Abstract: A module such as an M2M device or a mobile phone can include a removable data storage unit. The removable data storage unit can include a nonvolatile memory, a noise amplifying memory, and a cryptographic unit. The nonvolatile memory can include (i) shared memory for access by both the module and the cryptographic unit, and (ii) protected memory accessible only by the cryptographic unit. The cryptographic unit can use a noise memory interface and noise amplifying operations in order to increase and distribute bit errors recorded in the noise amplifying memory. The cryptographic unit can (i) generate a random number using the noise amplifying memory and (ii) input the random number into a set of cryptographic algorithms in order to internally derive a PKI key pair. The private key can be recorded in protected memory and the public key signed by a certificate authority.

Abstract: A system can include, for example, a secure data module(s) configured to store sensitive data regarding the user(s), a synthetic dataset generating module(s) configured to generate the synthetic dataset based on the sensitive data, and a control module configured to receive a request from an application for a dataset related to the user(s), provide the request to the synthetic dataset generating module(s), receive the synthetic dataset from the synthetic dataset generating module(s), and provide the synthetic dataset to the application. The synthetic dataset generating module(s) can be configured to generate the synthetic dataset based on the dataset.

Abstract: In at least one implementation, technology disclosed herein provides a method including generating a plurality of shares of an encryption key such that a combination of shares having a cardinality above a threshold cardinality is sufficient to retrieve data encrypted with the encryption key, distributing the plurality of shares among a plurality of devices, the plurality of devices including one or more disc drive cartridges and one or more printed circuit board assemblies (PCBAs) configured to host one or more of the disc drive cartridges, receiving one or more of the plurality of shares from the plurality of devices, and in response to determining that cardinality of the received one or more of the plurality of shares is above the threshold cardinality, retrieving the data encrypted with the key.

Abstract: Disclosed is a database encryption method supporting composable SQL query, which mainly comprises the following steps: (1) a user encrypting and preprocessing data based on the encryption scheme provided by the present disclosure and uploading an encryption result and preprocessed data to a service provider; (2) setting and uploading a SQL query instructions: the user uploads the query instruction to the service provider according to actual needs, and uploads auxiliary parameters for the query instruction at the same time; (3) data query: the service provider performs SQL query according to the query instruction and auxiliary parameters received from the user, saves a calculation result, updates the data and returns a query result to the user.

Abstract: Different database deployments, or other data system deployments, may want to communicate with each other without sacrificing security or control. To this end, embodiments of the present disclosure may provide secure message exchange techniques for a source and/or target deployment. Configurable rule sets may be stored in the deployments; the rule sets may define what messages may be communicated between deployments. The deployments may implement a selective filtering scheme in one or more stages based on the rule sets to filter outgoing and/or incoming messages.

Abstract: A communication apparatus executes an authentication process with a first other communication apparatus based on information acquired from an image obtained by capturing code information of the communication apparatus and receives, from the first other communication apparatus, first information shared between the first other communication apparatus and a second other communication apparatus. The communication apparatus transmits a search signal including second information based on the received first information and has a smaller amount of information than the first information, and transmits the first information to the second other communication apparatus in a case where a response signal in response to the search signal is received from the second other communication apparatus, and then executes a setting process for setting a communication parameter for communicating with the second other communication apparatus.

Abstract: In one embodiment, a secure computing system comprises a key generation sub-system configured to generate cryptographic keys and corresponding key labels for distribution to computer clusters, each computer cluster including a plurality of respective endpoints, a plurality of quantum key distribution (QKD) devices connected via respective optical fiber connections, and configured to securely distribute the generated cryptographic keys among the computer clusters, and a key orchestration sub-system configured to manage caching of the cryptographic keys in advance of receiving key requests from applications running on ones of the endpoints, and provide respective ones of the cryptographic keys to the applications to enable secure communication among the applications.

Abstract: A method for accessing a network resource including detecting an attempt by a user via a computing device to access a service enabled by a computing system via a network and transmitting via the network to the computing system a first request to access the service in response to detecting the attempt by the user to access the service, the first request including at least one empty personally identifiable data structure. A failure to access the service responsive to the first request is determined. A second request to access the service in response to the first failure to access the service is transmitted via the network to the computing system, the second request including artificial personally identifiable information, and access to the service from the computing system is received for the user.

Abstract: A method of computer authentication of a user request for a Subscriber Identity Module (SIM) card transfer by a biometric signature from a user equipment (UE) comprising assigning a risk score, by a mobile service provider, to a user account based on user activity in the user account, wherein the user activity includes a SIM card transfer authorization. The mobile service provider then sends a message requesting a biometric signature from an authentication application executing in memory on the UE. The authentication application on the UE then proceeds capturing a biometric signature, encrypting the biometric signature, and sending an encrypted biometric signature to the mobile service provider using a wireless communication protocol. The mobile service provider then compares the biometric signature to an authorized signature and modifies the risk score based on the comparison.

Abstract: The present disclosure relates to methods and systems for contextual data masking and registration. A data masking process may include classifying ingested data, processing the data, and tokenizing the data while maintaining security/privacy of the ingested data. The data masking process may include data configuration that comprises generating anonymized labels of the ingested data, validating an attribute of the ingested data, standardizing the attribute into a standardized format, and processing the data via one or more rules engines. One rules engine can include an address standardization that generates a list of standard addresses that can provide insights into columns of the ingested data without externally transmitting the client data. The masked data can be tokenized as part of the data masking process to securely maintain an impression of the ingested data and generate insights into the ingested data.

Abstract: Systems, computer program products, and methods are described herein for implementing real-time redaction in a workflow configurable environment. The present invention is configured to electronically receive, from a user input device, a request to load at least one user interface associated with an application; initiate a real-time content redaction engine on contents of the one or more fields associated with the at least one user interface in response to receiving the request, wherein initiating further comprises: parsing one or more embedded structures associated with the one or more fields; identifying private information in the one or more fields based on at least parsing the one or more embedded structures; and masking the private information in the one or more fields; and load the at least one user interface associated with the application in response to masking the private information in the one or more fields.

Abstract: In an approach to improve the field of multi-cloud environments by detecting data corruption between storage systems. Embodiments perform information tunneling on data transferring between a source storage system and a target storage system. Further, embodiments determine a checksum data of a data payload does not match an Internet Protocol (IP) packet extracted checksum and a blockchain based checksum and compare the checksum data at the target storage system with the IP packet extracted checksum and the blockchain based checksum to identify one or more checksum mismatches. Additionally, embodiments identify a corruption in a data payload based on the comparison between the checksum data at the target storage system and the IP packet extracted checksum and the blockchain based checksum, validate the corruption in the data payload, and update respective entities of identified corruption in the data payload.

Abstract: A method includes requesting, by a first computing device having a first application and a first Transport Layer Security (TLS) library, a sequence of cryptographic keys obtained by a first agent, the sequence of cryptographic keys based on an agent key and provided from the first agent to the first TLS library, requesting, by a second computing device having a second application and a second TLS library, the sequence of cryptographic keys obtained by a second agent, the sequence of cryptographic keys based on the agent key and provided from the second agent to the second TLS library, and communicating between the first application of the first computing device to the second application of the second computing device using the sequence of cryptographic keys based on the agent key.

Abstract: Systems and methods for managing access to computing services include an access manager that receives a request to modify a configuration of a computing service to a new configuration. The access manager stores a previous configuration of the computing service, updates the configuration of the computing service from the previous configuration to the new configuration based on information representing the new configuration, and starts a service request timer for the computing service. The access manager receives a subsequent request. When the subsequent request is a reconnect request, the access manager deletes the stored previous configuration. When the subsequent request is not a reconnect request or a new request the access manager returns an error when the service request timer has not expired, or sets the configuration of the computing service to the previous configuration of the computing service when the timer has expired.

Abstract: A system can include a key cartridge, which can include a housing, an enabling key component, and an electrical connector. The housing may be sized for placement at least partially over or around a latch release mechanism of a slidable rack sled and in a position to obstruct access to the latch release mechanism. The enabling key component can be positioned within the housing and enable operation of an electrical component situated within the slidable rack sled. The electrical connector can be coupled with the enabling key component and sized and positioned for establishing electrical connection between the enabling key component and the electrical component situated within the slidable rack sled when the pluggable key cartridge is installed relative to the server rack sled.

Abstract: Aspects of the disclosure relate to methods, systems, and computing platforms for authenticating activity on another computing device in real-time using a mobile device on a high generation cellular network. Aspects of the disclosure leverage and utilize a user's mobile device connected to a high generation cellular network to collect and analyze data about a user to seamlessly identify and prevent potentially fraudulent transactions. More specifically, the present disclosure uses high generation cellular networks, such as a fifth-generation (“5G”) cellular network, to seamlessly, frequently, and repeatedly monitor a user through a 5G mobile device to provide a variation on two-factor authentication. Aspects of the disclosure provide effective, efficient, scalable, fast, reliable, and convenient technical solutions that address and overcome the technical problems associated with monitoring and preventing in real-time potential fraudulent transactions without burdening users (e.g.

Abstract: This application describes methods, mediums, and systems for verifying a device for use in a messaging system. Using the device verification procedures described, a messaging system can securely authorize new devices to send and receive encrypted messages on behalf of a user, preferably without the need to share a private encryption key between the users' different devices. The application describes several techniques that can be used to provide such a system, including distributing a computer-perceptible code that encodes encryption information between a secondary device and a primary device. This allows the information to be distributed without intervention by a server. Other techniques provide unique ways to build and reverify authorized device lists, distribute encryption keys in chat channels, ensure that lists of authorized devices are distributed in the correct order and remain valid for an appropriate amount of time, add new devices to an ongoing or new conversation, and more.

Abstract: Techniques are disclosed to provide enforceable pseudonymous reputation through chained endorsers. In various embodiments, a request associated with a chained endorsement operation is received via a communication interface. A client identity information is extracted from the request. Data comprising or associated with the client identity information is combined with a secret value. A one-way transform of the combined value is performed. A result of the one-way transform is returned to a client with which the chained endorsement operation is associated.

Abstract: An anonymous disclose and many-to-many recognition system based on blockchain and identity confirmation allowance and a method thereof are disclosed. In the system, an exposing host generates a one-time address and encrypt the disclosure data into the encrypted data, write the encrypted data into the blockchain; an identity confirmation host generates a valid flag, and an announcement host decrypts the encrypted data to generate a corresponding receipt flag, and garbles a correspondence between the decrypted disclosure data and the corresponding one-time address, to generate and write a shuffled recognition announcement to a blockchain, so that when the exposing host detects the presence of the self-owned disclosure data and one-time address in the shuffled recognition announcement, the exposing host writes a recognition flag into the blockchain. Therefore, the technical effect of improving anonymity and allowing identity confirmation can be achieved.

Abstract: Systems and methods for providing access to historical data over a real-time tunnel are disclosed. The method provides a mechanism for secure communication between one or more historians. In an example, attack surfaces on historians in an industrial control system operational technology (OT) network and in an information technology (IT) networks are reduced and possibly entirely eliminated by tunneling through a DMZ (de-militarized zone) or “secured network”.