Abstract: A secret share value [q] of a quotient q of a/p is obtained through secure computation using a secret share value [a] and a modulus p and [a/d0]=[(a+qp)/d0]?[q]p/d0, . . . , [a/dn?1]=[(a+qp)/dn?1]?[q]p/dn?1 are obtained and output through secure computation using secret share values [a] and [q], divisors d0, . . . , dn?1, and a modulus p. Here, [?] is a secret share value of ?, a is a real number, n is an integer equal to or greater than 2, d0, . . . , dn?1 are divisors of real numbers, p is a modulus of a positive integer, and q is a quotient of a positive integer.

Abstract: A user makes a request from a requesting device for access to a secure operation associated with a network-based service. A first biometric authentication is processed for the request and at least one second scope-based authentication is processed for the request based on an analysis of a physical environment for the requesting device. A determination is made based on at least the first biometric authentication and the scope-based authentication whether the secure operation can be: processed on behalf of the user by the network-based service, not processed at all, or processed only if requested from a specific medium/channel associated with a specific device, which may or may not be the requesting device.

Abstract: Methods for identifying potentially sensitive information and protecting such potentially sensitive information include scanning systems that collect and/or disseminate such information. Without limitation, systems collect and/or disseminate personal identification numbers (e.g., personal identification numbers, tax identification numbers, etc.), such as merchant systems, bank systems, healthcare systems, and the like, that collect, use, or disseminate sensitive information may be scanned to identify sequences of data that are likely to be sensitive, and may take actions to protect such sequences of data. Scanning and protection systems are also disclosed.

Abstract: An example apparatus includes target signal generator circuitry to generate a target signal having a first center frequency and a bandwidth. The example apparatus additionally includes companion signal generator circuitry to generate a companion signal having a second center frequency that is less than (a) the first center frequency adjusted by a first threshold and greater than (b) the first center frequency adjusted by a second threshold, the first threshold being a first multiple of the bandwidth, the second threshold being a second multiple of the bandwidth, the first multiple different than the second multiple. In some examples, the example apparatus includes adder circuitry to combine the target signal and the companion signal to form a composite signal. Additionally, the example apparatus includes transmitter circuitry to transmit the composite signal to a target device.

Abstract: A system, method, and computer program product are provided for consent management. A method may include receiving a first data request for user data associated with a user, the user data stored in a user data database; communicating a consent request to the requester system; receiving a consent response from the requester system; storing consent data associated with the consent response for the user data requested in the first data request in an immutable ledger; receiving a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database; verifying the consent verification request based on the consent data; and communicating a consent verification response to the user data database, the consent verification response indicating consent from the user to share the user data with the requester system.

Abstract: In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.

Abstract: The disclosure is directed towards the real-time detection and mitigation of security threats to a domain name system (DNS) for a communication network. A graph-theoretic method is applied to detect compromised DNS assets (e.g., DNS servers and web servers that DNS servers map domain names to). A graph is generated from domain name resolution (DNR) transactions. The nodes of the graph represent the DNS assets and edges between the nodes represent the DNR transactions. The graph is analyzed to detect features that signal compromised assets. The detection of such features serves to act as a binary classifier for the represented assets. The binary classifier acts to classify each node as non-compromised or compromised. The analysis is guided by supervised and/or unsupervised machine learning methods. Once the assets are classified, DNR transactions are analyzed in real-time. If the transaction involves a compromised asset, an intervention is performed that mitigates the threat.

Abstract: A method for evaluating the risk of data leakage in an application includes the steps of: extracting a DEX (Dalvik Executable) file and a so (Shared Object) file by decompressing an APK file of a mobile application; extracting DEX code information from the DEX file by parsing the DEX file; translating a content of the so file into IR (Intermediate Representation); extracting IR code information from the translated IR; generating a call-reference structure between the DEX file and the so file by processing the extracted DEX code information and the extracted IR code information; and outputting weakness information according to a risk designated in advance based on the generated call-reference structure. Accordingly, it is possible to extend the call-reference coverage of an android application.

Abstract: An electronic device performs techniques related to implementing biometric authentication, including providing user interfaces for: providing indications of error conditions during biometric authentication, providing indications about the biometric sensor during biometric authentication, orienting the device to enroll a biometric feature, and providing an indication of the location of the biometric sensor to correct a detected error condition.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: This application provides a method for issuing a digital certificate performed by a digital certificate issuing center that includes a public-private key generation module and an authentication module. The method includes: receiving a public-private key request from a node in a blockchain network; generating a public key and a private key of the node by using the public-private key generation module, and transmitting the public and private keys to the node; receiving the public key of the node and registration information of the node, and authenticating the registration information by using the authentication module; and generating, in accordance with a determination that the authentication succeeds, a digital certificate of the node by using the authentication module, and transmitting the digital certificate to the node. The embodiments of this application can improve the probative value of an issued digital certificate, thereby improving the security of data exchange in a blockchain network.

Abstract: A method performed at a first electronic device includes: (i) storing a privacy table that comprises random numbers at the first electronic device, (ii) transmitting the privacy table to a second electronic device over an encrypted channel, (iii) receiving a first message for transmission to the second electronic device, (iv) generating a map based on the privacy table, (v) generating a primary key based on the map and the privacy table, and (vi) encrypting the first message using the primary key to form an encrypted first message. The method also includes (vii) transmitting the map and the encrypted first message to the second electronic device, thereby enabling the second electronic device to decrypt the encrypted first message by recreating the primary key based on the map and the privacy table and decrypting the encrypted first message using the recreated primary key.

Abstract: In some implementations, a terminal device may receive, from a mobile device associated with a user, first information identifying a first facial depth map of the user generated by the mobile device. The terminal device may generate a second facial depth map of the user. The first facial depth map may be generated before the second facial depth map. The terminal device may determine whether the user is authenticated to perform an exchange based on whether the first information identifying the first facial depth map corresponds to second information identifying the second facial depth map. The terminal device may transmit, to the mobile device and based on determining that the user is authenticated, a message indicating that the user is authenticated. The terminal device may receive, from the mobile device, exchange information identifying a credential for performing the exchange.

Abstract: Described is a secure, electronic, submission process providing and enabling applicants to initiate requests to desirous requestors seeking such submissions based on authenticated and trusted identities and/or credentials or which could be authenticated securely through other defined processes. SafeCase is an innovative process for convenience, ease and security in application submissions for anyone and everyone through an electronic interface that has been built innovatively on the strong foundations of Identity Management, giving irrevocable and irrefutable trust on the Identity and/or credentials and/or the purpose that an applicant is applying for or wishes to achieve. SafeCase is an end-to-end secure and transparent interface, wherein the applicant (i.e. the Candidate) utilizes his/her Authenticated Credential(s) or Identity(ies) to submit an application. The applicant remains updated in real time on the status of the submitted application till its final disposal.

Abstract: Disclosed is a multi-signature security account control system. The present invention comprises a multi-signature security account in which at least three participating accounts have management authority, wherein the participating accounts are a first participating account corresponding to a user terminal, a second participating account corresponding to an HSM management server, and a third participating account corresponding to an exchange server, and the HSM management server may control the authority of the multi-signature security account to be controlled by using signature information provided from at least two of the participating accounts.

Abstract: Intelligent impedance injection modules (IIM)s are currently being used for line balancing and overcoming local disturbances on High Voltage (HV) transmission lines of an HV power grid. These distributed IIMs are connected and/or coupled to the HV transmission lines and operate with a pseudo ground at the voltage of the HV transmission line. In order to operate effectively, the IIMs need to communicate with other distributed IIMs across the three phases of the HV grid and also communicate with local intelligent centers LINCs that connect to and synchronize operations across each group of the distributed IIMs in a local region of the HV power grid. Systems and methods are presented for effective and secure sub-cyclic speed communication to and from the distributed IIMs, distributed IIMs to LINCs and substations to enable coordinated actions. Further the distributed IIMs and LINCs receive GPS signals and use the GPS clock for synchronizing operations.

Abstract: Aspects of the present disclosure address systems, methods, and devices for enabling secure communication between electronic control units (ECUs) in a vehicle. The system may include a first and second ECU from a plurality of ECUs in the vehicle. The first ECU is to enable secure communication between the plurality of ECUs by performing operations that include provisioning the second ECU with authentication data for authenticating messages exchanged with a third ECU and provisioning the third ECU with a set of security keys to enable the third ECU to securely exchange messages with the second ECU. The second ECU receives, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU, and the second ECU authenticates the secure message by comparing the authentication data with an authentication signal.

Abstract: A method for preventing a hardware wallet from being maliciously paired, comprising: a hardware wallet waiting to receive a connection request; when a connection request is received, determining whether a first terminal sending the connection request has been paired and connected; if so, waiting to receive an instruction of the first terminal; and when receiving a pairing transfer instruction sent by the first terminal, clearing terminal information stored in a whitelist of the hardware wallet. By means of the present technical solution, a hardware wallet can achieve pairing transfer only by means of the authorization of a previously paired terminal, thereby improving the security of the hardware wallet.

Abstract: A communication apparatus accepts an input of a passphrase by a user operation, sets an authentication scheme based on a passphrase length of the passphrase, and performs wireless connection with a partner apparatus using the set authentication scheme, wherein (i) in a case where the passphrase length is within a predetermined range, an authentication scheme of any of WPA (Wi-Fi Protected Access), WPA2, and WPA3, or a combination of at least two of WPA, WPA2, or WPA3, is set, and (ii) otherwise, an authentication scheme of WPA3 is set.

Abstract: A computing device includes a system that authenticates a user of the computing device. A first sensor obtains a first representation of a physical characteristic of the user that is compared to a registered representation of the physical characteristic of the user. A first level of access to the computing device is enabled based on the first representation of the physical characteristic matching the second representation of the physical characteristic. A second sensor obtains a first representation of a liveness characteristic of the user that indicates that the user is alive. The first representation of the liveness characteristic is compared to a registered representation of the liveness characteristic of the user. A second level of access to the computing device is enabled based on the first representation of the liveness characteristic of the user matching the second representation of the liveness characteristic of the user.