Abstract: A bearing includes a washer and a retention band. The washer includes an annular portion, a cylindrical outer flange, and a radius portion connecting the outer portion to the flange. The retention band includes a cylindrical ring disposed radially inside of the cylindrical outer flange, and a tab extending radially outward from the cylindrical ring. In an example embodiment, the tab extends radially outside of the washer. In some example embodiments, the cylindrical ring has a split. In an example embodiment, the split is circumferentially offset from the tab. In an example embodiment, the retention band also includes an axial leg connecting the tab to the cylindrical ring. In an example embodiment, the retention band has exactly one tab. In an example embodiment, the retention band has a plurality of circumferentially spaced tabs.

Abstract: A bearing includes a washer and a retention band. The washer includes an annular portion, a cylindrical outer flange, and a radius portion connecting the outer portion to the flange. The retention band includes a cylindrical ring disposed radially inside of the cylindrical outer flange, and a tab extending radially outward from the cylindrical ring. In an example embodiment, the tab extends radially outside of the washer. In some example embodiments, the cylindrical ring has a split. In an example embodiment, the split is circumferentially offset from the tab. In an example embodiment, the retention band also includes an axial leg connecting the tab to the cylindrical ring. In an example embodiment, the retention band has exactly one tab. In an example embodiment, the retention band has a plurality of circumferentially spaced tabs.

Abstract: One or more access events can be logged to a system log. The system log includes a history of recorded user device actions. A request associated with modifying the system log can be received. The modifying of the system log may be denied based at least in part on a plurality of distributed nodes invalidating the request. Each of the plurality of distributed nodes may include a copy of the system log. The invalidating of the request may include comparing contents of the copy of the system log with the request.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: A method includes obtaining a plurality of proof-of-stake blocks that include user data to be added to a blockchain database, and each of the proof-of-stake blocks is confirmed. In response to confirming each of the proof-of-stake blocks, each of the proof-of-stake blocks is added to the blockchain database. The method further includes obtaining a proof-of-work block that includes a representation of each of the proof-of-stake blocks added to the blockchain database and confirming the proof-of-work block. In response to confirming the proof-of-work block, the method adds the proof-of-work block to the blockchain database.

Abstract: A method includes identifying a set of computing-resistant puzzles and receiving human-input proposed solutions to at least a subset of the puzzles. The method further includes confirming the validity of the human-input proposed solutions and producing a proof-of-work based on at least a threshold quantity of validated human-input proposed solutions. A new block including the produced proof-of-work is added to a blockchain database.

Abstract: A method includes distributing a plurality of key pieces associated with an encryption key to a plurality of key piece holders, adding release data to a blockchain database including sensitive data encrypted with the encryption key and a specified release date. The method further includes providing instructions to key piece holders to add respective key pieces to the blockchain database at the specified release date to facilitate time-based release of the sensitive data.

Abstract: A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.

Abstract: In a computer-implemented method for endpoint management, a plurality of messages communicated between a target endpoint and a client are recorded, in a computer-readable memory. Ones of the messages are clustered into respective groups, where the respective groups correspond to respective operation types of the ones of the messages included therein. For the respective operation types, respective message structures used by the target endpoint are determined based on commonalities among the ones of the messages of the respective groups corresponding to the operation types. For one of the respective operation types, a request to the target endpoint is generated in accordance with a corresponding one of the respective message structures used by the target endpoint. Related computer systems and computer program products are also discussed.

Abstract: A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: In a method of service emulation, a plurality of messages communicated between a system under test and a target system for emulation are recorded in a computer-readable memory. Ones of the messages are clustered to define a plurality of message clusters, and respective cluster prototypes are generated for the message clusters. The respective cluster prototypes include a commonality among the ones of the messages of the corresponding message clusters. One of the message clusters is identified as corresponding to a request from the system under test based on a comparison of the request with the respective cluster prototypes, and a response to the request for transmission to the system under test is generated based on the one of the message clusters that was identified. Related computer systems and computer program products are also discussed.

Abstract: A method, program product, and apparatus for managing profiles in an access management domain. In an embodiment, attribute field mapping rules are generated for an identity profile schema applied to a plurality of identity profiles and an account profile schema applied to a plurality of account profiles. Each of the identity profiles includes one or more identity attribute fields and each of the plurality of account profiles includes one or more account attribute fields. As part of generating attribute field mapping rules, a synchronization manager iteratively compares, using an edit distance function, data in each of the identity attribute fields with data in one or more of each of the account attribute fields. In response to detecting a match between data in a given identity attribute field and data in a given account attribute field, the synchronization manager increments an attribute correlation value that is associated with the given identity attribute field and the given account attribute field.

Abstract: In a service emulation method, a transaction library storing a plurality of messages communicated between a system under test and a target system upon which the system under test depends is accessed responsive to receiving a request from the system under test. One of the messages stored in the transaction library is identified as corresponding to the received request based on a distance measure therebetween, and a response to the received request is generated using the one of the messages that was identified. Related systems and computer program products are also discussed.

Abstract: A method, program product, and apparatus for managing profiles in an access management domain. In an embodiment, attribute field mapping rules are generated for an identity profile schema applied to a plurality of identity profiles and an account profile schema applied to a plurality of account profiles. Each of the identity profiles includes one or more identity attribute fields and each of the plurality of account profiles includes one or more account attribute fields. As part of generating attribute field mapping rules, a synchronization manager iteratively compares data in each of the identity attribute fields with data in one or more of each of the account attribute fields. In response to detecting a match between data in a given identity attribute field and data in a given account attribute field, the synchronization manager increments an attribute correlation value that is associated with the given identity attribute field and the given account attribute field.

Abstract: Provided are methods of providing a virtual service that may provide partial real time service to clients of a production computing service that is unavailable. Methods may include generating, based on transaction data corresponding to a production computing service that is available, a production computing service model that includes multiple request types and multiple confidence values that correspond to ones of the request types. Methods may include responding to a request received from a client of the production computing service with a model-generated response to the request in response to the production computing service being unavailable. The production computing service is updated with the request received from the client and the model-generated response responsive to the production computing service being available after being unavailable.

Abstract: A method, program product, and apparatus for managing profiles in an access management domain. In an embodiment, attribute field mapping rules are generated for an identity profile schema applied to a plurality of identity profiles and an account profile schema applied to a plurality of account profiles. Each of the identity profiles includes one or more identity attribute fields and each of the plurality of account profiles includes one or more account attribute fields. As part of generating attribute field mapping rules, a synchronization manager iteratively compares data in each of the identity attribute fields with data in one or more of each of the account attribute fields. In response to detecting a match between data in a given identity attribute field and data in a given account attribute field, the synchronization manager increments an attribute correlation value that is associated with the given identity attribute field and the given account attribute field.

Abstract: Current behavior can be evaluated to efficiently identify behavioral anomalies with process models of different scopes and/or different degrees of precision. For meaningful behavioral evaluation of an actor (i.e., a user or a device), these multiple process models are constructed with different sets of event logs of a system. A model of a scope of an individual actor and a model of a scope of a group of actors are constructed and used for evaluation. These models of different scope expand “normal” behavior of an actor to include behavior of the group of actors. Although these process models of different scopes likely have different precision, additional models of different precision and/or different scopes can be constructed and used for behavioral evaluation. These different process models allow for behavioral variation within relevant groups of actors.