Abstract: The disclosure relates to a computed-implemented method, a computer program, and a computer system for selectively verifying personal data. The method comprises receiving, by an identity application of a client device, personal data of a user. The method further comprises computing, via a cryptographic hash function, one or more cryptographic hashes from elements of the personal data. The method further comprises storing the cryptographic hashes, an internal identifier and a timestamp as an entry in a distributed database. The internal identifier is unique within the distributed database. The method further comprises receiving a user request from the user. The method further comprises selecting one or more of the elements of personal data for verification. The method further comprises requesting verification of the selected elements of personal data. The method further comprises determining an authorization indication in response to the verification request.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for digital asset buyback. One of the methods includes: obtaining a request for buying back a digital asset from a first blockchain account, the request comprising a quantity of the digital asset; identifying, based on the request, a blockchain contract that is deployed on the blockchain and that corresponds to the digital asset; generating a blockchain transaction for transferring the quantity of the digital asset from the first blockchain account to a second blockchain account associated with digital asset buyback, wherein the blockchain contract comprises a restriction prohibiting transfer of the digital asset out of the second blockchain account; and sending, to a blockchain node for adding to the blockchain, the blockchain transaction for transferring the quantity of the digital asset from the first blockchain account to the second blockchain account.

Abstract: Structured access to volunteered private data disclosed. Access can be based on security and privacy constraint information (SPCI) that can be selected by the party volunteering the private data. The volunteered data can be stored in a protected portion of a public network. The SPCI can be correlated to the volunteered data. In response to receiving a request for access to the volunteered data, an attribute of the request can be determined to satisfy one or more rules related to the SPCI prior to facilitating access to a version of a portion of the volunteered data. The version of the portion of the volunteered data can be a redaction of the portion of the volunteered data. The version of the portion of the volunteered data can be aggregated with other portions of other volunteered data determined to satisfy corresponding SPCI related rules.

Abstract: A system and method for integrating FIDO authentication systems and User verification systems. The system is provided in one configuration as a mobile app that allows access to highly sensitive information via a mobile device while simultaneously ensuring a highly secured environment authenticating both the mobile device and the user via a highly reliable authentication process.

Abstract: A system can control access to encrypted data shared by a group of users by the use of a vault key that is associated with a group of users. The encrypted data can include encrypted secret data generated from the secret data using a secret key, an encrypted secret key can be generated from the secret key by the use of a vault key, and an encrypted vault key generated from the vault key by the use of a public key associated with a user of the group of users. The system can allow users to store and access the encrypted data only if the user is a current member of the group. The system can verify the user's membership status from a group manager, such as a system managing a channel or chat session.

Abstract: The invention relates generally to systems and methods for a medical data marketplace where de-identified medical data can be offered for sale or licensing, and prospective customers can search for the medical data using various criteria. The marketplace facilitates clinical research activities, clinical trials, medical research, medical technology development, and the like, while preserving HIPAA privacy protections, and allows medical data owners to monetize the data in an efficient manner.

Abstract: Systems and methods which provide data exchange using a distributed ledger, wherein data is exchanged off-chain and information for accessing the off-chain data is exchanged through the blockchain, are disclosed. Embodiments may provide a hybrid blockchain data exchange platform storing large amounts of data (e.g., IoT data) in a data server outside of the blockchain, wherein a data consumer may obtain data from the data server using a token obtained from the blockchain. Embodiments of a hybrid blockchain data exchange platform provide for accuracy and security of the data without requiring storage of the full contents of the data within the blockchain, and/or provide data exchange in which the irrefutability of the data exchanged is ensured.

Abstract: A device is suggested for processing input data including a hardware accelerator generating a first hash value based on a first portion of the input data and a second hash value based on a second portion of the input data, wherein the first hash value is generated based on a first configuration of the hardware accelerator and wherein the second hash value is generated based on a second configuration of the hardware accelerator. Also, a method for operating such device is provided.

Abstract: A method of performing user authentication includes by a service electronic device associated with a service, receiving, from a public electronic device, a request for a user to initiate a session of the service, generating a first security token, a first write token, a first read token, and/or a first delete token, sending the first security token, the first write token, the first read token, and/or the first delete token to a server electronic device, receiving, from the server electronic device, a key location identifier that uniquely identifies a memory location of a data store associated with the server electronic device where the first security token, the first write token, the first read token, and/or the first delete token are stored, saving the key location identifier in a data store associated with the service electronic device, generating a signed key location identifier, generating a machine-readable image that includes the key location identifier, the signed key location identifier and the first

Abstract: A method for providing a Proof-of-Work concept in a vehicle is provided. The vehicle includes a network including at least three control units, where a first control unit sends a first message to a second control unit, the second control unit sends a second message including the first message to a third control unit, and the third control unit determines a Proof-of-Work for the second message based on at least one vehicle-specific characteristics of the network. Also, an corresponding system as well as a vehicle including such system are provided.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure, low end-user effort computing device configuration. In some examples the IoT device is configured via a user's computing device over a short range wireless link of a first type. This short range wireless communication may use a connection establishment that does not require end-user input. For example, the end user will not have to enter, or confirm a PIN number or other authentication information such as usernames and/or passwords. This allows configuration to involve less user input. In some examples, to prevent man-in-the-middle attacks, the power of a transmitter in the IoT device that transmits the short range wireless link is reduced during a configuration procedure so that the range of the transmissions to and from the user's computing device are reduced to a short distance.

Abstract: In one embodiment, an apparatus comprises a processor to execute instructions and having at least a first logic to execute in a trusted execution environment, a secure storage to store a platform group credential, and a first logical device comprising at least one hardware logic. The platform group credential may be dynamically provisioned into the apparatus and corresponding to an enhanced privacy identifier associated with the apparatus. The first logical device may have a first platform group private key dynamically provisioned into the first logical device and corresponding to an enhanced privacy identifier associated with the first logical device, to bind the first logical device to the apparatus. Other embodiments are described and claimed.

Abstract: A vehicle telematics system is provided having secure communication capabilities between a vehicle telematics device and external computing devices. In one embodiment, the vehicle telematics device includes a processor; a memory coupled to the processor and storing a vehicle telematics application; and a security chip coupled to the processor and the memory, wherein the security chip is configured to support a Transport Layer Security (TLS) stack.

Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: Systems and methods for developing a novel public/private key pair having unique properties are disclosed, whereby standard data security operations in existing data security infrastructures return a data integrity validation result—but do not provide the intended data security of such infrastructures. These novel keys are referred to as degenerate keys and may be used to replace the public and private keys in existing public/private key cryptosystems. Because degenerate key data integrity validation may leverage existing data security infrastructures that are already widely-implemented, such examples may be applied immediately and configured to seamlessly transition from integrity only modes back to secure modes. In some instances, the degenerate key examples described herein may be employed during a software testing and/or factory validation stage of product development to allow for data integrity validation before burning in a developer's active (i.e.

Abstract: A system on a chip (SoC) includes a security processor configured to determine that a first channel ID describing a {source, destination} tuple for a crypto packet matches a second channel ID describing a corresponding {source, destination} tuple for a preceding crypto packet received immediately prior to the crypto packet. The SoC also includes a decryption engine configured to, responsive to the determination that the first channel ID matches the second channel ID: obtain a set of round keys applied to perform an add round key computational stage of a previous decryption datapath used to decrypt a preceding cipher text block obtained from the preceding crypto packet, and to reuse the set of round keys to perform a corresponding add round key computational stage of a current decryption datapath used to decrypt a cipher text block obtained from the crypto packet.

Abstract: A method for detecting, identifying, and mitigating advanced persistent threats in a computer network having one or more computers includes a processor in the computer network: receiving a request to access a resource in the computer network; identifying the request as originating from an application executing on the computer network; executing an anomaly operation to determine a behavior of the application is one of anomalous and not anomalous; executing a privilege operation to determine the request is one of permanently allowed and not-permanently allowed; granting access to the resource for both a non-anomalous-behaving application and a permanently allowed request; and generating and displaying, on a graphical user interface of the computer network, and prompt for either an anomalous-behaving application or a not-permanently allowed request.

Abstract: A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed.

Abstract: Techniques are disclosed relating to biometric authentication. In one embodiment, a computing device includes a controller circuit, a camera, and a secure circuit. The controller circuit is coupled to a button and detects when the button has been pressed. The camera captures a set of biometric data of a user. The secure circuit performs an authentication of the user by confirming that a notification identifying the button being pressed was received from the controller circuit and by comparing the set of biometric data with another set of biometric data for an authorized user of the computing device. In some embodiments, the controller circuit is configured to maintain a timestamp indicative of when the button has been pressed and usable by the secure circuit to confirm that the button is pressed within a threshold time period of the authentication being performed.

Abstract: Importation and exportation allows software services in blockchain environments. Blockchains may import data and export data, thus allowing blockchains to offer software services to clients (such as other blockchains). Individual users, businesses, and governments may create their own blockchains and subcontract or outsource operations to other blockchains. Moreover, the software services provided by blockchains may be publically ledgered by still other blockchains, thus providing two-way blockchain interactions and two-way ledgering for improved record keeping.