Abstract: A system for differential privacy is provided. In some implementations, the system performs operations comprising receiving a plurality of indices for a plurality of perturbed data points, which are anonymized versions of a plurality of unperturbed data points, wherein the plurality of indices indicate that the plurality of unperturbed data points are identified as presumed outliers. The plurality of perturbed data points can lie around a first center point and the plurality of unperturbed data points can lie around a second center point. The operations can further comprise classifying a portion of the presumed outliers as true positives and another portion of the presumed outliers as false positives, based upon differences in distances to the respective first and second center points for the perturbed and corresponding (e.g., same index) unperturbed data points. Related systems, methods, and articles of manufacture are also described.

Abstract: Disclosed are: a communication technique and a system therefor for fusing, with IoT technology, a 5G communication system for supporting a data transmission rate higher than that of a 4G system. Provided is a method for installing a profile of a terminal having an embed universal integrated circuit card (eUICC) in a mobile communication system, the method comprising: requesting for an eUICC authentication certificate to an eUICC and receiving the eUICC authentication certificate; and transferring a profile package to the eUICC so as to install a profile, wherein the received eUICC authentication certificate further comprises an eUICC manufacturer (EUM) authentication certificate.

Abstract: A method for preventing digital content misuse can include receiving, by a digital content delivery system, a request from a client-side computing device to access digital content maintained by the digital content delivery system; determining, by the digital content delivery system, that a number of times the client-side computing device has accessed digital content meets or exceeds a threshold number of times the client-side computing device is permitted to access digital content; and in response to determining that the number of times the client-side computing device has accessed digital content meets or exceeds the threshold number, denying the request and executing a remedial action.

Abstract: In an embodiment, a password risk evaluator may receive a request including a user identifier (ID) and a password. The password risk evaluator may retrieve a password preference model associated with the user ID, and may determine a risk score indicating a likelihood that the password is associated with the user ID. For example, the password preference model may be based on previous passwords used by the user, and may identify one or more characteristics, formulas, rules, or other indicia typically employed by the user in creating passwords. If the password supplied in the request matches or is similar to one or more elements of the password preference model, it may be more likely that the password in the request is a password supplied by the user. That is, the risk score may be an authentication of the user, or part of the authentication of the user, in some embodiments.

Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon that is white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. The affine mapping A is constructed by a construction method coordinated with the invertible mappings c1, c2, and etc.

Abstract: The present disclosure provides a dynamic method for automated Security Information and Event Management (SIEM) custom correlation rule generation through the use of an interactive network visualization. The visualization is based on log data received from network endpoints and inputs received from a user, and is provided to the user for feedback before the SIEM custom correlation rules are automatically generated based on the visualization. The automatically generated SIEM custom correlation rules are then used to determine whether to trigger actions based on event data received from the network endpoints.

Abstract: An object of the present invention is to provide an authentication system and method which can reduce a burden on a user while ensuring security by using a combination of a plurality of authentication methods.

Abstract: A system for creating an account with an identity provider. The system receives a request to create an identity provider account with the identity provider for use in logging onto a third-party system. The system generates one or more display pages for providing an integrated-consent user experience. The integrated-consent user experience includes a display page for collecting both new-account information and scope-of-consent information whereby a user consents to share information with the third-party system. After the user provides the new-account information that includes user credentials for the identity provider account and consents to share account information of the identity provider account with the third-party system, the system creates the identity provider account for the user.

Abstract: The present invention provides various aspects for processing multiple types of substrates within cleanspace fabricators or for processing multiple or single types of substrates in multiple types of cleanspace environments. In some embodiments, a collocated composite cleanspace fabricator may be capable of processing semiconductor devices into integrated circuits and then performing assembly operations to result in product in packaged form. Customized smart devices, smart phones and touchscreen devices may be fabricated in examples of a cleanspace fabricator. In some examples, the smart devices, smart phones and touchscreen devices may have two touchscreens on opposite sides of the device along with hardware based encryption.

Abstract: A method to recognize whether a user of an electronic terminal is a human or a robot is described. This method provides to take an image and decompose the image in a multitude of image portions. The image portions are randomly visualized inside a test area of an electronic terminal. The method provides to detect the movement of a cursor inside the test area, and to move each image portion inside the test area according to a trajectory which depends on the position of the cursor inside the test area. When the cursor is in a solution position inside the test area, the image portions combine into the original image. The coordinates of the solution position are randomly generated, and to these coordinates is associated a solution area which comprises the coordinates of the solution position. In order to recognize if a user of an electronic terminal is a human or a robot, the method tests if the cursor position is inside the solution area when the user inputs a control signal.

Abstract: A memory device is provided which comprises a memory array, a first scrambling circuit and a second scrambling circuit. The first scrambling circuit is configured to provide first scrambled data with a first scrambling pattern in response to input data. The second scrambling circuit is configured to provide second scrambled data with a second scrambling pattern in response to the first scrambled data.

Abstract: A vehicle computing platform may receive driver sensor data indicating whether a driver seat in a vehicle is occupied. The vehicle computing platform may determine, based on the driver sensor data, an identity of a driver of the vehicle. The vehicle computing platform may receive passenger sensor data indicating whether a passenger seat in the vehicle is occupied. The vehicle computing platform may, based on the passenger sensor data indicating that the passenger seat in the vehicle is occupied, obscure information on a screen of the vehicle.

Abstract: Methods and apparatus are provided for user authentication using a Public Key Infrastructure (PKI) in an IP-based telephony environment, such as an IMS network. A user of a user device attempting to access an IP-based telephony network can be authenticated by obtaining one or more private keys of the user from a secure memory associated with the user device; generating an integrity key and a ciphering key; encrypting the integrity key and the ciphering key using a session key; encrypting the session key with a public key of the IP-based telephony network; and providing the encrypted session key, encrypted integrity key and encrypted ciphering key to the IP-based telephony network for authentication. A network-based method is also provided for authenticating a user in an IP-based telephony network.

Abstract: A system and/or method include a connect module for facilitating a single sign-on to a digital vault provided by a service provider in a zero-knowledge architecture.

Abstract: A mobile device may include at least one memory and a processor-cooperating with the at least one memory to enroll with an enterprise mobility management (EMM) server and store a plurality of different managed enterprise applications in the at least one memory, and receive and store a digital certificate associated with a given one of the managed enterprise applications in a secure shared location within the at least one memory. The processor may further run the plurality of managed enterprise applications to share access to the digital certificate from the secure shared location and generate and send encrypted data to another mobile device via the EMM server with all of the managed enterprise applications using the same digital certificate associated with the given managed enterprise application for encryption so that the EMM server is unable to decrypt the encrypted data.

Abstract: A system for deceiving an attacker who harvests credentials within an enterprise network, including a management server deploying a deceptive agent on an endpoint computer of the enterprise network, the deceptive agent including a hook manager creating system hooks on resources in the endpoint computer that holds valuable credentials, which would be desired by attackers, and a deceptive content provider, generating deceptive content and returning the deceptive content to a malicious process run by an attacker on the endpoint computer, the malicious process making a read request directed to a resource in the endpoint computer that holds valuable credentials, thus making it appear to the attacker that a response is coming from the resource whereas in fact the response is coming from the deceptive agent, when the hook manager hooks the read request.

Abstract: A method for routing IP packets with IPSec AH authentication is disclosed. The method includes locating overlay edge routers between private domains and their associated NAT routers. Outbound packets from a source private domain are modified by its overlay edge router to include IPSec AH authorization data computed using IP source and destination addresses that match a packet's final source and destination IP address upon final NAT translation immediately prior to delivery to a host of a destination private domain.

Abstract: Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

Abstract: The technology described herein discloses systems and methods for upgrading biometric authentication system. The system can receive first biometric information in connection with an authentication request from a user. The system can authenticate the user via a first authentication system by comparing the first biometric information received in connection with the authentication request with second biometric information. The user can be automatically enrolled into a second authentication system using the first biometric information received in connection with the authentication request.

Abstract: Technology for communicating secure data from a sensor is disclosed. A data transfer device may comprise at least one sensor to generate sensor data and a security engine to generate a key. The data transfer device may also comprise a hardware interface to couple with the at least one sensor and receive the sensor data, and to generate a security signature using the key with the sensor data, and configured to send the sensor data combined with the security signature to a communication interface of a host device. The data transfer device may also comprise a security enclave configured to receive the key from the security engine and to send the key to an application layer of the host device.