Abstract: Various systems and methods are described for correlating technology choices with the risk of system vulnerabilities. A system captures and quantifies both observations of technology choices as well as the outputs certain outputs of internal choices and processes across a number of different organizations. A Bayesian estimate of vulnerability is imputed from the choices and observed use of vulnerable technology, further segmented by business type, revenue, and size. Differences between the observation of a particular organization and Bayesian expected value are measured and converted to vulnerability score, the vulnerability score embodying a point-in-time and longitudinal measure of organizational performance, including the likelihood of future compromise due to software vulnerabilities. The vulnerability score can then be further used to price risk, for example in a cyber insurance context.

Abstract: A transport stack may control identity information that may be owned by a user. An information record of the identity information may be stored on a distributed ledger. Transactors may request a viewing-share for the identity information to support transactions with the user. The transport stack may generate a grant record when a transactor is provided with a viewing-share of the identity information. The grant record may be stored on the distributed ledger. The distributed ledger may provide a verifiable record of the identity information content and history of viewing-share grants.

Abstract: Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or data isolation. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a rootkit defense mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or prevention of malicious code, for example, in a manner/context that is isolated and not able to be corrupted, detected, prevented, bypassed, and/or otherwise affected by the malicious code.

Abstract: A system for data encryption includes any or all of: a set of items, a set of keys, and a server. A method for data encryption includes any or all of: encrypting items, sharing items, and reading items. The method can optionally additionally or alternatively include any or all of: performing a registration process, creating items, restricting access of users and/or supplementary systems to items, and/or any other suitable processes.

Abstract: A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform.

Abstract: An identity broker receives a request for access by a client device to a service provided by a server. In response to the request, the identity broker communicates with a client device to determine whether a security risk is associated with allowing the client device to access data of a service provider. If the client device is secure, the identity broker sends an authentication request to an identity provider. After the identity provider authenticates the client device, the identity broker passes the authentication to the server, which establishes a session with the client device to provide the service. The security state of the client continues to be monitored to determine whether access should continue to be permitted to data associated with a service provider.

Abstract: A computerized-method for initiating a sandbox-testing-process-flow associated with a client-entity, within a server runtime environment and configuring said sandbox testing process flow with money laundering-detection-rules is provided herein.

Abstract: A block chain defining authority and access to confidential data may not be encrypted, and the access to the block chain can be regulated by the block chain itself and an access control server operating in an enterprise information technology (IT) environment. To incorporate authority defined in multiple sources, such as the block chain and the access control server, a token can be created containing multiple layers of permissions, i.e. constraints, coming from multiple sources. Each additional permission attenuates the authority granted by the token. When a processor controlling the access to the block chain receives the token, the processor can check the validity of the token and the authority granted by the token to determine whether the requester is authorized to access at least a portion of the block chain.

Abstract: The disclosure provides some embodiments for securing long training field (LTF) sequence. A responding station (RSTA) configures a location management report (LMR) frame. The LMR frame is configured to include an LMR in respect of a previous measurement, and data to be used to generate a null data packet (NDP) for a current measurement that is to be performed following the previous measurement. The RSTA further encrypts the LMR frame using protected management frames (PMF) scheme, and transmits the encrypted LMR frame to an initiating station (ISTA) for generating an LTF sequence for the current measurement. In response to receiving an NDP announcement (NDPA) and an NDP for the current measurement from the ISTA, the RSTA generates an NDP for the current measurement based on the NDPA and the data using CCMP, and transmits the NDP to the ISTA.

Abstract: To ensure that an electronic device is a secure electronic device, a communication device transmits a request to authenticate the electronic device to a remote electronic device across a network. The communication device receives a security challenge. One or more processors of the electronic device obtain a response to the security challenge using a secret key stored in an encrypted memory of the electronic device. The communication device then transmits the response to the response to the security challenge to the remote electronic device. If the remote electronic device recognizes the response, it transmits a shared secret content marker, which can optionally be presented at a user interface of the electronic device. The request can be automatically initiated by a companion electronic device.

Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: In various representative aspects, methods and apparatus for communications may operate in conjunction with a computer storage system storing information relating to multiple user accounts and a computer system coupled to the computer storage system. The computer system may receive an entry code from a visitor computer associated with at least one of the user accounts. If the entry code is valid, the computer system may receive a communication from the visitor computer and issue the communication, such as by posting to an associated user webpage. In various embodiments, the visitor computer is used by a user that is not registered with the social networking system or is not associated with the account associated with the webpage.

Abstract: A method includes storing a golden copy of a device tree binary of a system in a trusted execution environment, identifying whether one or more parameters of a running copy of a device tree binary of the system are different from corresponding parameters of the golden copy by comparing the running copy with the golden copy, and performing a corrective action responsive to an indication that at least one of the one or more parameters of the running copy are different from the corresponding parameters of the golden copy.

Abstract: Described herein are methods and devices for forensic access control of an electronic device, including encryption and decryption of access keys of an electronic device. Two pairs of asymmetric key pairs (AKP) are created, e.g., created by more than one organization. An encrypted access key is configured to be decrypted by another organization possessing the private key of the first AKP and the private key of the second AKP. In some embodiments, the private key of the second AKP is encrypted. The encrypted private key of the second AKP is configured to be decrypted using the private key of the first AKP. The encrypted access key may be decrypted using the decrypted private key of the second AKP.

Abstract: Various embodiments described herein provide for secure data communication between a host system and a memory sub-system. For example, some embodiments use a salt value, symmetric encryption, and asymmetric encryption to facilitate secure data communication between the host system and the memory sub-system.

Abstract: Multiple systems, methods, and computer program product embodiments for password-less authentication using key agreement and multi-party computation (MPC). In one or more embodiments, following an authentication request received by a host computing device, the host computing device and a user computing device generate a shared key using a key agreement algorithm. Then, the host computing device generates a challenge that is encrypted using the shared key and transmitted to the user computing device. The user computing device decrypts the challenge after regenerating the shared key and sends the decrypted result to the host computing device as the challenge response. The authentication request is granted by the host computing device if the challenge and the challenge response match. New keys and a new challenge are generated for each authentication request. This process relies on public key cryptography eliminating the needs for passwords.

Abstract: Systems and methods mark or identify network data as being of interest by modifying the network data with a tag. A tag may be an unordered set of tag elements, and each tag element may be an ordered sequence of bits. For each data segment or packet transmitted, one or more fields of a network packet may be masked with a randomly chosen tag element.

Abstract: A technique for selectively scrambling data obtained by electronic sensor devices, such as cameras, voice communication devices, and the like, is provided. A payload of the data is scrambled when one or more characteristics of the data indicate that the data may include sensitive information. The scrambled data is transmitted to a target device.

Abstract: A method, a structure, and a computer system for privacy-preserving motion analysis. Embodiments may include collecting data corresponding to a user with one or more sensors and identifying one or more joints of the user based on the data. Embodiments may additionally include generating one or more 3D representations of the one or more joints of the user and anonymizing the one or more 3D representations by applying thereto a joint-centering and a random shuffling. Embodiments may further include classifying one or more actions of the user based on analysing the one or more 3D representations, and exporting at least one of the data and the one or more actions.

Abstract: Systems and methods for enrolling and authenticating a user in an authentication system via a camera of a computing device include capturing and storing biometric information from at least one first image and at least one second image of the user taken via the camera. Prior to use, the user answers personal questions and the answers are stored as stored answer data. Later, such as at a business, the questions are presented to the user and the user provides their personal answers via a computing device. The answers are processed and uploaded to an authentication server where a comparison occurs against the stored answer data. If a match does not occur, then the authentication/identity verification processes ends. If a match does occur, then the authentication process continues. The questions match may serve as a gate function for accessing authentication data stored in a blockchain.