The present description relates to systems and techniques for allowing a third party verifier to verify aspects of secured data, or successful communication thereof. For example, a message or other data may be associated with a shared manifest that describes aspects of some data but does not reveal or expose the data. As a result, the data may be kept private while selective privacy and verification with respect to the data is achieved by the inclusion of only selected aspects of said data in the shared manifest.

An example operation includes one or more of solving, by a scheduler node, integer programming problem of maximizing a sum of organizations' endorsing peers that run chaincodes from a plurality of chaincodes within a consortium, making, by the scheduler node, endorsement policies (EPs) for the chaincodes from the plurality of the chaincodes to be satisfiable at any time, applying administrator's constraint of available endorsing peers to the maximized sum of organizations' endorsing peers, and adding resulting endorsing peers to a maintenance list.

A trail recording system includes a trail recording apparatus and a report receiving apparatus, the trail recording apparatus: holds a plurality of measurement. values measured by a sensor, and trail data generated based on at least. some of the plurality of measurement values; and transmits the trail data to the report receiving apparatus, the report receiving apparatus transmit, to the trail recording apparatus, a request indicating the trail data of the sensor that is an audit target, the trail recording apparatus transmits, to the report receiving apparatus, out of the plurality of measurement values, measurement values that have been used to generate the indicated trail data, the report receiving apparatus verifies, based on the trail data a.n.d the measurement values received from the trail recording apparatus, whether the at least some of the plurality of measurement values measured by the sensor are tampered is verified.

Described systems and methods enable protecting client devices (e.g., personal computers and IoT devices) implementing encrypted DNS protocols against harmful or inappropriate Internet content. A DNS proxy intercepts an attempt to establish an encrypted communication session between a client device and a DNS server. Without decrypting any communications, some embodiments of the DNS proxy determine an identifier of the respective session and an identifier of the client device, and send a query tracer connecting the session identifier with the client identifier to a security server. In some embodiments, the security server obtains the domain name included in an encrypted DNS query from the DNS server and instructs the DNS server to allow or block access of the client device to the respective Internet domain according to a device- and/or user-specific access policy.

In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.

Apparatuses, systems, methods, and software are disclosed for authorization delegation. In a participant device a derivative key is generated in dependence on a received key. An authenticity check value for a delegation information block is generated in dependence on the delegation information block and the received key. The derivative key is derived in dependence on the delegation information block and the received key. An extended certificate chain is created comprising a received certificate chain appended with a local certificate, which comprises the delegation information block and the authenticity check value.

A system and method for geolocation-aware, cyber-enabled infrastructure inventory and asset management with state prediction capability. The system tracks tangible and intangible assets, including states associated with each asset such as the location, condition, and value of each asset. Physical assets may be cyber-enabled by attaching wireless computing devices to some or all of the physical assets to provide data about the physical assets using sensors of the computing devices, including but not limited to, such data as location, conditions of storage, and hours of operation or use. Data for each item is stored in a multi-dimensional time series database, which keeps a historical record of the states of each item. Unknown or future states can be predicted by applying predictive models to the time series data. Parametric evaluations of current and predicted future states can be used to optimize the assets against an objective.

Various embodiments of the present application are directed towards systems and methods for hybrid blockchain control. According to some embodiments a method for hybrid blockchain control, an update to a distributed blockchain is received from a blockchain system. The blockchain system includes multiple nodes individually storing copies of the distributed blockchain and individually updating the copies by a consensus process. A determination is made as to whether the distributed blockchain has been fraudulently modified based on the received update. In response to determining the distributed blockchain has been fraudulently modified: 1) a corrective block is disseminated to the blockchain system to trigger the consensus process on the nodes; and 2) a predefined override in the consensus process is invoked to update the copies of the distributed blockchain in a manner that bypasses an illegitimate block. Further, the predefined override is invoked while the consensus process processes the corrective block.

Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Once malicious code is verified on an IoT gateway, the failed gateway is remediated to an operational state, such as with a re-imaging by another IoT gateway through an in band communication or a re-imaging by a server information handling system through an out of band communication.

A system for secure communication, including a first security computer communicatively coupled with a client computer via an SSL connection, including a certificate creator, for receiving certificate attributes of a server computer certificate and for creating a signed certificate therefrom, and an SSL connector, for performing an SSL handshake with the client computer using the signed certificate created by said certificate creator, and a second security computer communicatively coupled with a server computer via an SSL connection, and communicatively coupled with the first security computer via a non-SSL connection, including an SSL connector, for performing an SSL handshake with the server computer using a signed certificate provided by the server computer, and a protocol appender, for appending attributes of the signed certificate provided by the server computer within a message communicated to the first security computer. A method is also described and claimed.