Abstract: A privacy-preserving analysis system that provides functionality to analyze disparate data sets (and identify correlations) while making individual re-identification prohibitively difficult (even through repeated analysis). The system creates a large proxy data set by oversampling the underlying data and randomly masking a predictable number of fields in the proxy data sets to create sufficient uncertainty in the analysis results. The system may also use a distributed encryption process, secure communications, and secure multiparty computing to prevent personally-identifying information in remotely-stored underlying data from being determined. In the distributed encryption process, each of a plurality of distributed computing devices may be configured to encrypt personally-identifying information using an identical process (and identical encryption keys).

Abstract: Methods, systems, apparatus and computer programs for enabling access to data by a requesting party. A plurality of sets of data are generated. A one one-way function is then used to generate a plurality of keys each associated with a respective one of the plurality of sets. Information associated with the data in a given set is used as an input to the one-way function when generating the key for that set. The keys are distributed to requesting parties. Subsequently, a requesting party may make a data access request using the received key. Upon receipt of a key, access may be enabled to the data. The requesting party may then generate validation data from information associated with at least a part of the received data and validating the received data by comparing the validation data to data derived from the received key.

Abstract: An apparatus includes a processor operatively coupled to a memory. The processor receives a first set of risk assessment rules including first user privilege criteria and first device criteria. The first device criteria includes a computing device patch level, a network type, and/or a password policy. The processor identifies a user-specific security risk based on the first set of risk assessment rules and applies a privilege mitigation measure based on the user-specific security risk without being in communication with a management server. The processor later receives a second, updated set of risk assessment rules at the computing device. Upon detecting another login of the user, the processor identifies an updated user-specific security risk based on the updated set of risk assessment rules, and applies a modified privilege mitigation measure based on the updated user-specific security risk, again without being in communication with the management server.

Abstract: Embodiments described herein provide an application programming interface and framework for a web application firewall single policy model. The framework can layer on top of a firewall platform that provides web application specific widgets that may be toggled and configured to enable or disable certain firewall actions on a per application basis. The framework includes a security stack that defines the order for the widgets. The security stack can provide the ability for a single policy model to be used for the firewall and allows for per application customizations.

Abstract: A method performed by an enterprise search system to conduct an automated, computerized search for select operational attributes of a plurality of network devices is shown. The method comprises initiating the search via a user interface based on receipt of input information, which is used to form a query. The method then determines based on the query, one or more audits each specifying one or more tasks to be performed by at least a first network device to search for the select operational attributes. Subsequently, the method makes the one or more audits available to the first network device via a network, and receives, from the first network device, one or more responses to the query. The method may include generating one or more filter conditions to apply to results of executing the one or more tasks to yield the select operational attributes when included in the results.

Abstract: A method of approximate address shuffling of an array includes receiving an array having an array size and non-null elements located in initial locations. The method includes receiving a pseudo-random function (PRF) key and initializing an output array to null. The method includes shuffling the non-null elements to generate shuffled locations for the non-null elements. The shuffling may include determining an intermediate shuffled location for a first non-null element. If a location in the output array corresponding to the intermediate shuffled location is null, the shuffling may include outputting a shuffled location as the intermediate shuffled location. If not, the shuffling may include generating an updated intermediate shuffled location. The method includes returning the output array having the first non-null element the location in the output array corresponding to the shuffled location.

Abstract: A system and method establishes a communication connection between a first, potentially input-limited device and a network-access device through an intermediate second device that is connected to the network-access device. The first device broadcasts a discovery request and receives a response from the second device. A first communication connection is established between the first device and the second device. The first device transmits a digital certificate to be sent to a remote device, which may authenticate the first device therewith. Network-login information, such as a network name and network password, are received from the second device, with which the first device establishes the communication connection. The second device may be capable of processing spoken commands (for example, in connection with the remote device), thus allowing the first device to be connected to the network-access device using spoken commands.

Abstract: Systems and methods are provided for managing data across a network based on multiple keys assigned to different participants in association with the data. One exemplary method includes identifying, by an originating party, a relying party, identifying data relevant to at least one interaction between the originating party and the relying party, and encrypting the data based on a secret. The method also includes generating a key set based on the secret, where the key set has at least three keys and is structured such that the secret is derivable from at least two of the at least three keys, and disseminating a first key of the key set and the encrypted data to a control party and disseminating a second key of the key set to the relying party.

Abstract: This disclosure describes techniques for securely, efficiently, and/or effectively providing cryptographic operations and key management services. Systems in accordance with one or more aspects of the present disclosure may provide secure management of cryptographic keys as service to a plurality of data center users or customers that contract for services provided by a data center. In one example, this disclosure describes a data center comprising a plurality of cloud service provider ports, a plurality of customer ports, network infrastructure coupling the plurality of cloud service provider ports to the plurality of customer ports, and a computing system including at least one hardware security module.

Abstract: According to an example, network traffic pattern based identification may include analyzing each packet of a plurality of packets that are outgoing from and/or incoming to an entity to respectively determine features within a sequence of outgoing packets and/or a sequence of incoming packets of the plurality of packets. Network traffic pattern based identification may further include analyzing the determined features by respectively using an outgoing packet classification model and/or an incoming packet classification model, and classifying, based on the analysis of the features.

Abstract: Described herein are systems, methods, and software to enhance the management of packet filters for host computing systems. In one implementation, a method of managing packet filters for a physical network interface on a host computing system includes obtaining dispatch statistics for media access control (MAC) addresses associated with virtual nodes communicating over the physical network interface via a virtual switch. After obtaining the dispatch statistics, the method further provides identifying a filter configuration based on the dispatch statistics, wherein the filter configuration classifies received packets at the physical network interface into processing queues based on attributes identified in the received packets, and applying the filter configuration in the physical network interface.

Abstract: A method, an apparatus, and a system for authenticating a WI-FI network, where a terminal sends, to an associated authentication center when the WI-FI network exists in an area in which the terminal is located, a request message that carries a user identifier, receives access verification information allocated to a user represented by the first user identifier from the associated authentication center, sends, to a WI-FI authentication center, a login request that carries the access verification information, receives authentication information obtained and fed back by the WI-FI authentication center carrying a user identifier corresponding to the access verification information, and determines that the WI-FI network is a secure network when the user identifier carried in the authentication information is the same as the user identifier carried in the request message.

Abstract: Disclosed is an electronic device and a method for processing authentication. The electronic device includes a communication circuit; a display; a memory; and at least one processor electrically connected to the communication circuit, the display, and the memory, wherein the memory stores instructions that cause the at least one processor to identify whether the electronic device is mounted on a first external electronic device, execute at least one application for an authentication based at least part of the identification, detect a second external electronic device, which can transmit authentication information related to the authentication, receive at least one piece of information related to the authentication from the second external electronic device based at least partially on the detection outcome, and perform authentication based on the received authentication information.

Abstract: Embodiments of the invention protect information stored in graph-based sequence references by “watermarking” the graph with uniquely identifiable information. The watermark identifies the graph or version thereof in a detectable but nonintrusive manner. In one embodiment, insertions and/or deletions are introduced into regions of the graph.

Abstract: Message and data sharing may require additional levels of security beyond mere access authorization procedures. One example method of operation may include identifying message content associated with a message, splitting the message content into a plurality of message content sections, identifying a plurality of potential recipient devices, and transmitting the plurality of message content sections to the plurality of potential recipient devices.

Abstract: Method for providing a secure mode for mobile applications including: configuring which applications should be available in secure mode; defining in the mobile operating system kernel, rules and privileges for applications defined for the secure mode; checking continuously if the secure mode is enabled by the user; if the security mode is enabled by the user, then the operating system kernel searches all processes and applications running on the operating system, suspend) the system applications not configured to be available in secure mode, hides the protected application, restricts inter-process communications and enforce privilege escalation events and enables access to application files protected by the protected application user Id; and if the security mode is disabled by the user, then the kernel releases all processes and applications that were stopped by the secure mode and denies any access to the protected application files.

Abstract: A method and associated system for authenticating an individual's geo-location via a communication network is disclosed. The method comprises the steps of: a) Providing an individual with a smartphone having a GPS receiving unit associated with a communications network; b) Providing the individual with a biometric user identification technology; c) Obtaining via the communications network the geo-location of the smartphone utilizing the GPS receiving unit; d) Identifying the user with the biometric user identification technology by obtaining biometric characteristics that are unique to each human; and e) Verifying the biometric user identification technology is within a preset proximity to the smartphone to authenticate the individual's geo-location.

Abstract: One aspect of the present invention discloses a watermark insertion method. The method includes: segmenting target text into pieces of page content; obtaining a watermark variable comprising a line alternation value indicative of a watermark mode changed for each line of the segmented page content and a watermark mode setting value; and applying a flip-flop component insertion algorithm for inserting a watermark into each of the pieces of segmented page content based on the obtained watermark variable.

Abstract: Systems for controlling access to and modification of a distributed ledger are provided. A system may receive a request to modify a distributed ledger and may transmit a request for availability data to computing devices associated with a plurality of modification approval users. Availability response data may be received. In response to receiving a request for modification of a distributed ledger, one or more modification authentication approval devices may be identified and requirements executed. Authentication/approval response data may be received and analyzed to determine whether the requirements for the identified modification authentication approval device are met. If so, the modification may be approved. If not, the request to modify may be denied.

Abstract: A data exchange guide device and an execution method thereof provided in the present disclosure are characterized that a processing program, which is executed by an electronic device connected with a connection interface, is able to read private key information, access a tabulation of remote shared data from an existing network available to the electronic device, and display the tabulation on a graphic user interface. Furthermore, a data exchange guide device and an execution method thereof provided in the present disclosure are also characterized that a processing program, which is executed by an electronic device connected with the connection interface and a virtual network card, is able to read private key information, access a tabulation of remote shared data from the virtual network card, and display the tabulation on a graphic user interface.