Abstract: Methods and systems of data de-tokenization are described herein to provide solutions to utilizing tokenized data files. A de-tokenization service controller may extract instances of tokenized data by determining a schema associated with a tokenized file, wherein the schema identifies which fields contain tokenized data. A decryption system may decrypt the tokens and send decrypted sensitive values to the de-tokenization service controller. The de-tokenization service controller may then generate a de-tokenized data file comprising a plurality of records corresponding to the plurality of original tokenized records, using the decrypted sensitive values in place of the instances of tokenized data. In some embodiments, the methods may further comprise generating a validated file by adding one or more fields indicating the results of validation based on a set of validation rules.

Abstract: A method at a first domain for obtaining at least one insight from a second domain, the method including registering an application with an anchor in the first domain; providing, from the anchor to the application, a first message signed by the anchor; sending, from the first domain to a network domain, the signed message; receiving, from the network domain, at least one signed token, each of the at least one signed token being for a synthetic sensor on the second domain, where the synthetic sensor provides an insight; sending a request message to the second domain, the request message requesting the insight and including the at least one token; and receiving the insight from a synthetic sensor associated with the at least one token.

Abstract: A system protects personally identifiable information (PII) by implementing an unconventional key management scheme. In this scheme, the system uses a set of keys rather than an individual key for encrypting PII. Different portions of the PII are encrypted using different keys from the set of keys. In this manner, even if a malicious user were to access a key, that key would not give the malicious user the ability to decrypt all of the PII. Additionally, the system generates a new set of keys periodically (e.g., once a month). The system also deletes sets of keys that are too old (e.g., six months old). As a result, even if a malicious user were to access a key, the usefulness of that key would be time limited.

Abstract: Systems and methods are provided for persistent login. Such persistent login may be based on linking user identity across accounts of different entities to allow each entity to maintain control over their respective sets of user data, while providing a streamlined user experience that avoids much of the repetitive need to login to different services with different login credentials (e.g., during periods of heavy use). Such persistent login may utilize a set of tokens issued and exchanged between devices of the partnering entities. Such tokens may include an access token, refresh token, and identity token. When a user associated with a first entity requests access to information secured by a second entity, such request may be associated with the access token. If the access token is determined to be expired, the refresh token may be used to refresh the access token, which may also trigger issuance of a new refresh token.

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.

Abstract: A method by a management node for managing a device operable to join a network includes receiving from the device a request to join the network, the request including a device specific parameter and a token, and generating an authentication parameter from the device specific parameters and the token. The method further includes authorising the device to join the network if the authentication parameter fulfils a validity criterion. Generating an authentication parameter from the device specific parameters and the token includes generating an input including the device specific parameters and the token, computing a cryptographic function of the generated input, and setting an output of the cryptographic function as the authentication parameter. Also disclosed are a method for operating a device, a management node, a device and a computer program.

Abstract: A communication terminal includes a memory in which identification information associated with a user is stored, a controller that carries out authentication of the user, and a communication interface that transmits a signal including the identification information. When user authentication is successful, the controller sets the communication terminal to a first state in which the signal is transmitted to an external apparatus, and when user authentication is not successful, the controller sets the communication terminal to a second state in which the signal is not transmitted to the external apparatus.

Abstract: Systems and methods for providing decentralized tokenization with mapping data devoid of sensitive data. A node receives a set of index-key pairs generated by a randomization service external to the node. Each index-key pair in the set of index-key pairs defines a particular index value mapped to a particular random key value. The node creates a mapping structure using the set of index-key pairs. Data-in-transit comprising sensitive data is received. A tokenization service of the node generates a token for the sensitive data using the mapping structure.

Abstract: A self-service lender portal provides lenders with a suite of tools for interacting with a multi-lender architecture configured to provide loan applicants with automated pre-qualification and eligibility evaluation for multiple candidate lenders. The lender portal provides lenders with an interface for uploading rule sets defining lending and eligibility criteria, downloading operational data generated from processing loan applicant information, generating and managing security keys for encryption and decryption of sensitive data, and managing access policies for providing single sign-on by interfacing with the lender's own identity management systems.

Abstract: Some embodiments are directed to a container builder (110) for building a container image for providing an individualized network service based on sensitive data (122) in a database (121). The container builder (110) retrieves the sensitive data (122) from the database (121), builds the container image (140), and provides it for deployment to a cloud service provider (111). The container image (140) comprises the sensitive data (122) and instructions that, when deployed as a container, cause the container to provide the individualized network service based on the sensitive data (122) comprised in the container image (140).

Abstract: A system and method is disclosed for a digital identity (DI) management platform. A carbon identification may be generated to include personal information unique to a user. The personal information may be authenticated by an external entity (e.g., governmental agency) to the digital identity management platform. A silicon identification may be generated for multiple devices registered to the user and may include a unique identifier for each device. A digital identity may be generated that links the carbon identification and the silicon identification The digital identity may be stored within a digital wallet accessible on each device by a user profile created and secured using a blockchain process. A request to access the personal information stored within the digital identity may be received and a predefined trust level will determine the amount of personal information to be provided.

Abstract: An authentication system supports multi-factor authentication (MFA) when authenticating the identity of a user. A challenge-response portion of the authentication process is delegated to an MFA device—a secondary device within control of the user, but separate from the primary login device that the user is using when initiating the authentication. Communications between the MFA device and the login device are conducted using a short-range wireless communication protocol (e.g., Bluetooth™ or NFC), so that the two devices must be in close physical proximity to each other.

Abstract: Systems and methods are disclosed for utilizing sender-recipient pair data to establish sender-level trust in future communication. One method comprises receiving raw communication data over a network and testing the received raw communication data against trained machine learning data to predict whether the raw communication data is associated with expected communication data. The raw communication data is sorted for expected communication data, which is further analyzed for sender-recipient pair data and assigned an expected communication pair data score. Senders associated with an expected communication pair data score that meets or exceeds a threshold are labeled and stored in a database as trusted. As a result of the sender-recipient pair analysis, recipients at-risk for being scammed can be identified, senders misidentified as spammers can be properly classified, and machine learning techniques utilized for analyzing raw communication data can be fine-tuned.

Abstract: Embodiments of a device and method are disclosed. In an embodiment, a method of communications involves from a wireless sensor deployed at a customer site, connecting to a wireless access point (AP) deployed at the customer site and based on a private key stored in the wireless sensor, performing mutual authentication between the wireless sensor and an authentication server connected to the wireless AP.

Abstract: Examples of systems and method described herein or generating, in a memory controller and/or memory device, access codes for memory regions of the memory device using authentication logic, and for accessing the memory device using the access codes. For example, a memory controller and/or a coupled memory device may generate access codes that a host computing device may include in a memory access request to access one or more memory regions of the memory device. Data read or written at the memory device may in some examples only be accessed in accordance with the access codes for memory regions of the memory device. Accordingly, the systems and methods described herein may provide security for specific memory regions of a memory device because the access code are updated periodically (e.g., based on obtained reset indication) or in accordance with an updated count value from a counter.

Abstract: A non-transitory computer readable medium includes instructions that, when executed by processing circuitry, are configured to cause the processing circuitry to operate in a recovery mode after initiating a startup operation, transmit a data frame to a device of an electric power delivery system during the recovery mode, the data frame indicating a request for a security association key (SAK), receive the SAK from the device in response to transmitting the data frame, and use the SAK to communicate data via a media access control security (MACsec) communication link.

Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.

Abstract: A method includes operating a mobile device to establish a communications channel between the mobile device and a shared computing terminal. The shared computing terminal is accessible to a plurality of users other than a user of the mobile device. In response to authentication of the user of the mobile device with a remote computing device, the mobile device receives a code from the remote computing device. The mobile device provides the code to the shared computing terminal via the communications channel to enable the shared computing terminal to request a temporary access token from the remote computing device. The temporary access token is used by the shared computing terminal to launch a computing session with the remote computing device without transfer of a long-lived access token of the user from the mobile device to the shared computing terminal.

Abstract: Present systems and methods provide ways to provide access services to connecting wireless devices particularly for (but not limited to) neutral host networks. Steps include executing authentication between a connecting wireless device and a service provider, receiving an address of a remote gateway from the service provider, and providing access service for the wireless device including forwarding data received from the wireless device to the indicated remote gateway address in forwarding wireless device associated data received from the remote gateway address to the wireless device. Other ways are also disclosed.

Abstract: A base key that is stored at a device may be received. A network identification may further be received. A device identification key may be generated based on a combination of the network identification and the base key. Furthermore, the device identification key may be used to authenticate the device with a network that corresponds to the network identification.