Abstract: A determination is made that an event associated with a composite blockchain is a primary event or a secondary event. The composite blockchain comprises a primary blockchain and a first level sub-blockchain. In response to determining that the event is the primary event, a new block is dynamically added to the end of the primary blockchain. In response to determining that the event is the secondary event, the first level sub-blockchain is dynamically created. Dynamically creating the first sub-level blockchain comprises dynamically creating a first block in the first sub-level blockchain. This creates a branched blockchain that can be used for efficient searching.

Abstract: A copy of a blockchain is stored. The stored copy of the blockchain is copied from a blockchain in a distributed blockchain ledger. An event associated with the blockchain in the distributed ledger is identified. In response identifying the event associated with the blockchain in the distributed ledger, a compromise of the blockchain in the distributed ledger is identified, such as, identifying one or more blocks of the blockchain that have been compromised. In a second embodiment, a request to add a new block to a blockchain is identified. In response identifying the request to add the new block to the blockchain, a consensus vote to add the new block to the blockchain is monitored. A determination is made to determine if the consensus vote is below a threshold. In response to the consensus vote being below the threshold, an audit of the blockchain is completed.

Abstract: To write forgettable data to a blockchain, the forgettable data is transmitted to a server, from which encrypted data corresponding to the forgettable data are received. A hash of the forgettable data is generated. A data block including the encrypted data and control data including the hash is added to the blockchain.

Abstract: A method includes, by a computer associated with a security reporter, updating a component vulnerability entry blockchain to represent a state of a component vulnerability entry of a software component vulnerability database. The method includes, by the computer, providing the updated component vulnerability entry blockchain to a management authority so that the management authority updates a master blockchain for the software component vulnerability database. The updated master blockchain includes a plurality of component vulnerability entry blockchains, which represent corresponding states of component vulnerability entries of the software component vulnerability database, including the updated component vulnerability entry.

Abstract: In some examples, in response to detecting addition or update of a program component of a program, a system creates a blockchain entry for addition to a blockchain register, generates a hash based on the program component, and adds in the blockchain entry a signed hash produced by encrypting the generated hash. The system publishes the blockchain entry for the blockchain, the signed hash in a blockchain entry useable to detect tampering with the program component.

Abstract: Results of an authentication process are received. The authentication process allows for a graded level of authentication using a plurality of authentication types (e.g., a username/password and a fingerprint scan). Encrypted data is then accessed. The encrypted data has been encrypted using a plurality of encryption levels. The data is unencrypted based on the graded level of authentication. In a second embodiment, a system and method are provided that establish a communication session (e.g., a voice or email communication session). The communication session is between a plurality of users. During the communication session, an indication is received to change an encryption level for the communication session. In response to receiving the indication to change the encryption level for the communication session, an encryption level of the first communication session is dynamically changed from a first level of encryption to a second level of encryption.

Abstract: Embodiments provide for detecting viruses and other malware in executing process threads based on thread patterns. According to one embodiment, detecting previously unknown malware associated with process threads can comprise capturing context information for each thread of a plurality of threads executing on a processor. The context information can define a thread pattern for the thread. The thread pattern for each thread can be compared to stored information defining one or more known patterns for thread execution based on previous execution of one or more threads. A thread pattern variation can be detected when the thread pattern for one or more threads does not match the stored information defining the known thread patterns. A determination can be made as to whether the detected thread pattern variation indicates presence of malware and actions can be performed based on determining the detected thread pattern variation indicates the presence of malware.

Abstract: A technique includes determining, by a computer, entries of a software vulnerability database that is associated with a plurality of components associated with a release of a software product. The technique includes determining, by the computer, a block of a blockchain representing a vulnerability state of the plurality of components; and associating, by the computer, the block of the blockchain with the product release.

Abstract: An apparatus may include a processor that may be caused to access handholding information indicating a hand configuration in which the apparatus is being held and compare the handholding information with previously-stored handholding authentication data of an authentic user. The previously-stored handholding authentication data may represent an authentic configuration in which the apparatus is held by the authentic user. The processor may be caused to determine that the apparatus is being held by the authentic user based on the comparison and cause an authenticated action to occur based on the determination.

Abstract: Response to incorrect passwords being entered for usernames in attempts to access a computing system, each incorrect password is one-way hashed. The hashed incorrect passwords are stored within a database. High-frequency hashed incorrect passwords are determined from the stored hashed incorrect passwords. Each high-frequency hashed incorrect password corresponds to an incorrect password that was entered more than a threshold number of the attempts, regardless of the username for which the incorrect password was entered in any attempt. That the computing system is being subjected to a cyber attack is detected based on the determined high-frequency hashed incorrect passwords.

Abstract: A method includes, by a computer associated with a security reporter, updating a component vulnerability entry blockchain to represent a state of a component vulnerability entry of a software component vulnerability database. The method includes, by the computer, providing the updated component vulnerability entry blockchain to a management authority so that the management authority updates a master blockchain for the software component vulnerability database. The updated master blockchain includes a plurality of component vulnerability entry blockchains, which represent corresponding states of component vulnerability entries of the software component vulnerability database, including the updated component vulnerability entry.

Abstract: A technique includes determining, by a computer, entries of a software vulnerability database that is associated with a plurality of components associated with a release of a software product. The technique includes determining, by the computer, a block of a blockchain representing a vulnerability state of the plurality of components; and associating, by the computer, the block of the blockchain with the product release.

Abstract: Response to incorrect passwords being entered for usernames in attempts to access a computing system, each incorrect password is one-way hashed. The hashed incorrect passwords are stored within a database. High-frequency hashed incorrect passwords are determined from the stored hashed incorrect passwords. Each high-frequency hashed incorrect password corresponds to an incorrect password that was entered more than a threshold number of the attempts, regardless of the username for which the incorrect password was entered in any attempt. That the computing system is being subjected to a cyber attack is detected based on the determined high-frequency hashed incorrect passwords.

Abstract: In some examples, in response to detecting addition or update of a program component of a program, a system creates a blockchain entry for addition to a blockchain register, generates a hash based on the program component, and adds in the blockchain entry a signed hash produced by encrypting the generated hash. The system publishes the blockchain entry for the blockchain, the signed hash in a blockchain entry useable to detect tampering with the program component.

Abstract: Techniques for secure data extraction in a virtual or cloud environment are presented. Desired data from a Virtual Machine (VM) or an entire VM is extracted and encrypted with a key. This key is sealed to a machine or a group of machines. The encrypted data is then migrated and successfully used on startup for instances of the VM by having the ability to access the sealed key (and unsealing it) to decrypt the encrypted data.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.