Abstract: An industrial automation device with a token to be used as authentication information in information exchange between a first cloud service and the industrial automation device, a mobile device is connected to the industrial automation device and to a cloud service that is the first cloud service or a second cloud service. After authenticating the user of the mobile device to the cloud service, a token is generated by the cloud service to the first cloud service, and forwarded via the mobile device to the industrial automation device. If the cloud service that generated the token is the second cloud service, the token is forwarded via the mobile device, after the mobile has been authenticated in the first cloud service, the first cloud service. Thereafter the industrial automation device and the first cloud service may communicate directly with each other using the token for authentication.

Abstract: A client device collects immunization data includes a type of immunization given to an individual and a date that the immunization was provided to the individual. The client device converts immunization data into a numeric string, where the numeric string as converted comprises an encrypted payload portion and a mode indicator portion. The client device generates a two-dimensional machine-readable identifier using the numeric string. A reader device reads the two-dimensional machine-readable identifier and accesses the numeric string. The reader device converts at least a portion of the numeric string comprising the immunization data into a predetermined format for importing into an electronic health record (EHR).

Abstract: A data security method may include storing user data to a first device and storing metadata corresponding to the user data to a second device. The method may further include making a first determination that at least one device selected from the group of the first device and the second device is not in communication with a third device. The method may further include disabling utilization of the user data in response to the first determination.

Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.

Abstract: Systems and methods are disclosed herein relating to the secure configuration of intelligent electronic devices. Intelligent electronic devices are used in electric power generation and transmission systems for protection, control, automation, and/or monitoring of equipment. The use of tokens and token-based digital signatures in the configuration process of intelligent electronic devices reduces the likelihood of malicious acts or unintended errors. Tokens distributed to engineers, technicians, intelligent electronic devices, computing devices, and/or software decrease the likelihood of errors being introduced in the configuration process.

Abstract: Systems and methods for providing identity verification services to users by providing a staking mechanism to incentivize participants in an identity verification system to be truthful and accurate and determining validator accuracy and associated setting of fees for using validator attestations to create an efficient, private and secure system.

Abstract: A method for configuring an account of a cloud device including obtaining a sub-account corresponding to a currently logged-in primary account, wherein the primary account has a permission to access a cloud resource, and the sub-account has a part or all of the permission of the primary account; and importing the sub-accounts into the target cloud device to log in to the target cloud device through the sub-account to perform operation and maintenance on the target cloud device, wherein the cloud resource includes the target cloud device. The present disclosure solves the technical problem that, in the conventional techniques, the gateway account needs to be created for each gateway separately, which causes the complicated account configuration of the gateway.

Abstract: A first server receives from a device(s) an identifier, retrieves a reference credential(s) associated with the identifier(s), generates a reference token(s) using the reference credential(s) and a predetermined key(s) and sends to a second server the reference token(s) and a script(s) for requesting the user to provide a credential(s). The second server gets a device identifier(s) and sends to the device a request(s) by executing the script(s). The device gets a submitted credential(s), generates and sends to the second server a submitted token generated by using the submitted credential(s) and the predetermined key(s) stored by the device. The second server compares each of the submitted token(s) to the received reference token(s) and generates and sends to the first server a comparison and/or an authentication result(s). The invention also relates to corresponding device, first and second server and system.

Abstract: According to one embodiment, a method, computer system, and computer program product for preventing statistical inference attacks is provided. The present invention may include splitting records into items, and classifying these items into shared items and private items; grouping the private items according to privacy and confidentiality requirements; restricting access of the private items to stakeholders based on the confidentiality requirements using cryptographic keys; generating and encrypting one or more placeholders for both existent and non-existent stakeholders; storing private items in private storage as indicated by links; creating shared records comprising links, placeholders, and shared items; adding integrity signatures to the shared records; and publishing the shared records to a shared medium.

Abstract: A document management system manages documents of an enterprise. The documents are managed in a secure manner such that access to entries included in the documents may be restricted according to a security policy associated with the documents. The document management system may secure documents such that entries are still provided to users that request the documents, but sensitive data included in the entries is masked according to the security policies for the documents.

Abstract: A method for producing a set of indicators of unwanted activity in a computer system, comprising: receiving a plurality of input data sets, each describing system activity and comprising an infection label and system activity information collected from a computer system; producing a plurality of training sets each comprising: 1) a plurality of activity values, each indicative of execution of an instruction, extracted from one of the plurality of input data sets, and 2) a respective infection label; producing for each training set one of a plurality of sets of relevant activity values by: training a model to output, in response to the respective training set, an infection classification equal to respective infection label; and analyzing the model to identify a set of relevant activity values, of the plurality of activity values, effecting the infection classification; and analyzing the plurality of sets of relevant activity values to produce the indicators.

Abstract: A method for use in a hybrid network ecosystem comprising an enterprise network and a reconciliation network is presented. The method comprises generating, by at least one first computing node in the enterprise network or the reconciliation network, a first digital facilitator, wherein the first digital facilitator provides one or more parameters for accessing or distributing data on a distributed ledger in the enterprise network, and wherein a private key is used for performing a computing operation, based on the data, in the enterprise network. The method also comprises generating, by the at least one first computing node in the enterprise network or the reconciliation network or at least one second computing node in the enterprise network or the reconciliation network, a second digital facilitator, wherein the second digital facilitator provides the one or more parameters for accessing or distributing the data in the reconciliation network.

Abstract: Methods, systems, and apparatuses embodied herein control and track access to secured data independent of the asset storing the secured data. In this regard, some embodiments organize volumes including one or more datasets and attach one or more assets to each volume. Some embodiments further receive data permissions of use information, for example from a data steward device, for the volume and datasets, which are registered with the volume and the datasets. Some embodiments further receive a set of restrictions, retrieve the dataset permissions of use information for one or more dataset identifiers, and determine the restrictions do not conflict with the dataset permissions of use information. Some embodiments further generate, and subsequently store, an indication the set of restrictions is valid when the dataset permissions of use information does not conflict. Permissions of use information may be organized into persona data objects assigned to various user profiles.

Abstract: The described technology provides for plural application processes including at least one application in a browser to reliably acquire device information that can be used by other processes to accurately determine whether the plural applications are running on the same client device and/or are associated with aspects of the same client device. The more reliable determination of the devices associated with respective application processes can be used for various purposes such as, for example, user access management capabilities such as improved single sign-on (SSO) capability and/or improved multiple login prevention (MLP) capability.

Abstract: Systems and methods for management and configuration of personal digital privacy and security. A list of protected accounts is received, where each protected account is an online user account associated with a user. For each protected account of the list, a privacy configuration is generated, based at least in part on one or more user-specific privacy rules. A login session for the protected account is accessed, without transmitting or receiving the user's password for the protected account. Based on the accessed login session for the protected account, a plurality of current status indicators are determined for a plurality of privacy settings associated with the protected account. The current status indicators are analyzed to generate updated configuration settings for one or more of the privacy settings of the protected account, and the updated configuration settings are applied to the protected account.

Abstract: Provided is a disclosure for user authentication using biometric features such as detection of micro-expressions of a user.

Abstract: It is desired to try to increase the security of a computing system running computer applications that may access data in a data storage system. In some embodiments, a token associates a user with a task that is being executed by a computing node. It may therefore be possible to determine which user executed which tasks. In some embodiments, the validity of a token is tied to the lifespan of a task associated with the token, rather than to a fixed amount of time. Therefore, if the task associated with the token is complete, the token may become invalid, rather than remaining valid for a duration of time that possibly exceeds the lifespan of the associated task. In some embodiments, a token is used to enforce data access control, e.g. to deny certain users access to certain data in the data storage system.

Abstract: A data processing apparatus having a first secure area and a second secure area coupled by a monitor is provided. The monitor applies security credentials to processing circuitry transitioning from the first secure area to the second secure area to enable the processing circuitry to perform functions in the second secure area. A call gateway comprising a transition instruction and access parameters stored in a trusted storage device is used by the monitor to determine when to applying the security credentials to the processing circuitry. The access parameters comprising a target function or a memory location.

Abstract: A processor may identify that an application is being downloaded to a computing device. The processor may generate an authorization that regulates data that can be used by the application. The processor may prompt a user to select a first set of addendums for the authorization. The first set of addendums indicate specific data that can be used by the application. The processor may receive a request from the application to access a first specific datum. The processor may determine whether the application is authorized to access the first specific datum.

Abstract: An example operation includes one or more of connecting, by an identity provisioning node, a blockchain one to a blockchain two, creating, by an identity provisioning node, an interoperation identity network (IIN) for the blockchain one and for the blockchain two as an instance of a self-sovereign identity (SSI) network, executing a smart contract to: invoke an IIN access control policy, map attributes and permissions of the blockchain one to attributes and permissions of the blockchain two based on the IIN access control policy, and generate a valid verifiable credential (VC) of the IIN in the blockchain one and in the blockchain two based on the mapped attributes and the permissions.