Abstract: Automated classification of sensitive data in a database, which includes: Retrieving a catalog of a database. Sampling record values from at least some of the columns. Generating a map of probable associations between different columns of tables of the database. Applying a machine learning classifier to the sampled record values, to classify the columns of the sampled records into multiple data classes, some being sensitive data classes. Classifying columns of non-sampled record values according to the classification of the sampled record values, based on the map. Searching all objects of the database for existence of record values of the classified columns, to output value and field name pairs. Scoring the pairs according to a measure of their repetitiveness in the output. Increasing the score of the pairs whose field names are similar. Based on the scores, indicating which fields of the database are likely to include sensitive data.

Abstract: The present disclosure provides an identity recognition method, including: receiving registration information of a first user; binding a first login password to a first account corresponding to a post; receiving a login request sent by a user terminal; and responding to the login request, and sending data information of the first account binding with a first login password to the user terminal, to make the user terminal display the data information. The present disclosure further provides an identity recognition apparatus, system and a server. According to the identity recognition method, apparatus, system and the server, an account is set to have a corresponding relationship with a post, thus a successor of the post can browse historical-data information of the account corresponding to the post through the login password. Thusly, the user experience is good.

Abstract: A method for transmitting messages on a communications network on board a vehicle between a requesting entity requesting a service instance and an offering entity offering a service instance using a Service Oriented MiddlewarE over Internet Protocol (SOME/IP) communication protocol is provided.

Abstract: Implementations include receiving a user provided example value of personally identifiable information (PII). Occurrences of the received example value are automatically identified in a dataset of events, wherein each occurrence is identified in a portion of raw machine data of a respective event of the events. For each occurrence of the identified occurrences, an extraction rule is generated, which defines a pattern of the occurrence of the example value and is executable to identify PII values in portions of raw machine data of the events using the pattern. Values of the PII are identified in a set of events using a set of extraction rules comprising the extraction rule of a plurality of the occurrences.

Abstract: An example operation may include one or more of establishing a communication channel between a sending system and a receiving system, executing an oblivious transfer protocol between the sending system and the receiving system via the established communication channel, wherein the oblivious transfer protocol provides the receiving system with a functional encryption key based on a data vector of the receiving system without the sending system learning the data vector, committing to the functional encryption key using a cryptographic commitment and signing the functional encryption key commitment with a digital key of the receiving system, and storing the signed functional encryption key commitment to a blockchain.

Abstract: Systems and methods providing access control and data privacy/security with decentralized ledger technology are disclosed. To ensure data privacy the decryption or access to data by a non-data owner requires joint orchestration of decentralized system nodes to provide partial decryption components with n-of-x required to fulfill request. Data can be encrypted, and access control policy can be decided including required number of key fragments to fulfill decryption. Access control policies can be stored in the decentralized ledger based system. Key information can be stored in the system in a decentralized manner with partial key fragments encrypted and split among system nodes. An access request can be sent to the system to fetch a data file, without disclosing the requester's identity in the system. The decentralized ledger based system can verify a legitimate request to access the data and denies access to malicious or faulty participants.

Abstract: In an anti-fraud control system, a first error monitoring device includes a first frame transmitting and receiving unit that receives a frame flowing on the on-board network; and a first error detector that causes transmission of an error notification frame for notifying of an occurrence of an error in the frame when detecting the occurrence of the error in the frame received by the first frame transmitting and receiving unit. Each of second error monitoring devices includes: a second frame transmitting and receiving unit that receives the error notification frame; and a second error detector that regards, as a frame to be invalidated, the frame subjected to the error and included in the received error notification frame, and shifts the second error monitoring device to an invalidation mode for invalidating reception of subsequent frames, if no error is detected in an own branch with respect to the frame.

Abstract: In various example embodiments, a system and method for data mesh-based environmental augmentation are presented. Attribute data associated with a user may be received from a plurality of attribute sources. A portion of the attribute data may include real-time data. A portion of the real-time data indicative of an identity of the user may be identified. The identity of the user may be authenticated with respect to the real-time data by analyzing the identified portion of the real-time data. Based on the authentication of the identity of the user, a user activity being performed by the user may be identified based on the real-time data, and the user activity may be augmented according to a user setting.

Abstract: Systems and methods are provided for cloud controlled secure Bluetooth pairing for network device management. A method for a mobile device includes sending a Bluetooth pairing request to a network device that cannot connect to a network, wherein the network device responds to the Bluetooth pairing request by sending a challenge token; responsive to receiving the challenge token from the network device, sending the challenge token to a server, wherein the server responds to the challenge token by sending a response token, wherein the response token comprises a secure Bluetooth pairing key; and responsive to receiving the response token from the server, establishing a secure Bluetooth connection with the network device, comprising pairing with the network device using the secure pairing key.

Abstract: A device implementing a system to associate a user account with a content output device includes at least one processor configured to receive an invitation to access content associated with a first user account on another device associated with a second user account, the other device being connected to a local area network. The at least one processor is further configured to send, to a server, a request for authorization to access the content associated with the first user account on the other device associated with the second user account, the request comprising information included with the invitation, and to receive, from the server, the authorization to access the content. The at least one processor is further configured to access, based at least in part on the authorization, the content associated with the first user account on the other device associated with the second user account.

Abstract: In order to provide sensitive vehicle data of a first vehicle as anonymously as possible, the present disclosure relates to a method for the anonymized provision of the data of the first vehicle for a vehicle-external server device. According to a defined or definable condition, a decision is made between transmitting the data directly to the vehicle-external server device or transmitting the data to the vehicle-external server device via a second vehicle, which has a communication connection to the first vehicle. The data are then transmitted according to the decision. In n-hop anonymization, the data can be forwarded via an arbitrary number of vehicles as intermediaries or intermediate stations.

Abstract: Cryptocurrency based malware and ransomware detection systems and methods are disclosed herein. An example method includes analyzing a plurality of malware or ransomware attacks to determine cryptocurrency payment address of malware or ransomware attacks, building a malware or ransomware attack database with the cryptocurrency payment addresses of the plurality of malware or ransomware attacks, identifying a proposed cryptocurrency transaction that includes an address that is included in the malware or ransomware attack database, and denying the proposed cryptocurrency transaction.

Abstract: In accordance with the first aspect of the present disclosure, an ultra-wideband communication node is provided, comprising: an ultra-wideband communication unit configured to transmit one or more ultra-wideband frames to an external device; a processing unit configured to determine scrambled timestamp sequences for said ultra-wideband frames; wherein the processing unit is further configured to determine designated time slots, within which said scrambled timestamp sequences are to be received by said external device.

Abstract: There is provided a computerized method of secure communication between a source computer and a destination computer, the method performed by an inspection computer and comprising: receiving data sent by the source computer to the destination computer; inspecting the received data using one or more filtering mechanisms, giving rise to one or more inspection results; separately signing each of the one or more inspection results; determining, based on an inspection management policy, whether to send at least some of the inspection results and/or derivatives thereof for manual inspection; upon a positive determination, providing manual inspection of the at least some inspection results and/or derivatives thereof, and providing signing of the at least one manual inspection result; and analyzing signed inspection results and performing additional verification of the signed inspection results when a result of the analyzing meets a predefined criterion specified by the inspection management policy.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to encrypt media for identification. An example apparatus includes a mesh generation controller to generate a mesh based on an encryption matrix; an overlap controller to eliminate overlapping ones of edge connections of the mesh; an edge labelling controller to generate random labels for the edge connections based on a number of remaining ones of the edge connections of the mesh; an encrypted value controller to generate encrypted values based on the random labels; and an encryption controller to encrypt an input matrix with the encrypted values to enable identification of the input matrix.

Abstract: Techniques are disclosed to automate TLS certificate rotation. For example, a certificate rotation event may be detected from a certificate management tool. The certificate rotation event may be associated with a first certificate and may indicate that the first certificate is to be updated with a second certificate. An application server that is running on a host and to which the first certificate is bound may be identified. A certificate identifier for the second certificate may be provided to one or more agents running on the host. A distribution service may obtain certificate information, e.g., a public key, a private key, or a certificate identifier for the second certificate, from the certificate rotation tool. Some or all of the certificate information for the second certificate may be obtained by the one or more agents running on the host. The one or more agents may instruct the application server to bind the second certificate.

Abstract: Techniques described herein can be utilized to implement a protocol for performing an unbiased selection of a particular worker node among a plurality of worker nodes to execute a computational task. Nodes of a distributed network may register to join a group membership by generating quantities derived at least in part from a hierarchical data structure, such as an accumulation tree, whose parameters are defined by a manager node. The manager node may utilise the quantities provided by the plurality of worker nodes to perform an unbiased selection of a worker node from among the plurality of worker nodes to perform a computational task. The invention is particularly suited, but not limited to, for use in a blockchain network such as Bitcoin. In at least some cases, the manager node cannot determine, based on quantities supplied by the worker nodes, whether a particular worker node was selected to perform the computational task.

Abstract: Embodiments disclosed herein relate to allowing unauthenticated UEs to gain restricted access to an operator network to access network access subscription service. Once the unauthenticated UE successfully downloads a subscription profile for accessing the operator network, the unauthenticated UE can disconnect and can, thereafter, authenticate to the operator network using the subscription profile. Embodiments disclosed herein can perform one-way authentication to the operator network for obtaining a limited connectivity to reduce DoS attacks on the operator network. More specifically, these embodiments can support unauthenticated UEs to allow unauthenticated UEs to access the operator network for RLOS while minimizing DoS attack.

Abstract: A method including obtaining, by a key management computer, a key rotation period based on at least an adversarial storage limit. The key management computer can then generate a first cryptographic key. The key management computer can then generate a second cryptographic key to replace the first cryptographic key according to the key rotation period.

Abstract: A technique provides access to content within a computing environment. The technique involves identifying a network address to a resource which is currently blocked from being accessed via the network address due to operation of a content filter. The technique further involves, based on previously accessed content, modifying the operation of the content filter to unblock access to the resource via the network address. The technique further involves, after the operation of the content filter is modified to unblock access to the resource via the network address, permitting access to the resource via the network address.