Abstract: To write forgettable data to a blockchain, the forgettable data is transmitted to a server, from which encrypted data corresponding to the forgettable data are received. A hash of the forgettable data is generated. A data block including the encrypted data and control data including the hash is added to the blockchain.

Abstract: A first hash of information is generated. The first hash of the information is used to validate if the information (e.g., a software application) has changed. The first hash of the information is generated locally. The first hash of the information is sent to the trusted authority. The trusted authority is a service that is managed by an external party. A validation event associated with the information is detected. A request for the first hash of the information is sent to the trusted authority. The first hash of the information is received from the trusted authority. A second hash of the information is generated. The second hash of the information is generated locally. The received first hash of the information is compared to the generated second hash of the information to determine if the received first hash of the information is the same as the second hash of the information.

Abstract: Language used by a specific user in a specific context is gathered. The language used by the specific user in the specific context is language gathered from a plurality of previously captured electronic communication sessions. For example, the language of the specific user is captured from previous voice, video, and/or text communication sessions. A machine learning process based on the language gathered from the plurality of previously captured electronic communication sessions is trained. The trained machine learning process is used to determine if the specific user is actually participating in an electronic communication session or if a potential imposter is likely posing as the specific user in the electronic communication session. In response to determining that the potential imposter is likely posing as the specific user in the electronic communication session, an action is taken to secure the electronic communication session.

Abstract: A visual media is received. For example, the received visual media may be a digital image, a video file, or a video stream. A plurality of colors in the visual media are identified. In response to identifying the plurality of colors in the visual media, one or more colors not in the visual media are identified. A watermark is placed in the visual media to produce a watermarked visual media. The watermark comprises at least one of the identified colors not in the visual media. The watermarked visual media is verified using image processing.

Abstract: Source code for a type of malware is received. For example, the source code may be source code from a type of computer virus. An Artificial Intelligence (AI) algorithm is identified. For example, the AI algorithm may be ChatGPT. The source code of the type of malware is run through the AI algorithm to produce mutated source code for the type of malware. A prediction algorithm is used to predict a signature of the mutated source code for the type of malware. For example, the prediction algorithm is trained using existing source code of different types of malware to generate a prediction model. The signature of the mutated source code for the type of malware is then compared to a signature of a potentially new type of malware to determine if the signatures are similar.

Abstract: A current thread pattern is identified. For example, a thread pattern of a running software application is identified. Current resource information associated with the current thread pattern is identified. For example, the current resource information may include disk usage, packets sent, ports used, accounts created, etc. The current thread pattern and the current resource information associated with the current thread pattern are compared to an existing malicious thread pattern associated with a type of malware and existing malicious resource information associated with the existing thread pattern. A determination is made if the comparison meets a threshold. For example, if the current thread pattern is 90% similar to the existing malicious thread pattern and the current resource information is within 75% of the existing malicious resource information, the threshold is met. In response to the comparison meeting the threshold, an action is taken to mitigate the type of malware.

Abstract: Results of an authentication process are received. The authentication process allows for a graded level of authentication using a plurality of authentication types (e.g., a username/password and a fingerprint scan). Encrypted data is then accessed. The encrypted data has been encrypted using a plurality of encryption levels. The data is unencrypted based on the graded level of authentication. In a second embodiment, a system and method are provided that establish a communication session (e.g., a voice or email communication session). The communication session is between a plurality of users. During the communication session, an indication is received to change an encryption level for the communication session. In response to receiving the indication to change the encryption level for the communication session, an encryption level of the first communication session is dynamically changed from a first level of encryption to a second level of encryption.

Abstract: A copy of a blockchain is stored. The stored copy of the blockchain is copied from a blockchain in a distributed blockchain ledger. An event associated with the blockchain in the distributed ledger is identified. In response identifying the event associated with the blockchain in the distributed ledger, a compromise of the blockchain in the distributed ledger is identified, such as, identifying one or more blocks of the blockchain that have been compromised. In a second embodiment, a request to add a new block to a blockchain is identified. In response identifying the request to add the new block to the blockchain, a consensus vote to add the new block to the blockchain is monitored. A determination is made to determine if the consensus vote is below a threshold. In response to the consensus vote being below the threshold, an audit of the blockchain is completed.

Abstract: Embodiments provide for detecting viruses and other malware in executing process threads based on thread patterns. According to one embodiment, detecting previously unknown malware associated with process threads can comprise capturing context information for each thread of a plurality of threads executing on a processor. The context information can define a thread pattern for the thread. The thread pattern for each thread can be compared to stored information defining one or more known patterns for thread execution based on previous execution of one or more threads. A thread pattern variation can be detected when the thread pattern for one or more threads does not match the stored information defining the known thread patterns. A determination can be made as to whether the detected thread pattern variation indicates presence of malware and actions can be performed based on determining the detected thread pattern variation indicates the presence of malware.

Abstract: A first hash of a record is retrieved. The first hash is encrypted using an encryption key to produce an encrypted hash. The encrypted hash is stored in the record by replacing the first hash with the encrypted hash or by adding the encrypted hash to the record. A request is received to validate the record. In response to receiving the request to validate the record, the record is validated by: unencrypting the encrypted hash using the encryption key to produce a second hash; hashing the record to produce a third hash; and comparing the second hash to the third hash. In response to the second hash being the same as the third hash, the record is validated. In response to the second hash not being the same as the third hash, the record is not validated.

Abstract: A first hash of a record is retrieved. The first hash is tokenized by storing the first hash in a tokenization table that has a corresponding hash token. A request is received to validate the record. The request to validate the record comprises a second hash of the record and a second hash token. In response to receiving the request to validate the record, the record is validated by looking up the first hash in the tokenization table using the second hash token and comparing the looked up first hash to the second hash. In response to the looked up first hash being the same as the second hash, the record is validated. In response to the looked up first hash not being the same as the second hash, the record is not validated.

Abstract: One or more unused locations in a software image are identified. An example of a software image may be a container image or virtual machine image. An unused location may be a location where padding is used in the software image. A first watermark is placed in the one or more unused locations to produce a watermarked software image. A request is received to load the watermarked software image. In response to receiving the request to load the watermarked software image, a second watermark is generated using the one or more unused locations in the watermarked software image and the second watermark is then compared to the first watermark. In response to the first watermark matching the second watermark, the software image is loaded. In response to the first watermark not matching the second watermark, the software image is not loaded.

Abstract: An anomaly on a computer network is identified by processing data generated by the computer network. The anomaly is identified based on a first anomaly threshold of a plurality of anomaly thresholds associated with the anomaly. In response to determining that the anomaly has met the first anomaly threshold of the plurality of anomaly thresholds associated with the anomaly, a first authentication level associated with the first anomaly threshold is identified. The plurality of anomaly thresholds associated with the anomaly have a plurality of associated authentication levels. A user interface is displayed to an administrator that includes a prompt to authenticate the administrator at the first authentication level. Authenticating the administrator at the first authentication level allows the administrator to take an action associated with the anomaly. For example, the administrator may unload an application that may likely have been compromised.

Abstract: A request to retroactively add one or more of an encryption level, an encryption type, a security level, and an authentication level to an existing blockchain is received. An authentication/encryption block is added to the existing blockchain. The authentication/encryption block comprises the one or more of the encryption level, the encryption type, the security level, and the authentication level. Based on the added authentication/encryption block in the existing blockchain, the one or more of the encryption level, the encryption type, the security level, and the authentication level are retroactively applied to at least a portion of blockchain data in the existing blockchain. In one embodiment, a data structure is used in place of the authentication/encryption block.

Abstract: A first load cycle of an application is determined to have been completed. A load cycle is where the application has been loaded, executed, and then unloaded. One or more of first load parameter associated with the first load cycle of the application, a first execution parameter associated with the first load cycle of the application, and a first unload parameter associated with the first load cycle of the application are retrieved and compared to one or more of a second load parameter associated with a second load cycle of the application, a second execution parameter associated with the second load cycle of the application, and a second unload parameter associated with the second load cycle of the application. The comparison can then be used to identify anomalies between load cycles of the application.

Abstract: A first sub-blockchain and a second sub-blockchain are retrieved. The sub-blockchains are predefined fragments of a blockchain that are intended to be used to build a larger blockchain. At least one of the first sub-blockchain and the second sub-blockchain was originally stored in a read-only computer memory or was originally stored in a barcode/RFID tag. A blockchain that comprises the first sub-blockchain and the second sub-blockchain is created. The blockchain is used to track inventory of a product.

Abstract: An event is identified. For example, the event is that the an original blockchain has reached a threshold number of blocks. In response to identifying the event: the original blockchain is completed and a second blockchain is created. The second blockchain comprises a first consolidation genesis block. The first consolidation genesis block comprises a complete hash of the original blockchain and a first consolidation pointer that points to the original blockchain. This allows the blockchain to be divided into smaller pieces that can be verified using less processing resources. In addition, this allows for more efficient searching of blockchains.

Abstract: A primary blockchain for a software application is created that comprises a first block associated with a software component of the software application. An event is received that is associated with the software component. In response to receiving the event, a component blockchain is created that is associated with the software component. The component blockchain comprises a second block associated with the event. The component blockchain links to the primary blockchain. This provides a structure for managing supply chains of software components. As new software components are received, the new software components can be managed and tracked for quality/security.

Abstract: Embodiments provide for detecting viruses and other malware in executing process threads based on thread patterns. According to one embodiment, detecting previously unknown malware associated with process threads can comprise capturing context information for each thread of a plurality of threads executing on a processor. The context information can define a thread pattern for the thread. The thread pattern for each thread can be compared to stored information defining one or more known patterns for thread execution based on previous execution of one or more threads. A thread pattern variation can be detected when the thread pattern for one or more threads does not match the stored information defining the known thread patterns. A determination can be made as to whether the detected thread pattern variation indicates presence of malware and actions can be performed based on determining the detected thread pattern variation indicates the presence of malware.

Abstract: A copy of a blockchain is stored. The stored copy of the blockchain is copied from a blockchain in a distributed blockchain ledger. An event associated with the blockchain in the distributed ledger is identified. In response identifying the event associated with the blockchain in the distributed ledger, a compromise of the blockchain in the distributed ledger is identified, such as, identifying one or more blocks of the blockchain that have been compromised. In a second embodiment, a request to add a new block to a blockchain is identified. In response identifying the request to add the new block to the blockchain, a consensus vote to add the new block to the blockchain is monitored. A determination is made to determine if the consensus vote is below a threshold. In response to the consensus vote being below the threshold, an audit of the blockchain is completed.