a random loop. Using a controlled time based loop, the attacker could be trapped for a maximum amount of time, thus penalizing the attacker by a negative award. It would result in exhaustion of resources and bandwidth of attacker. The present disclosure is also applicable to multi-cloud or hybrid cloud setup.

Abstract: This disclosure relates to field of cryptography and digital signatures. The constant theft of cryptocurrencies is due to compromise of the secret signing key inherently stored in a single location. Also, one of challenges in the existing ECDSA signature is single point failure, wherein the signing key (private key) is prone to theft. The disclosed technique overcomes the challenging in the existing techniques by party distributed signature that ensures the safety of the private key. The disclosed techniques slits the key in two parts and saves at two different locations/machines. Further based on a ECDSA based technique, the digital signature is obtained securely using several steps that includes generation of first two parts of digital signature at one party, generation of the second two parts of digital signature at second party, finally decrypting a complete digital signature at the first party.

Abstract: This disclosure provides methods and systems for enabling a hybrid architecture in an enterprise application. The present disclosure addresses problems of conventional approaches which falls back on a common representation or pluggable framework to handle challenges of composing multiple libraries. Conventional approaches work for the problem of maintaining performance while handling diversity of libraries which cannot be reused either in as-is form or with a slight modification. The present disclosure provide a method and system that enable hybrid architecture in an enterprise application to mitigate quantum attacks. The method of the present disclosure changes codebase of the enterprise application to enable hybrid architecture. New paths are created within the enterprise application to support execution of a new library code that enables double encryption of data being processed by the application.

Abstract: This disclosure provides system and method for auto repairing vulnerable code program fragments of a software. The present disclosure addresses problems of conventional approaches which are dependent on test cases. In the present disclosure, vulnerabilities in an input application are identified and repaired. First, a plurality of vulnerability detection rules is executed against an application in binary form (i.e., input application) and a plurality of vulnerable code fragments are identified. Post identification of the plurality of vulnerable code fragments, a mapping is created from the application in binary form to its source code files. Post mapping, paths capturing different application functionalities are extracted. Subsequently, a plurality of vulnerable source code program fragments is extracted and auto repair rules are applied on entire application functionality.

Abstract: State of the art approaches used to address security aspects in serverless platforms perform workflow validations on an end to end flow, however, this cannot prevent attacks targeted at intermediate function calls in the workflow. Further, the existing systems store policy data in insecure manner, which causes security issues. The disclosure herein generally relates to serverless clouds, and, more particularly, to a method and system for privacy-preserving workflow validations in serverless clouds. The system stores policy data in a secured/encrypted manner. The system also performs validations at different levels, at a first level to allow/deny access at an ingress point, and at a second level to allow/deny access at critical intermediate points. This approach thus provides safety against attacks that may have been initiated post initial validation, and offers added data security.

Abstract: State of the art systems used for airport automation and data processing may be prone to data security related issues, as unauthorized personal may gain entry to sensitive data. The disclosure herein generally relates to airport management, and, more particularly, to a method and system for service authentication in an airport management network. The system uses a neural network to process a received service request and decides whether the service request is to be allowed or denied, based on a determined validity of the service request, role based access defined for a user requesting the service, a feature map data generated.

Abstract: This disclosure relates to field of cryptography and digital signatures. The constant theft of cryptocurrencies is due to compromise of the secret signing key inherently stored in a single location. Also, one of challenges in the existing ECDSA signature is single point failure, wherein the signing key (private key) is prone to theft. The disclosed technique overcomes the challenging in the existing techniques by party distributed signature that ensures the safety of the private key. The disclosed techniques slits the key in two parts and saves at two different locations/machines. Further based on a ECDSA based technique, the digital signature is obtained securely using several steps that includes generation of first two parts of digital signature at one party, generation of the second two parts of digital signature at second party, finally decrypting a complete digital signature at the first party.

Abstract: Transaction executions/commits in a blockchain network need to be fast, robust and secure and thus calls for minimal latency in transaction commits. In an execute-order-commit blockchain network, latency is high due to smart contracts been executed at every endorsing node of the blockchain network. A method and system for processing transactions in the blockchain network is disclosed. The system discloses a veriblock architecture, which enables processing a transaction request by executing an associated smart contract along with a proof of correctness of execution of smart contract using only one endorser. Further, enables verifying the smart contract by multiple endorsers. The smart contract associated with the proof, referred herein as a vericontract, is executed to generate an output and the proof using one of a) Verifiable Computing (VC) approach, b) a TEE approach and c) a hybrid approach (combination of VC and TEE).

Abstract: This disclosure relates generally to method and system for securing peer nodes in a blockchain network. The proposed disclosure is a robust model providing secure, scalable and efficient sharding committee reconfiguration technique where blockchain peer nodes organize themselves into each sharding committee among a plurality of sharding committees. The disclosure includes, generating a random number directory by each peer node communicating random numbers to the reference committee through leader node in the blockchain network. The reference committee initiates to reconfigure members of each sharding committee at predefined intervals. Further, a first message packet from each peer node is received by the reference committee based on which a second message packet is generated enabling each peer node of the block chain network to join one of the sharding committee.

Abstract: This disclosure relates generally to contract management, and more particularly to contract management in a data marketplace. In an embodiment, a system for contract management performs refactoring of a contract, during which the system extracts terms and conditions from the contract and generates a simplified view of the contract. The system further performs a requirement validation based on the contract, during which the system determines features of data entity matches requirements specified by a first party or not, based on domain specific ontologies. If the data entity features are not matching with the requirements, then the system fetches one or more relevant attributes from a list of ontologies, verifies whether the features of entity along with the selected feature(s) satisfy the requirements or not. The system accordingly generates an agreeable requirement document as output of the requirement validation.

Abstract: This disclosure relates generally to method and system for securing peer nodes in a blockchain network. The proposed disclosure is a robust model providing secure, scalable and efficient sharding committee reconfiguration technique where blockchain peer nodes organize themselves into each sharding committee among a plurality of sharding committees. The disclosure includes, generating a random number directory by each peer node communicating random numbers to the reference committee through leader node in the blockchain network. The reference committee initiates to reconfigure members of each sharding committee at predefined intervals. Further, a first message packet from each peer node is received by the reference committee based on which a second message packet is generated enabling each peer node of the block chain network to join one of the sharding committee.

Abstract: Transaction executions/commits in a blockchain network need to be fast, robust and secure and thus calls for minimal latency in transaction commits. In an execute-order-commit blockchain network, latency is high due to smart contracts been executed at every endorsing node of the blockchain network. A method and system for processing transactions in the blockchain network is disclosed. The system discloses a veriblock architecture, which enables processing a transaction request by executing an associated smart contract along with a proof of correctness of execution of smart contract using only one endorser. Further, enables verifying the smart contract by multiple endorsers. The smart contract associated with the proof, referred herein as a vericontract, is executed to generate an output and the proof using one of a) Verifiable Computing (VC) approach, b) a TEE approach and c) a hybrid approach (combination of VC and TEE).

Abstract: Systems and methods of the present disclosure provide comprehensive risk assessment in a heterogeneous dynamic network. The framework enables ‘view’ and ‘analyses’ of complete architecture simultaneously in information view, deployment view, business view and security view. Fundamentally, data pertaining to information flow between a plurality of nodes within systems in a network is identified. One or more affected nodes or paths therebetween are identified and attack risk is computed. The graph based framework supports multiple threat models for threat evaluation. It also provides mitigation plans which will reflect reduced risk in the business view and incorporates attack tree simulations to evaluate dynamic behavior of a system under attack.

Abstract: This disclosure relates generally to contract management, and more particularly to contract management in a data marketplace. In an embodiment, a system for contract management performs refactoring of a contract, during which the system extracts terms and conditions from the contract and generates a simplified view of the contract. The system further performs a requirement validation based on the contract, during which the system determines features of data entity matches requirements specified by a first party or not, based on domain specific ontologies. If the data entity features are not matching with the requirements, then the system fetches one or more relevant attributes from a list of ontologies, verifies whether the features of entity along with the selected feature(s) satisfy the requirements or not. The system accordingly generates an agreeable requirement document as output of the requirement validation.

Abstract: Systems and methods of the present disclosure provide comprehensive risk assessment in a heterogeneous dynamic network. The framework enables ‘view’ and ‘analyses’ of complete architecture simultaneously in information view, deployment view, business view and security view. Fundamentally, data pertaining to information flow between a plurality of nodes within systems in a network is identified. One or more affected nodes or paths therebetween are identified and attack risk is computed. The graph based framework supports multiple threat models for threat evaluation. It also provides mitigation plans which will reflect reduced risk in the business view and incorporates attack tree simulations to evaluate dynamic behavior of a system under attack.

Abstract: Disclosed are devices, systems, and methods for securing data using attribute based data access. The data may correspond to a sensory environment, and the data is secured at the device. The device secures the data by segmenting the data into number of segments and defining an access policy, further submitting the access policy to a PKG of system for generating Access Tree having attributes at different level for accessing the data. These Access Trees are securely stored on the device using IBE mechanism. Further, the data after being secured, is uploaded to a system for analysis. At the system, an access request may be received for accessing the data. The access request further includes a request attribute, whereby the system verifies if the attribute satisfies the Access Policy. If the verification is positive, an access may be provided to the data accessor for accessing the data.

Abstract: Disclosed are devices, systems, and methods for securing data using attribute based data access. The data may correspond to a sensory environment, and the data is secured at the device. The device secures the data by segmenting the data into number of segments and defining an access policy, further submitting the access policy to a PKG of system for generating Access Tree having attributes at different level for accessing the data. These Access Trees are securely stored on the device using IBE mechanism. Further, the data after being secured, is uploaded to a system for analysis. At the system, an access request may be received for accessing the data. The access request further includes a request attribute, whereby the system verifies if the attribute satisfies the Access Policy. If the verification is positive, an access may be provided to the data accessor for accessing the data.

Abstract: A method and a system for administering pay-per-use (PPU) licensing of software applications are disclosed. The system comprises a processor and a memory. The memory comprises an administrative module configured to generate a license file based upon a request sent by a user. The license file is used by the user for accessing a software application. The administrative module is further configured to receive a log file from the user. The log file comprises a track of at least one of a number of usages of the software application and a time period of the software application. The memory further includes an assessment module configured to determine a validity of the license file based upon the log file.