Abstract: Implementations of data security technologies are disclosed. In an implementation, a plurality of feature points of a user-selected image are determined. A first plurality of interactive operations performed on at least a portion of the plurality of feature points by a user are detected during lock screen passcode set up of a mobile computing device. The first plurality of interactive operations are stored. The user-selected image is displayed on a lock screen when the mobile computing device is in a locked state. A second plurality of interactive operations on a touchscreen of the mobile computing device are detected when the mobile computing device is in the locked state, and the mobile computing device is unlocked if the second plurality of interactive operations match the first plurality of interactive operations.

Abstract: Extending the useful life of finite lifetime asymmetric cryptographic keys by referencing the number of uses of the keys in conjunction with or instead of the elapsed time since generation of the finite lifetime keys. By integrating asymmetric cryptographic keys into a limited use security scheme, the lifetime of finite lifetime asymmetric cryptographic keys is based on the practical risk of security breach during use rather than an arbitrary duration in which the keys are valid.

Abstract: Implementations of data security technologies are disclosed. In an implementation, a plurality of feature points of a user-selected image are determined. A first plurality of interactive operations performed on at least a portion of the plurality of feature points by a user are detected during lock screen passcode set up of a mobile computing device. The first plurality of interactive operations are stored. The user-selected image is displayed on a lock screen when the mobile computing device is in a locked state. A second plurality of interactive operations on a touchscreen of the mobile computing device are detected when the mobile computing device is in the locked state, and the mobile computing device is unlocked if the second plurality of interactive operations match the first plurality of interactive operations.

Abstract: The present disclosure provides a method, system, and device for distributing a software release. To illustrate, based on one or more files for distribution as a software release, a release bundle is generated that includes release bundle information, such as, for each file of the one or more files, a checksum, meta data, or both. One or more other aspects of the present disclosure further provide sending the release bundle to a node device. After receiving the release bundle at the node device, the node device receives and stores at least one file at a transaction directory. After verification that each of the one or more files is present/available at the node device, the one or more files may be provided to a memory of a node device and meta data included in the release bundle information may be applied to the one or more files transferred to the memory.

Abstract: A method may include transmitting a first public encryption key from to a control device and encrypting a first packet for a remote network device utilizing a first private encryption key correlated with the first public encryption key. The method may also include generating a second public encryption key and a second private encryption key and transmitting the second public encryption key to the control device. The method may additionally include receiving a first message from the remote network device that the remote network device received the second public encryption key from the control device, and after receiving the first message from the remote network device that the remote network device received the second public encryption key, encrypting a second packet utilizing the second private encryption key.

Abstract: Systems and methods for performing data duplication on data that was previously consolidated (e.g., deduplicated or merged). An example method may comprise: receiving, by a processing device, a request to modify a storage block comprising data encrypted using a location dependent cryptographic input; causing the data of the storage block to be encrypted using a location independent cryptographic input corresponding to a first storage location; copying the data encrypted using the location independent cryptographic input from the first storage location to a second storage location; causing data at the second storage location to be encrypted using a location dependent cryptographic input corresponding to the second storage location; and updating a reference of the storage block from the first storage location to the second storage location.

Abstract: The present disclosure provides a method, system, and device for distributing a software release. To illustrate, based on one or more files for distribution as a software release, a release bundle is generated that includes release bundle information, such as, for each file of the one or more files, a checksum, meta data, or both. One or more other aspects of the present disclosure further provide sending the release bundle to a node device. After receiving the release bundle at the node device, the node device receives and stores at least one file at a transaction directory. After verification that each of the one or more files is present/available at the node device, the one or more files may be provided to a memory of a node device and meta data included in the release bundle information may be applied to the one or more files transferred to the memory.

Abstract: Several methods may be used to exploit the natural physical variations of sensors, to generate cryptographic physically unclonable functions (PUF) that may strengthen the cybersecurity of microelectronic systems. One method comprises extracting a stream of bits from the calibration table of each sensor to generate reference patterns, called PUF challenges, which can be stored in secure servers. The authentication of the sensor is positive when the data streams that are generated on demand, called PUF responses, match the challenges. To prevent a malicious party from generating responses, instructions may be added as part of the PUF challenges to define which parts of the calibration tables are to be used for response generation. Another method is based on differential sensors, one of them having the calibration module disconnected. The response to a physical or chemical signal of such a sensor may then be used to authenticate a specific pair of sensors.

Abstract: The invention is a data management method for an anonymous data sharing system, comprising the steps of receiving a data supply from a data source (10), the data supply comprising an anonymous data source identifier, an entity identifier encrypted with the private encryption key of the data source (10), and data associated with the entity. The method further comprises mapping the encrypted entity identifier to a common anonymous entity identifier by applying a classifier key associated with the data source identifier in such a manner that for every entity identifier the following applies: by encrypting said entity identifier with the private encryption key of any data source (10) and by mapping it using the classifier key associated with the identifier of the data source, the same common anonymous entity identifier is obtained, wherein the data associated with the entity are stored in a database (12) in a manner that said data are assigned to the common anonymous identifier.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: A fine grained permission method and system that parameterizes permissions based on an objective criterion. The method includes accessing libraries of application programs requiring a permission, automatically extracting types of the parameters and respective corresponding fields read by the libraries requiring the permission, filtering the extracted types of parameters and fields based on a usage criteria to determine a filtered type of parameter and field for the permission and storing the filtered type parameter and field for the permission in a database. A request for a permission is passed to a fine grained permission module which obtains the filtered type of parameter and field for the permission, determines a specific parameter for the permission based on the filtered type of parameter and field and parameterizes the permission using the specific parameter. Downloading of the application program is completed by limiting the permission based on the specific parameter.

Abstract: A usage control method for a medical detection device, a system and a medical detection device. The method includes: receiving, by the medical detection device, an operation instruction inputted by an operator, and prompting the operator to input an authorization file when the operation instruction instructs to perform configuration authorization; receiving an authorization file inputted by the operator, and displaying an operation interface corresponding to the operation instruction when the authorization file passes authentication; where the authorization file is generated by a dongle inserted into the medical detection device according to the number of available times and the device identification; executing, by the medical detection device, configuration content inputted by the operator on the operation interface.

Abstract: A risk assessment (RA) computing device for generating network security campaigns to discover network security gaps. The RA computing device includes at least one processor in communication with a memory and a network. The RA computing device is programmed to generate a tracer file and transmit the tracer file to the network for enabling a verified user to attempt to retrieve the tracer file from the network. The verified user retrieves the tracer file from the network and uploads the tracer file to the RA computing device. The RA computing device performs one or more validations against the tracer file to verify that the tracer file was generated by the verified user.

Abstract: A method, a computer system, and a computer program product may provide a cryptographic key object to a guest virtual server for use in cryptographic operations. The guest virtual server may register with a hypervisor. The hypervisor may generate a guest wrapping key associated with guest credentials from the registering. The hypervisor may also generate a satellite virtual server instance. The guest virtual server and the satellite virtual server instance share a master key that cannot be accessed by the hypervisor or by any guest virtual server. The trusted hypervisor may pass a copy of the guest wrapping key to the satellite virtual server instance. A random guest key may be generated and may be wrapped with a guest wrapping key thereby producing a wrapped guest key. The hypervisor may convert the wrapped guest key to be a protected key that serves as the cryptographic key object.

Abstract: A method and system for protecting video and image files processes from original files to detect skin tones of persons appearing in the media. Pixels determined to contain skin tones are blurred or blacked out, and the pixel locations and their original color values are stored in a metadata file. The metadata file is encrypted and stored with the redacted video file. Thereafter, when an authorized person wants to see an unredacted version of the video, the system decrypts the metadata and reconstituted the video, replacing the redacted pixels with their original color values, and inserting a unique watermark into the video that identifies the requesting person. The watermarked video is then provided to the requesting person.

Abstract: A system and method for reliably and securely recording and storing all attributes of data, such as for the identification and authorization of individual identity as well as attributes relating to it and personal data including but not limited to individual's physical description, bank details, travel history, etc. (the “Personally Identifiable Information “PII”). PII can be difficult to manage in networks where correlation between data sources is required. Thus, in some embodiments, the system combines a distributed database to create a framework for a robust security. The system manages the distributed database to associate transactions, or actions, using data, digital signatures, and/or cryptographic keys, which can be unique to an individual.

Abstract: The life cycle of one or more containers related to one or more containerized applications is managed by determining that a predefined retention time for a first container of a plurality of containers has elapsed; in response to the determining, suspending new session traffic to the first container; and waiting for a predefined session dilution time before terminating the first container and/or changing a role of the first container. In some embodiments, the session dilution time allows existing sessions to complete before the first container is disconnected from a service platform.

Abstract: A method includes: pre-generating a key pair including a first public key and a first private key; acquiring identification information about a mobile terminal; encrypting the key pair including the first public key and the first private key using the identification information to obtain a first encrypted public key and a first encrypted private key and saving same; when a service key is encrypted, encrypting the service key using the first private key to obtain an encrypted service key; when the service key is decrypted, decrypting the encrypted service key using the first public key to obtain the service key; acquiring data needing to be encrypted/decrypted of the mobile terminal; and encrypting/decrypting the data using the service key. The security of the data can be protected off-line with low cost and without hardware protection, so that the data cannot be intercepted and tampered with.

Abstract: Systems and methods for contact card customization. More specifically, the systems and methods herein leverage authentication protocols and the branded indicators for message identification (BIMI) protocol to allow organizations to display customized contact card information in their sent messages. As such, the systems and methods provide customizable, dynamic, and secure contact cards that can distinguish between an individual and an organization unlike previously utilized contact card systems and methods.

Abstract: An application running in a container is able to access files stored on disk via normal file system calls, but in a manner that remains isolated from applications and processes in other containers. In one aspect, a namespace virtualization component is coupled with a copy-on-write component. When an isolated application is accessing a file stored on disk in a read-only manner, the namespace virtualization component and copy-on-write component grant access to the file. But, if the application requests to modify the file, the copy-on-write component intercepts the I/O and effectively creates a copy of the file in a different storage location on disk. The namespace virtualization component is then responsible for hiding the true location of the copy of the file, via namespace mapping.