Abstract: Technology is disclosed for improving user privacy and providing user control over user-activity data collected from personal computing devices (i.e., user devices). User devices may be configured to operate in a private mode that enables a user to control, for example, which aspects of user-activity data are provided to applications and services running on their user device; to obscure or modify aspects of user-activity data so that certain applications and services, which may require this information to operate, may still function, but that the obscured information provided to these applications and services preserves user privacy or no longer may be used to identify the user; or to remove evidence of user-activity data created, monitored, reported, or otherwise collected by or on the user device while the user is operating their user device in the private mode setting.

Abstract: An authentication system, comprising: one or more inputs, for receiving biometric input signals from a user; a routing module, configured to selectively route the biometric input signals from the one or more inputs to one or more of a plurality of components, the plurality of components including a biometric authentication module, for processing the biometric input signals and generating an authentication result; and a security module, for receiving a control instruction for the routing module, determining whether or not the control instruction complies with one or more rules, and controlling the routing module based on the control instruction responsive to a determination that the control instruction complies with the one or more rules.

Abstract: A medical facility environment includes medical devices, single-sign on system devices, and an identity access management system (IAMS). A clinician logs into an electronic medical record system and/or facility workstation, typically at the start of a shift. Successful login opens a valid user session with the IAMS. Thereafter, clinicians having valid user sessions can record, save, and/or transmit patient vital signs by providing, only, a clinician identifier associated with the valid user session.

Abstract: The disclosed computer-implemented method for detecting malicious programmatic clicks directed to view elements displayed on touchscreens may include (1) receiving an indication of a click event directed to a view element of a user interface displayed on a touchscreen of a computing device, (2) determining that the click event was not immediately preceded by a touch event directed to the view element displayed on the touchscreen, (3) classifying, in response to determining that the click event was not immediately preceded by the touch event directed to the view element, the click event as potentially malicious, and (4) performing, in response to classifying the click event as potentially malicious, a security action that prevents performance of an operation requested by the click event. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method, computer program product, and computing system for receiving a shred command from a host on a storage device associated with a main storage copy within a redundant storage system. The shred command with respect to the main storage copy is processed on the storage device associated with the main storage copy.

Abstract: Systems and methods for providing optical communication between a vehicle and an external actor include a system provider device that establishes, through communication over a network with at least one vehicle, the at least one vehicle as a communication proxy. Establishing the at least one vehicle as a communication proxy may include pairing the at least one vehicle with a user device. In various embodiments, the system provider also receives a communication trigger. In response to the communication trigger, the system provider may transmit a modulated optical signal via an illumination source of one of the at least one vehicle and an external actor, to the other of the at least one vehicle and the external actor. The system provider detects, at the other of the at least one vehicle and the external actor, the modulated optical signal and demodulates the transmitted optical signal.

Abstract: A method is provided for generating an encrypted database. The method includes: receiving a plaintext database having plaintext data entries therein; and generating an encrypted database using the plaintext database, the encrypted database including encrypted data entries therein. The encrypted database is configured to support at least one form of conditional query such that the at least one form of conditional query returns a correct encrypted result when the query is computed on the encrypted data entries without the decryption thereof.

Abstract: Aspects of the disclosure provide a technological improvement to a cipher by improving data security of format-preserving encryption (FPE), by, inter alia, embedding specific key identifiers for rotating keys directly into ciphertext. Aspects of the disclosure relate to methods, computer-readable media, and apparatuses for improving data security in a format-preserving encryption (FPE) context by using specific methods of rotating and identifying the appropriate encryption key from among numerous rotating keys stored in a key data store. Specific to FPE, a plaintext of the data and its corresponding ciphertext of the data remain the same in length/size; yet the methods, computer-readable media, and/or apparatuses disclosed herein permit embedding of an identification of a specific key among the plurality of rotating keys for the particular ciphertext without compromising the technical requirements of FPE.

Abstract: A method for signing a message, comprising performing a first Multi-Party Computation (MPC) process by multiple parties to compute a pseudorandom function, an input of the first MPC process comprises shares of a private signing key, each share is held by each party, the message is an input value to the pseudorandom function. The output of the first MPC process comprises multiple pairs of shares, each party holding a pair of shares, wherein each pair comprises a first value used for the MPC signing process and a second verifying value used for verifying correctness of the values provided by the multiple parties for the MPC signing process, and computing the signature on the message by performing an MPC signing protocol on the message, the MPC signing protocol receives as input shares of the output of the pseudorandom function from the multiple parties, and the message to be signed.

Abstract: A system facilitates secure communication between an authorized user device and two or more servers via two or more channels that are associated with the respective servers. For each communication channel, the system receives a device identifier for the authorized user device and links the device identifiers together via another identifier, thereby allowing the system to recognize that the different device identifiers identify the same authorized user device. The system can identify an unauthorized device masquerading as the authorized user device by determining that a communication from the unauthorized device does not include another identifier linking the two or more device identifiers and/or by determining that a device identifier computed during the registration process is different from a linked identifier.

Abstract: A privacy preserving tag and methods for reading the same are disclosed. An authentication and tracking method and system for the privacy preserving tag is also disclosed. The method includes storing information in memory of a tag, receiving a read response at the tag from a reading device, and responding to the read request by generating a response at the tag that includes a combination of a base resource identifier as well as a privacy identifier. The privacy identifier is provided to support privacy characteristics of the tag while enabling establishment of a personalized portal at a remote system.

Abstract: Provided is a method for providing Registration Data Access Protocol (“RDAP”) responses. The method includes obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user; providing, by the RDAP client, the RDAP query and a cryptographic credential to a RDAP server, wherein the RDAP server communicates with one or more thick RDAP servers to provide respective thick RDAP answers to the RDAP query, wherein at least one the respective thick RDAP answers are encrypted using a symmetric or asymmetric cryptographic key associated with the cryptographic credential of the RDAP client; obtaining a consolidated thick RDAP answer to the RDAP query from the RDAP server; decrypting the consolidated thick RDAP answer using a symmetric or asymmetric cryptographic key associated with the cryptographic credential; and providing the thick RDAP answer that is decrypted to the user.

Abstract: This disclosure relates generally to malware detection, and more particularly to system and method for detecting and mitigating ransomware threats. For a User Equipment being monitored, the system performs a behavior analysis of corresponding file system to determine whether any anomalous behavior that would amount to a ransomware threat is associated with flies associated with the file system change, if present, then the system virtualizes the file system on the fly. If information pertaining to the identified anomalous behavior is present in any of the reference databases in the system, then all the I/O calls are terminated or the file system is virtualized for rest of the session. If data pertaining to the identified anomalous behavior is not found in any of the associated databases, then new behavioral features and structural patterns of the identified anomalous behavior and the associated processes are extracted, and the reference databases are updated accordingly.

Abstract: A facility for reporting on original values on behalf of each of a plurality of users—each falling within a domain partitioned into a plurality of segments of uniform size—is provided. For each of the plurality of users, the facility (a) randomly selects an upward-rounding window size that is smaller than the segment size; (b) for each source value in a domain, randomly determines a mapping of each segment of the domain to a segment identifier value; (c) determines an original value for the user; (d) adds the upward-rounding window size to the user's original value to obtain a window-augmented original value; (e) identifies a segment containing the window-augmented original value; (f) identifies a segment identifier value mapped-to from the identified segment using the determined mapping; and (g) transmits a reporting communication on the user's behalf reporting a value based on the identified segment identifier value.

Abstract: Disclosed is a system for attaching a plurality of external connectors to an electronic device including a docking station, a first plug on the docking station positioned to interface with a first port on the electronic device, a second plug on the docking station positioned to interface with a second port on the electronic device, a first audio device in the docking station, a second audio device in the docking station, and a selector to selectively enable one of the first audio device and second audio device.

Abstract: A policy is incorporated into a first set of policies at least in part by generating a second set of policies corresponding to the policy. An index of the first set of policies is generated based at least in part on a policy element of a normal form. Based at least in part on the index, a subset of the first set of policies that is relevant to at least one of a plurality of policy enforcement components is identified and provided to at least one of the plurality of policy enforcement components of a virtual resource provider identified as relevant. A request subject to the policy is received, and the policy is enforced at least in part by evaluating the request with respect to the subset of the first set of policies.

Abstract: In various example embodiments, a system and method for causing the performance of a complementary activity on a secondary device that is complementary to a device activity performed on a primary user device are presented. In an example embodiment, a device activity, being performed by a primary user device is detected. A secondary user device capable of performing a complementary activity corresponding to the device activity is identified. Instructions are generated for the secondary user device to perform the complementary activity based on the complementary activity including an activity component that utilizes a functionality of the secondary user device not available on the primary user device, wherein the functionality includes capturing data of a particular data type from a sensor. The instructions to perform the complementary activity are transmitted to the secondary user device.

Abstract: In one embodiment, a method includes: receiving, by a first computing device on a first port of a plurality of ports, a data packet, wherein each of the ports corresponds to one of a plurality of security classes, and the first computing device comprises a plurality of cryptographic modules, each module configured to encrypt data for a respective one of the security classes; tagging the data packet, wherein tagging data identifies one of the security classes and the first port; routing, based on at least one header, the data packet to a first cryptographic module of the plurality of cryptographic modules; encrypting the data packet using the first cryptographic module; and storing the encrypted data packet in a first data storage device.

Abstract: Methods, systems, and apparatus, including computer-readable medium storing executable instructions, for credential management using wearable devices. In some implementations, an authentication request for a user is received. It is determined that a wearable device previously associated with the user is in proximity to the electronic device. In response to determining that the wearable device associated with the user is in proximity to the electronic device, a notification is sent to the wearable device for output by the wearable device. Approval data is received indicating user interaction with the wearable device approving authentication in response to the notification. Data indicating approval of the authentication request is provided in response to receiving the approval data from the wearable device.

Abstract: A network of storage units has a data path, which is at least a portion of the network. The network also has a dynamic time-varying or cycle-varying code generation unit and a code comparator unit that together make up an unlock signal generation unit; and a gateway storage unit. If the gateway storage unit does not store an unlock signal or the unlock signal generation unit does not generate and transmit an unlock signal, the gateway storage unit does not insert a data path segment in the data path. If the unlock signal generation unit is operated such that it generates an unlock signal, and it transmits that unlock signal to a gateway storage unit, and the gateway storage unit stores the unlock signal value, then the gateway storage unit inserts a data path segment into the data path.