Abstract: Systems and methods are provided for data randomization using live patching. A method may comprise generating a plurality of randomization live patches, wherein each randomization live patch comprises a respective technique for swapping data values within a data structure. The method may comprise identifying software comprising at least one of: an operating system and an application, identifying a first data structure associated with the software, and selecting a first randomization live patch from the plurality of randomization live patches. The method may comprise modifying, during runtime and without restarting the software, the software using the first randomization live patch such that data values within the first data structure are swapped or shifted in accordance with a first technique.

Abstract: Systems and methods relate generally to attendee authentication. In a method, a robot gatekeeper has a multi-function printer with program code configured for character recognition and handwriting analysis. The program code is executed by a processor coupled to the memory to initiate operations including: instructing for placement of a hand for a palm vein scanner and a badge for a badge reader; reading a badge to obtain first identification information; reading a palm to obtain first biometric data; accessing a database to obtain second identification information responsive to the first identification information; comparing the first biometric data and second biometric data obtained from the second identification information; printing an anti-tampering feature on a card; scanning a hand written sample on the card; and analyzing the hand written sample scanned with respect to at least one handwriting exemplar in or associated with the second identification information.

Abstract: Devices and method are disclosed for a load allocation and monitoring for a resource to be allocated in a network, where the resource to be allocated is a critical resource in terms of supply security for a population group and/or a system, and the critical resource comprises electric power, where the network is subdivided into network units, and each network unit has a network unit controller.

Abstract: Methods, devices and systems for enabling a specific registered user to log into a computerized system having multiple registered users by continuously staring at a display associated with the computerized system for at least a pre-determined threshold duration, without requiring any input other than staring to initiate the login process, and without requiring the user to provide any additional login information or authentication information.

Abstract: A user, using a user-computing device connected to a computer network, is authenticated to access a computing resource managed by a system on the computer network. The user computing device presents a user interface to prompt the user to input a value for each of a set of user-defined credentials that the user has previously defined for a SAIF server to authenticate the user to access the computer resource, thereby forming a set of input values. Modified values, each generated from and representing a corresponding one of the input values, are transmitted and validated by comparing them with corresponding modified forms of user-defined credential values stored in a memory, thereby determining whether the user is authenticated to access the computing resource on the system.

Abstract: Methods and systems for performing a computational operation on a server host are provided. Exemplary methods include: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the computational operation; decrypting, in a secure enclave, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in a memory space; performing the computational operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result.

Abstract: Cybersecurity and data categorization efficiency are enhanced by providing reliable statistics about the number and location of sensitive data of different categories in a specified environment. These data sensitivity statistics are computed while iteratively sampling a collection of blobs, files, or other stored items that hold data. The items may be divided into groups, e.g., containers or directories. Efficient sampling algorithms are described. Data sensitivity statistic gathering or updating based on the sampling activity ends when a specified threshold has been reached, e.g., a certain number of items have been sampled, a certain amount of data has been sampled, sampling has used a certain amount of computational resources, or the sensitivity statistics have stabilized to a certain extent.

Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an executable application configured to collect data regarding processes operating on a client device during a time period. The executable application is also configured to purposefully access, during the time period, an application server using a web browser on the client device in an attempt to trigger a malicious application potentially located on the client device. The executable application is configured to transmit, after the time period, the collected data to an analysis server to determine whether the malicious application is located on the client device.

Abstract: Systems and methods for authentication may include a first device including a memory, a communication interface, and one or more processors. The memory may include a counter value, transmission data, and at least one key. The one or more processors may be in communication with the memory and communication interface. The one or more processors may be configured to create a cryptogram using the at least one key and counter value, wherein the cryptogram includes the counter value and the transmission data; transmit the cryptogram via the communication interface; update the counter value after cryptogram transmission; receive an encrypted access token via the communication interface; decrypt the encrypted access token; store the decrypted access token in the memory; and transmit, after entry of the communication interface into a communication field, the access token via the communication interface for access to one or more resources, wherein the access token is encrypted.

Abstract: In various embodiments, an entity may provide a WebView where a transaction between an entity and a data subject may be performed. As described herein, the transaction may involve the collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction. Additionally, the entity may provide a native application where the transactions between the entity and a data subject may be performed. In some embodiments, the system may be configured to share consent data between the WebView and the native application so data subjects experience a seamless transition while using either the WebView or the native application, and the data subjects are not required to go through a consent workflow for each of the WebView and the native application.

Abstract: A content distribution system includes content receivers that provide a plurality of blockchain databases that store transaction records associated with subscriber requests for content, and a computer system that processes those transaction records and enables authorized content receivers to output requested content.

Abstract: A method for providing response-hiding searchable encryption includes receiving a search query for a keyword from a user device associated with a user. The keyword appears in one or more encrypted documents within a corpus of encrypted documents stored on an untrusted storage device. The method also includes accessing a document oblivious key-value storage (OKVS) to obtain a list of document identifiers associated with the keyword. Each document identifier in the list of document identifiers associated with a respective keyword identifier is concatenated with the keyword and uniquely identifies a respective one of the one or more encrypted documents that the keyword appears in. The method also includes returning the list of document identifiers obtained from the document OKVS to the user device.

Abstract: A secure communication channel is established between network devices separated by an unsecured physical space by dynamically performing server/client resolution based on comparison of unique identifiers of the devices. After a link between a first network device and a second network device is established, the devices exchange start frames in accordance with a network security protocol such as the Media Access Control Security (MACsec) protocol. Comparison logic at the first network device compares a value of a unique identifier of the first network device to a value of a unique identifier of the second network device obtained from the start frame transmitted by the second network device, and vice versa. Based on the comparison, one of the devices assumes a server/authenticator role, and the other device assumes a client/supplicant role. The devices operate in their determined roles to perform an authentication process and thereby establish a secure communication channel.

Abstract: A method and system for securing virtual cloud assets at rest against cyber threats. The method comprises determining a location of a view of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is at rest and, when activated, instantiated in the cloud computing environment; accessing the view of the virtual disk based on the determined location; analyzing the view of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset, wherein the virtual cloud asset is inactive during the analysis; and alerting detected potential cyber threats based on a determined priority.

Abstract: A system including at least one remote server and a corresponding user personal computing (PC) device implements a method of providing secure access to personal information. The remote server manages at least one user account and a plurality of business profiles. The user account is associated with a corresponding user PC device and includes personal information and a user access code. The method begins by receiving an access code attempt for the user account with the corresponding user PC device. The access code attempt is relayed from the corresponding user PC device to the remote server. The method continues by receiving at least one service request associated to at least one specific business profile with the corresponding user PC device. The service request is relayed from the corresponding user PC device to the remote server. The specific business profile is granted access to the personal information with the remote server.

Abstract: [Problem(s) to be solved] To provide an eye contact detection device that achieves man-machine interface based on eye contact. [Means for solving problem(s)] An eye contact detection device according to the present invention includes: a light emitting element 200 for emitting light from an opening 260 in an optical axis direction; a light receiving element 220 for receiving light emitted from the light emitting element 200 and reflected off by the eyeball E of user to output an electrical signal in accordance with the received light; a detection circuit 230 for amplifying and binarizing an analog electrical signal output from the light receiving element 220, and an eye contact determination unit 240 for determining the presence or absence of eye contact of user U based on a detection signal output from the detection circuit 230.

Abstract: Systems, methods, and computer readable media for providing a streamlined, comprehensive data privacy opt in and opt out solution. Data privacy laws, also known as data protection laws or consumer privacy laws, prohibit the disclosure or misuse of information held on private individuals. A first device may receive a request from a second device, the request associated with a user. The first device may determine, and based on the user, a privacy regulation. The device may determine a setting associated with the privacy regulation. The device may send, to the second device, the setting.

Abstract: A data manager includes persistent storage and a data register. The persistent storage stores an identity chain and a data availability chain. The data register obtains data associated with an entity registered with the identity chain using a public key associated with the entity; obtains an object identifier associated with the data by storing the data in a data storage as a record; and records, on the data availability chain, both of: the record using a private key associated with the entity, and the object identifier.

Abstract: A computing device includes a processor and a machine-readable storage storing instructions. The instructions are executable by the processor to: receive an input string including sensitive data to be encrypted; identify a first portion and a second portion of the input string, the first portion comprising the sensitive data; select, from a plurality of hash functions, a hash function based on the second portion; and generate a hash value of the first portion using the selected hash function.

Abstract: A method, computer program product, and system includes a processor(s) obtaining an authorization failure from a target application because an access request was denied based on insufficient permissions of a user. The processor(s) institutes a mock interface with a visual appearance of the target application. The mock interface displays predefined data and the target application displays dynamic data, from the server(s) executing the target application. The processor(s) obtains, via the mock interface, a request to change the permissions of the user to the target application, which includes a selection, by the user, through the mock interface, of one or more individual permissions displayed in the mock interface. The processor(s) automatically generates a customized security policy comprising the selection, where based on applying the customized security policy, repeating the access request results in authorized access to the target application.