Abstract: Disclosed are examples of systems, apparatus, devices, computer program products, and methods implementing aspects of a decentralized content fabric for secure content publishing in an overlay network. In some implementations, a request to create digital content is obtained from a client. The request includes a call on a library contract associated with a content library. A transaction identifying the request is recorded in a ledger. A transaction ID and a content ID are sent to the client. An authorization token including the transaction ID and the content ID is then obtained from the client. Authorization of a content creator can be verified based on the authorization token. A write token can then be sent to the client. A content object part encrypted with a content encryption key set and designated for publishing to the overlay network can then be obtained from the client.

Abstract: Systems, computer program products, and methods are provided for storing data files within a distributed trust computing network, such as a blockchain network, which acts as a source of truth for the digital copy. In response to storing the data file within the distributed trust computing network, a machine-readable code is generated that when read by an authorized entity provides access to the certified digital copy stored within the distributed trust computing network. In this regard the machine-readable code serves as a pointer to the distributed trust computing network and the storage location within the trust network and, in specific embodiments the code is dynamic so as to provide access privileges (e.g., security credentials required to access, the content authorized to access, duration period for accessing and the like).

Abstract: Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

Abstract: According to an example aspect of the invention, there is provided an apparatus comprising at least one processing core and at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to receive, from a first user, a ciphertext, a first hash value and a first ciphered encryption key, receive, from a second user, a second hash value, responsive to a determination the first hash value is the same as the second hash value, obtain a re-encryption key, and apply the re-encryption key to the first ciphered encryption key to obtain a re-encrypted encryption key, the re-encrypted encryption key being decryptable with a secret key of the second user.

Abstract: An operating method for a push authentication system and device, belonging to the field of information security.

Abstract: An MRI image processing and analysis system may identify instances of structure in MRI flow data, e.g., coherency, derive contours and/or clinical markers based on the identified structures. The system may be remotely located from one or more MRI acquisition systems, and perform: error detection and/or correction on MRI data sets (e.g., phase error correction, phase aliasing, signal unwrapping, and/or on other artifacts); segmentation; visualization of flow (e.g., velocity, arterial versus venous flow, shunts) superimposed on anatomical structure, quantification; verification; and/or generation of patient specific 4-D flow protocols. A protected health information (PHI) service is provided which de-identifies medical study data and allows medical providers to control PHI data, and uploads the de-identified data to an analytics service provider (ASP) system. A web application is provided which merges the PHI data with the de-identified data while keeping control of the PHI data with the medical provider.

Abstract: Security design and architecture for a multi-tenant Hadoop cluster are disclosed. In one embodiment, in a multi-tenant Hadoop cluster comprising a plurality of tenants and a plurality of applications, a method for identifying, naming, and creating a multi-tenant directory structure in a multi-tenant Hadoop cluster may include (1) identifying a plurality of groups for a directory structure selected from the group consisting of a superuser group, a plurality of tenant groups, and at least one application group; (2) creating an active directory for each of the groups; (3) adding each of a plurality of users to one of the plurality of tenant groups and the application group; (4) creating tenant directories and home directories for the users; and (5) assigning owners, group owners, default permissions, and extended access control lists to the tenant directories and the home directories.

Abstract: The present disclosure is for a system and a method for tracking physical and digital communication that is sent to an inmate who is incarcerated in a correction facility. The present invention enables a significant reduction in contraband and/or prohibited communication that is sent to inmates, and, at the same time, provides transparency in the communication delivery process such that a sender is appraised as to the status of the communication as it is processed by various systems and sub-systems within a correctional facility. Moreover, the present invention enables the identification and detection of criminal or prohibited communication that would otherwise have been undetected using prior art systems.

Abstract: A method and system of providing emotional health support resources to a member of a service (MOS) are provided. A data packet is received from a user device of a user. A group identification (ID) is extracted from the data packet. The group ID is sent to an authentication server for authentication. Upon not receiving a token from the authentication server, the user is blocked from support resources of a private network. Upon receiving a token from the authentications server, the user is identified as an anonymous authorized member of service (MOS). Information is interactively requested and received from the anonymous MOS. One or more support resources of the private network are identified based on the received information from the anonymous MOS. Access is provided to the one or more support resources of the private network via the user device.

Abstract: Aspects of the present disclosure relate to dynamically generating a security challenge and corresponding password. A set of user activity data may be obtained from one or more data sources. The set of user activity data may then be analyzed. Based on the analysis, a security rating may be generated for the user activity data. The security rating may be compared to a security threshold to determine whether the set of user activity data is secure. In response to the security rating satisfying the security threshold, the security challenge and password corresponding to the security challenge may be generated based on the set of user activity data.

Abstract: A mobile provisioning system, method, and apparatus are provided. The mobile provisioning method is disclosed to enable a first mobile device to provision or write one or more guest identification objects to a second mobile device. The guest identification objects may be written only if the first mobile device has the appropriate permissions and may further be limited in their use as compared to non-guest identification objects.

Abstract: An authentication system that uses personal variable biometric information which changes according to times and environments, and an authentication method using the same are disclosed. The variable biometric information-based authentication system includes: a mobile terminal configured to generate information regarding an ID that intends to access a facility or information requiring an access authority, and to collect variable biometric information, such that information regarding the ID and the variable biometric information are stored all together; and a variable biometric information management server configured to, when the mobile terminal requests a login command regarding the ID, verify validity of the login command regarding the ID based on the variable biometric information.

Abstract: Certain described examples are directed towards analyzing network data. The network data is processed to generate a graph data structure that has edges that are associated with communication times from the network data and nodes that are associated with computer devices. Representations of the graph data structure are generated over time. Given an indication of at least a computing device, for example as involved in anomalous activity or a security incident, the representations of the graph data structure may be used to determine further associated computer devices that are associated with the indicated device.

Abstract: A device may include one or more processors to receive network topology information of a network and device capability information of devices in the network; detect a threat to the network; determine threat information associated with the threat; select a security policy and an enforcement device of the network to enforce the security policy based on the network topology information, the device capability information, and the threat information; and perform an action associated with the threat based on the security policy and the enforcement device.

Abstract: A system and method for scrubbing data to be shared between organizations to test a joint solution, and for preventing the introduction of unscrubbed data. Each organization captures a subset of data, which may be customer data from a line of business. The first organization scrubs its data according to scrubbing rules, and then passes the scrubbed data to its test environment, while the second organization passes its unscrubbed data to its test environment. The scrubbed data is communicated to the second organization and is applied to the unscrubbed data in order to scrub it, and then communicate it to the first organization. Both organizations use the scrubbed data in their respective test environments to test the joint solution or joint testing. Scrubbing the data may involve scrubbing only specific data fields containing sensitive information.

Abstract: A system, method, and computer program product are provided for identifying a file utilized to automatically launch content as unwanted. In one embodiment, a file is identified in response to a detection of unwanted code, the file utilized to automatically launch content. Additionally, it is determined whether an identifier associated with the unwanted code is included in the file. Further, the file is identified as unwanted based on the determination.

Abstract: An assigned share which is a proper subset of a subshare set with a plurality of subshares as elements, and meta information indicating values according to the elements of the subshare set or indicating that the elements are concealed values are stored. When a value according to a provided corresponding value according to a subset of the assigned share is not obtained from the meta information, a provided value according to the provided corresponding value obtained from the subset of the assigned share is outputted. When a value according to an acquired corresponding value according to a subset of an external assigned share, which is a proper subset of the subshare set, is not obtained from the meta information, input of an acquired value according to the acquired corresponding value is accepted. When the acquired value is inputted, a secret share value is obtained at least using the acquired value.

Abstract: Various examples described herein are directed to systems and methods for managing an interface between a user and a user computing device. The user computing device may determine that an audio sensor in communication with the user computing device indicates a first command in a user voice of the user, where the first command instructs the user computing device to perform a first task. The user computing device may determine that the audio sensor also indicates a first ambient voice different than the user voice and match the first ambient voice to a first known voice. The user computing device may determine that a second computing device associated with the first known voice is within a threshold distance of the user computing device and select a first privacy level for the first task based at least in part on the first known voice.

Abstract: A control system based on dynamic password and USBKEY including a dynamic password control chip, a USB control chip, a USB interface, a battery, and a detection circuit. The detection circuit is configured to output a detection signal to the dynamic password control chip when it is detected that the USB interface is connected with an external device; the dynamic password control chip is configured to enter a sleep mode when receiving a detection signal; the battery is configured to supply power to the dynamic password control chip and to reduce the power supplied to the dynamic password control chip when the dynamic password control chip enters the sleep mode.

Abstract: A first interface is transmitted from the server computer system to a user computer system, the first interface having a field for entering a mobile telephone number. A mobile phone number entered into the field for the mobile phone number is received from the user computer system at the server computer system. A password is generated and transmitting from the server computer system to a mobile device having a mobile phone number corresponding to the mobile phone number received from the user computer system and a second interface is transmitted from the server computer system to the user computer system, the second interface including a field for entering the password. A follow-up message is transmitted from the server computer system to the mobile device if the password is not received from the user computer system at the server computer system within a predetermined period of time.