The present invention relates to a method and apparatus for handling personal data in a machine-to-machine (M2M) system, and an operation method of an M2M device includes obtaining information related to consent of a user for personal data provided from an Internet of things (IoT) device and creating a consent-related resource based on the information. The resource includes at least one attribute related to the consent.

A computer-implement method includes receiving one or more messages at a secure processor from a first node on a communication bus, monitoring the one or more messages from the first node, wherein the one or more messages include a request to a change a state of the one or more nodes, in response to the one or more messages including the request to the change of state, initiating a timer to initiate monitoring of the communication bus for a second sequence of messages, and in response to the second sequence of messages not being found within a database including information associated with the one or more latency values associated with the change of state, outputting a signal indicating an alert.

A method includes receiving an event, the event associated with a digital signature in a first time-based message comprising a first trusted time stamp token generated using a first hash of digitally signed content from a trusted timing authority; generating a first block on a distributed ledger; generating a second hash of the first trusted time stamp token; receiving a second trusted time stamp token from the trusted timing authority in response to transmitting the second hash to the trusted timing authority; and generating a second block on the distributed ledger; wherein verification of data integrity of the digitally signed content is provided via the first hash of the digitally signed content and second hash of the first trusted time stamp token and via the hash of the first block and a hash of the second block.

A method and system for continuously configuring a web application firewall (WAF) are provided. The method includes receiving a request directed at a protected web application, wherein the request is received from a client device associated with a trusted user account, and wherein the protected web application is protected by the WAF; validating the received request based on at least a signature included in a header of the received request; when the received request is validated, generating an authorization rule based on the received request, wherein the authorization rule allows access to a resource of the protected web application designated in the received request, wherein the generated authorization rule is included in at least one whitelist the WAF is configured with; and configuring the WAF with the generated authorization rule to allow the received request and subsequent request to be directed to the resource of the protected web application.

A lossy counter counts distinct network data items. The lossy counter includes a count sketch bounded by a predetermined value to limit the number of distinct network data items included in the count sketch. The count sketch may include counts for a set of distinct network data items. The lossy counter has an associated time interval, and the first set of distinct network data items and the second set of distinct data items include timestamps that coincide with the time interval associated with the lossy counter.

The present disclosure is directed to systems and methods to address cryptoprocessor hardware scaling limitations, the method including the steps of establishing a communication path between a centralized server and a client device; generating, by the centralized server, a nonce for transmission to the client device, wherein the nonce is associated with an active time interval and corresponds to one of an existing nonce or a new nonce; transmitting the nonce to the client device; receiving a signed attestation result that includes the nonce from the client device, wherein, the signed attestation result comprises a previously-generated signed attestation result if the nonce corresponds to the existing nonce previously received by the client device; and the signed attestation result comprises a new signed attestation result if the nonce corresponds to the existing nonce newly received by the client device or corresponds to the new nonce.

Virtual private network (VPN) service provider infrastructure (SPI) receives a request to access a VPN from a client device. The VPN SPI selects an Internet Protocol (IP) address for access to the VPN by the client device from a pool of IP addresses. The VPN SPI provides access to the VPN for the client device via the IP address. The VPN SPI receives one or more handshake notifications from the client device. The VPN SPI determines that a threshold time period has passed since a latest-in-time handshake notification of the one or more handshake notifications. The VPN SPI disconnects the client device from the VPN in response to determining that the threshold time period has passed. The VPN SPI adds the IP address to the pool of IP addresses in response to disconnecting the client device from the VPN.

This disclosure relates to a method for privacy-preserving web activity monitoring including receiving, from an application on a user device of a user, a request for digital content from a domain, assigning, to the application and at a first time, a randomized cohort constructed based on a randomly selected identifier and a timestamp indicating the first time at which the randomized cohort was assigned to the application, and providing, to the application and at the first time, (i) a digitally signed certificate corresponding to the randomly selected identifier and the timestamp and (ii) a unique public key and corresponding unique private key associated with the certificate, wherein the randomly selected identifier is also assigned to at least a threshold number of other applications executing on other user devices within a predetermined period of time of the assignment of the randomized cohort to the application.

Certain aspects of the present disclosure provide techniques for reliable cryptocurrency rebroadcasting. According to certain embodiments, after an initial transaction broadcast disclosed systems listen to a blockchain to determine if the transaction was included in the blockchain. If, after a short time period, the transaction is not confirmed, a transaction database record for the transaction is locked to prevent inadvertent rebroadcast. While the record is locked, the transaction format and replay information are verified, and depending on the blockchain, is updated. For blockchains having a transaction fee, the system reviews recent transactions to determine appropriate fees and if needed, updates the transaction fee accompanying the transaction. Once the replay information is verified/updated, and the transaction fee is sized appropriately, the database record is unlocked and the transaction is rebroadcasted.

Systems and methods are disclosed for flexibly applying a query term to heterogeneous data. A query system can receive a query that includes a data-determinant query term. As the system executes the query it can generate interim search results. As the system query processes the interim search results based on the query, it can apply the data-determinant query term to records of the interims search results based on the structure of the records.