Abstract: Various embodiments of the present technology generally relate to management of big data storage and data access control systems. In some embodiments, a data access system for use in multiple application service and multiple storage service environments comprises a sandbox database for users, wherein the sandbox database is a virtual database environment via which a user may access datasets according to one or more access policies. In some embodiments, the data access system receives a user request to access a dataset stored in a database into the sandbox environment, wherein the database is associated with the data access system. In response to the request, the data access system may retrieve the corresponding data from the database, determine any associated sandbox access policies, and generate an anonymized data table in the sandbox environment.

Abstract: A data comparison device holds first and second encrypted data of first and second plaintext, respectively. The first plaintext is divided into a plurality of blocks and the first encrypted data is generated by executing encryption of each of the plurality of blocks and shuffling of the plurality of blocks. The second plaintext is divided into a plurality of blocks and the second encrypted data is generated by executing encryption of each of the plurality of blocks. In at least one of the first encrypted data and the second encrypted data, a plaintext value is embedded as a value indicating a magnitude comparison result, and the data comparison device compares blocks at the same position before shuffling of the first encrypted data and the second encrypted data based on the embedded value and determines a magnitude relationship between the first plaintext and the second plaintext.

Abstract: A routing method, apparatus, and system, related to the field of communications technologies, to update a routing indicator in a subscription concealed identifier when a user is migrated to a new unified subscriber data management UDM network element and the routing indicator in the subscription concealed identifier changes. The method includes: sending, by an authentication server function AUSF network element, a first authentication vector obtaining request to a first unified data management UDM network element; and if the AUSF network element receives a routing indicator RI sent by the first UDM network element, sending the RI to an access and mobility management function AMF network element. The method is applied to a process in which a terminal updates the RI.

Abstract: Techniques for securing an identifier of user equipment for a request external to a communication network are disclosed. For example, a method comprises receiving, at a network entity, a request for identification information for user equipment from an entity external to a communication network to which the network entity belongs. The network entity generates a secure identifier for the user equipment, wherein the secure identifier comprises an encrypted form of a public subscription identifier associated with the user equipment. The network entity sends the secure identifier to the external entity. The network entity receives the secure identifier in a subsequent request from the external entity. The network entity utilizes the received secure identifier to confirm the received secure identifier corresponds to the user equipment.

Abstract: An apparatus and a method for registering a device in a cloud server are provided. The apparatus includes detecting the device by using short-range communication, requesting an authentication code used for registering the device in the cloud server from an account server in response to the device being detected, receiving the authentication code from the account server, and transmitting the received authentication code and connection address information of the cloud server to the device.

Abstract: A data privacy protection tool operates on behalf of a user to effectuate countermeasures and protections for selected portions of their privacy data as provided to a digital service provider (DSP) sites/apps. The countermeasure can be tailored to increase and/or incentivize compliance by DSPs with distribution or access rules for the user data.

Abstract: The technical problem of matching records in different datasets, for example a host dataset and a partner dataset storing records representing respective users, while maintaining the privacy of each dataset, is addressed by providing a privacy safe joint identification protocol. The privacy safe joint identification protocol computes respective anonymous joint identifiers for records in the two datasets. An anonymous joint identifier is generated such that the host-assigned and the partner-assigned identifies that have been determined to represent the same user are mapped to the same anonymous joint identifier.

Abstract: A domain registry (DR) service executing within a service provider network protects data, such as account data, that is associated with different accounts for testing and/or performing other operations/actions by registering an account with one or more domains. The DR service may register an account in one or more domains based on a request by a user. The operations performed that uses/changes data associated with accounts may be restricted based on the domains for which an account is registered. For example, an account that is registered in a “testing” domain may have different workflows/operations performed using the account data associated with the account registered in the testing domain as compared to an account that is not part of the testing domain.

Abstract: The linkability of trajectory data based on similarities to candidate trajectory data is measured and quantified as describer herein. Methods may include: receiving a set of probe data points defining a target trajectory from a probe apparatus; characterizing the trajectory based on features of the target trajectory; identifying a plurality of candidate trajectories sharing at least some features with the target trajectory; calculating, for each of the plurality of candidate trajectories, a similarity score with respect to the target trajectory; calculating a privacy score representing a likelihood of identifying the probe apparatus from the target trajectory based on a number of trajectories in the plurality of candidate trajectories and their respective similarity score; and providing information associated with the target trajectory for location-based services in response to the privacy score satisfying a predetermined value.

Abstract: Providing an accurate and on-demand status of audit compliance is disclosed. A security policy, agreed upon by a service provider and a service user, is provisioned in a compliance log. A service provider requests to add a first update to the compliance log, the first update indicating that a compliance action has been taken. The first update is added to the compliance log, and a first computational digest of the compliance log is added after adding the first update. An auditor of the compliance action requests to add a second update to the compliance log. The second update is added to the compliance log, and a second computational digest of the compliance log is added after adding the second update. Thereby, the user is provided a more current view of audit compliance that that can be trusted based on the tamper-proof compliance log.

Abstract: A wireless communication network performs quantum authentication for a wireless User Equipment (UE). In the wireless communication network, quantum circuitry selects polarization states for qubits, generates and transfers the qubits, exchanges cryptography information with edge quantum circuitry, generates cryptography keys based on polarization states and cryptography information, and transfers the cryptography keys to network authentication circuitry. The edge quantum circuitry receives and process the qubits, determines the polarization states for the qubits, exchanges the cryptography information with the network quantum circuitry, generates the cryptography keys based on the polarization states and cryptography information, and transfers the cryptography keys to the wireless UE. The wireless UE generates authentication data based on the cryptography keys and wirelessly transfers the authentication data for delivery to the network authentication circuitry.

Abstract: In some implementations, a masking device may receive rules and a document object model (DOM) structure. Each rule may indicate a corresponding element, a corresponding pattern, and a type of remediation. The DOM structure may include elements, where each element is associated with text. The masking device may traverse the DOM structure to identify elements that map to corresponding elements indicated by the rules. The masking device may determine whether text, associated with the identified elements, is sensitive information by determining whether the text maps to corresponding patterns indicated by the rules. The masking device may perform validation on the sensitive information. The masking device may modify the DOM structure based on the sensitive information, the validation, and a type of remediation indicated by the rules. Accordingly, the masking device may output the modified DOM structure.

Abstract: A System Platform establishes a Genuine User ID (“GUID”), creates a user profile for an Intended User, generates a unique data set based upon input associated with the user profile and a digital device it has registered to the Intended User. The output of the GUID in combination with the output of an algorithm in a provisioning application enables the digital device to respond to Access Requests at an Access Point. The response from the genuine Intended User's application on their genuine digital device produces a unique data package which combines the GUID, a device ID for the digital device and the output of the algorithm using the payload obtained from one or more data management sources. The unique data package can be tailored for many different uses by the intended user, including uses which are attended or unattended, with varying levels of security.

Abstract: A method for preventing side-channel attack according to an embodiment includes generating an order table which includes a position index value for each bit value of a bit string that is secret information to be generated through a decryption algorithm of an Nth Degree Truncated Polynomial Ring Units (NTRU) LPRime algorithm, shuffling a sort order of the position index value for the each bit value in the order table based on a random number, determining a generation order for the each bit value according to the sort order of the position index value for the each bit value in the order table, and generating the secret information through the decryption algorithm. The secret information is generated by generating the each bit value according to the determined generation order.

Abstract: A storage device includes a storage and a controller configured to execute control of the storage based on a command from a host device. The controller is configured to generate a verifier of data stored in the storage in response to a first command related to the data from the host device, and transmit the verifier of the data to the host device in response to a second command related to the data from the host device.

Abstract: Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for invocation of a secure web container which may display data representative of a requesting party's application at a user's machine. The secure web container is invoked upon receipt of an API call from the requesting party. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable web container), insulating the user and requesting parties from the threats associated with being online for the purposes of providing secure, policy-based interaction with a requesting party's online services.

Abstract: A computer-implemented method includes creating an account including an account value on an online service. The account value is modified periodically to activate a plurality of account values respectively associated with a plurality of times at which the plurality of account values were respectively activated on the account. A network-accessible data repository is scanned to detect a first value of the plurality of account values, the first value associated with a first time of the plurality of times at which the first value was activated. Responsive to detecting the first value a notification is provided indicating a data leak from the online service including an indication of when the data leak occurred based on the first time at which the first value was activated on the account and a second time at which a second value was activated on the account to replace the first value.

Abstract: An electronic device is disclosed, including a sensor module configured to recognize boarding and alighting of a passenger from the vehicle, a network interface configured to communicate with a mobile device disposed in the vehicle, a memory, storing a program including one or more instructions, and a processor. The processor implements a method, including: detecting alighting of the passenger using the sensor module, or when a mobile device disconnects from the network interface, determining, by the processor, a deletion level for data related to personal information of a passenger, the deletion level based on a use history information of the passenger, including a latest use time and a use frequency, and deleting the data from the memory according to the determined deletion level.

Abstract: Systems, methods, and non-transitory computer-readable media can generate a natural language model that provides user-entity differential privacy. For example, in one or more embodiments, a system samples sensitive data points from a natural language dataset. Using the sampled sensitive data points, the system determines gradient values corresponding to the natural language model. Further, the system generates noise for the natural language model. The system generates parameters for the natural language model using the gradient values and the noise, facilitating simultaneous protection of the users and sensitive entities associated with the natural language dataset. In some implementations, the system generates the natural language model through an iterative process (e.g., by iteratively modifying the parameters).

Abstract: In some implementations, a device may train the model to generate embeddings for log files associated with an application, and to enable the model to generate embeddings for sensitive information included in a set of training log files. The device may receive a log file associated with the application. The device may generate a compressed log file including a set of embedding vectors associated with records included in the log file, where a record that includes sensitive information is associated with one or more embedding vectors for the sensitive information and one or more embedding vectors for other information included in the record. The device may store the compressed log file including the set of embedding vectors where a size of the compressed file is less than a size of the log file, and the embedding vectors obfuscate the records included in the log file.