Abstract: A tokenization system receives a request for data anonymization, the request referencing unstructured/semi-structured content containing values of interest. The tokenization system performs a tokenization operation on the unstructured/semi-structured content, generates self-describing tokens for the values of interest, each self-describing token having a preconfigured pattern, an indication of a protection strategy, and a token value, and stores the values of interest in a secure data vault. The tokenization system may receive a request to reveal the self-describing tokens in the unstructured/semi-structured content. In response, the tokenization system searches the anonymized version of the unstructured or semi-structured content for the preconfigured pattern, identifies self-describing tokens, uses the self-describing tokens to retrieve the values of interest from the secure data vault, and produces a detokenized version of the unstructured/semi-structured content containing the values of interest.

Abstract: Proxied multi-factor authentication using credential and authentication management in scalable data networks is described, including initiating a request by an extension to authenticate a browser to access a data network, the request being associated with an address and transmitted over HTTP, receiving at a proxy browser a first message from the data network in response to the request, the first message comprising authentication data, the authentication data being forwarded to a server in data communication with the proxy browser and the browser, sending a second message from the server to the extension, the second message comprising the authentication data, and transferring authentication data to the data network from the browser and the extension in response to an query from the data network.

Abstract: Disclosed herein are embodiments providing coordinated privacy for targeted communications and reporting. In particular, the embodiments provide a source user querying an information system to generally identify target users for a communication campaign. A privacy controller alters a first dataset of a query response by a first alteration quantity for transmission to the source user. The source user then generally identifies target users within the first dataset for development of a communication campaign of targeted communications directed to the target users. Subsequently, a reporting system generates a report with a second dataset detailing viewership by target users. The privacy controller alters a second dataset of a report by a second alteration quantity for transmission to the source user. The second alteration quantity is based on the first alteration quantity.

Abstract: An automated system tracks digital service providers (DSP) data management agreements, and user behavior, individually and in aggregate, to determine potential changes for a personal/corporate privacy charter. The personal/corporate privacy charter is thus dynamically adaptable to permit users to continue to engage seamlessly in accordance with user/corporate target goals with digital service providers (DSPs) and similar entities.

Abstract: Multiple types of tokens can be generated and utilized in a highly structured document with freeform text. For example, a tokenization system may receive a request for tokenizing a document with a first portion having structured content and a second portion having unstructured or semi-structured content. In response, the tokenization system identifies sensitive information in the first portion of the document, generates format-preserving tokens for the sensitive information in the first portion of the document, identifies sensitive information in the second portion of the document, and generates self-describing tokens for the sensitive information in the second portion of the document. The self-describing tokens reference the sensitive information in the first portion of the document. The tokenization system may then communicate the format-preserving tokens and the self-describing tokens to the first client computing system or to a second client computing system.

Abstract: A blockchain network includes a service sub-network, a consensus sub-network, and a routing layer configured to isolate the service sub-network from the consensus sub-network. A data processing method in the blockchain network includes: receiving a data processing request transmitted by a service node in the service sub-network; performing identity verification on the service node according to the data processing request; obtaining a running load of each consensus node in the consensus sub-network when the verification succeeds; determining, from the consensus sub-network according to the running load, a target consensus node configured to process the data processing request; and forwarding the data processing request to the target consensus node, and performing corresponding data processing on the data processing request by using the target consensus node.

Abstract: Systems, methods, apparatuses, and computer program products directed to next generation (e.g., 5G systems) key set identifier(s) are provided. One method includes requesting, by a network node, authentication of a user equipment with an authentication server, receiving a master key and authentication parameters/vectors from the authentication server when authorization is successful, and verifying validity of the authentication request. When the verification is successful, the method may further include instantiating a security context for the user equipment and assigning a security context identifier for next generation system security context to the user equipment, and then sending a security mode command message to instruct the user equipment to instantiate security context using the security context identifier.

Abstract: The present invention provides a method for packet processing according to a access control list table, comprising: receiving a packet, wherein the packet includes a packet information and match items for matching; providing an access control list (ACL) codeword table; providing a mask table, wherein the ACL codeword table corresponds to the mask table; obtaining a hash key by performing a multiplexing logic operation, wherein the hash key is made by combining a multiplex result of the packet information and the mask table; obtaining a hash value by performing a hash function based on the hash key, wherein the hash value is composed of X+Y, wherein X is a signature table (hash table) index and Y is a key digest; performing a hash table indexing, based on the signature table index, wherein the signature table index is the index to an address of signature table; performing a fast pattern match, wherein the signature table contains signature fields, and if any second signature field in the signature table is mat

Abstract: A subscription system and method of facilitating permission-based access to a subset of vehicle sensor data in a vehicle electronic control unit (ECU) to augment an information application. The system includes a vehicle subscription server. The method includes generating, by the vehicle subscription server, a sensor key and a subscription key, installing in a memory of the vehicle ECU the vehicle sensor key. In response to a request for a subscription by a mobile device, transmitting by the vehicle subscription server the subscription key. The vehicle ECU uses the subscription key to authenticate the mobile device as having a current subscription, and augments the information application with the subset of vehicle sensor data accessed based on the sensor subscription key.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

Abstract: A key generation method includes a user plane network function and a terminal device obtain key update information sent by each other. The user plane network function updates, by using the obtained key update information, a sub-key derived from a permanent key, to obtain a new protection key. The terminal device updates, by using the obtained key update information, a sub-key derived from the permanent key, to obtain a new protection key. The terminal device and the user plane network function perform, by using the new protection key, security protection on user plane data transmitted between the terminal device and the user plane network function.

Abstract: A system described herein provide for the secure maintaining and providing of information, such as public keys used in Public Key Infrastructure (“PKI”) techniques or other techniques, using a secure distributed ledger (e.g., “blockchain”) system. A blockchain system may be utilized in lieu of a key escrow system in the exchange and/or providing of public keys in a Diffie-Hellman key exchange technique or other type of technique in which public keys are provided from one entity to another. A first entity may generate an asymmetric key pair that includes a public key and a private key, and may provide the public key to a blockchain system for retrieval by one or more other entities. For example, the entities may be engaged in a secure messaging session, in which messages are encrypted and may be decrypted using one or more keys, including the public key.

Abstract: This disclosure relates to preserving the privacy of users and preventing access to information of other entities. In one aspect, a method includes receiving, from a client device, a content request including request signals specifying user group identifiers that each identify a user group that includes a user of the client device. One or more user group identifiers that satisfy a first k-anonymity process are identified. Selection parameter elements that each include data indicating a respective digital component and a selection parameter for the respective digital component are received from one or more first content platforms. At least a portion of the selection parameters and, for each selection parameter, data identifying the first content platform from which the selection parameter was received are transmitted to a second content platform. Data specifying a given first content platform selected based on the selection parameters is received from the second content platform.

Abstract: There is provided a computer-implemented method of applying a first function to each data element in a first data set, the method comprising (i) determining whether each data element in the first data set satisfies a criterion, wherein the criterion is satisfied only if the result of applying the first function to the data element is equal to the result of applying a second first data set satisfies a criterion function to the data element; (ii) forming a compressed data set comprising the data elements in the first data set that do not satisfy the criterion; (iii) applying the first function to 10 each data element in the compressed data set; and (iv) forming an output based on the results of step (iii); wherein steps (i)-(iv) are performed using multiparty computation, MPC, techniques. A corresponding system and worker node are also provided.

Abstract: A corporate information technology (IT) network can protect sensitive data sent to computers located outside of the IT network. For example, a customer of a company may control who can access his or her sensitive personal information by identifying his or her access preference included in an access control list, where the access preference describes a level of access that at least one remote employee or person may have to the customer's sensitive personal information. A data protection server may containerize the sensitive personal information and the access control list of the person in a data protection container. If a remote employee or a person requests access the customer's sensitive personal information, the data protection server may perform data protection related operations to provide the sensitive personal information to the remote employee or person.

Abstract: A client computer may split a process into sub-processes, send each sub-processes to a different group of peers in a blockchain network, wherein each group has at least one peer from each essential organization in the blockchain network, receive processed sub-transactions from the peers in the blockchain network, validate each sub-transaction, and validate the transaction based on the validation of all sub-transactions, wherein all sub-transaction must be valid for the transaction to be valid.

Abstract: An information handling system includes a provisioning server and a server. The server includes a baseboard management controller (BMC) to determine a first hardware inventory profile for the server. The BMC provides the first hardware inventory profile to the provisioning server. The BMC stores first signed provisioning configuration content that is based on a first ownership certificate for a first owner of the server. The BMC determines a second hardware inventory profile for the server, and provides the second hardware inventory profile to the provisioning server. The BMC stores second signed provisioning configuration content that is based on a second ownership certificate for a second owner of the server. In response to an expiration of the second ownership certificate, the BMC removes the second signed provisioning configuration content, compares a current hardware inventory profile to the first hardware inventory profile, and generates a report to indicate any hardware changes.

Abstract: Apparatus and methods for unlocking a communication terminal. The methods may include: at the communication terminal, receiving from eye wear of a user, a radio frequency (“RF”) signal that includes a public code. The methods may include: at the communication terminal, receiving from eye wear a request for text that is encrypted using the public code. The methods may include: responsive to the request, transmitting to the communication terminal encrypted text based on the public code. The methods may include displaying on the communication terminal the encrypted text. The methods may include detecting at the terminal, without displaying a decryption of the encrypted text, a user gesture based on the encrypted text. The methods may include providing to the user a private code corresponding to the public code. The private code may be configured to reside in machine readable memory on the eye wear.

Abstract: Method, devices, programs and system for the realization of an encrypted protocol for the transmission of encrypted data packets, called “Transport Encrypted Protocol” (TEP), intended for communication, characterized by a particular methodology of data encrypted encapsulation according to the blockchain paradigm including the following steps: the establishment of a distributed ledger which generate sender and recipient addresses to establish a communication characterized by the encryption of both the content and the transport channels; the verification of the integrity of the message and the correct correspondence of the address by the receiving node (hash), which decrypts each layer of encapsulation and hence decrypting the message itself; and the submission of an encrypted notification of receipt to the sender node and the subsequent preparation of the receiving node to the next state, either the break in communication or the modification of its status from recipient to sender.

Abstract: A set of measurable encrypted feature vectors can be derived from any biometric data and/or physical or logical user behavioral data, and then using an associated deep neural network (“DNN”) on the output (i.e., biometric feature vector and/or behavioral feature vectors, etc.) an authentication system can determine matches or execute searches on encrypted data. Behavioral or biometric encrypted feature vectors can be stored and/or used in conjunction with respective classifications, or in subsequent comparisons without fear of compromising the original data. In various embodiments, the original behavioral and/or biometric data is discarded responsive to generating the encrypted vectors. In other embodiment, helper networks can be used to filter identification inputs to improve the accuracy of the models that use encrypted inputs for classification.