Abstract: A method for managing a consent receipt under an electronic transaction, comprising: receiving a request to initiate a transaction between the entity and the data subject; providing a privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; accessing the privacy policy associated with the entity; storing one or more provisions of the privacy policy associated with the entity; providing a user interface for consenting to the privacy policy associated with the entity; receiving a selection to consent to the privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; generating, by a third-party consent receipt management system, a consent receipt to the data subject; and storing the generated consent receipt.

Abstract: A method comprises: a first data processing device requesting attestation of a second data processing device; the second data processing device generating a device-specific attestation message in dependence upon a device-specific key, a hardware configuration of the second data processing device and a software configuration of software running on the second data processing device; the second data processing device generating an application-specific attestation message in dependence upon an interaction protocol by which the first data processing device and the second data processing device interact; the second data processing device cryptographically binding the application-specific attestation message to the device-specific attestation message; the first data processing device verifying the application-specific attestation message, the verifying step comprising detecting a trusted status of the application-specific attestation message by verifying the device-specific attestation message cryptographically boun

Abstract: Systems, methods, and apparatuses for authenticating requests to access one or more accounts over a network using authenticity evaluations of two or more automated decision engines are discussed. A login request for access to a user account may be submitted to multiple decision engines that each apply different rulesets for authenticating the login request, and output an evaluation of the authenticity of the login request. Based on evaluations from multiple automated decision engines, the login request may be allowed to proceed to validation of user identity and, if user identity is validated, access to the user account may be authorized. Based on the evaluations, the login attempt may also be rejected. One or more additional challenge question may be returned to the computing device used to request account access, and the login request allowed to proceed to validation of identity if the response to the challenge question is deemed acceptable.

Abstract: Systems and methods for accessing credentials from a blockchain are provided. A computing device requests for a server to process a transaction. In response to the request, the server transmits a server public key to the computing device. A key generator of the computing devices uses the user private key and the server public key to generate a user public key. The user public key includes permissions to access credentials that are stored on blockchain. The server receives the user public key and generates a request for credentials to blockchain. The request includes the user public key and the server private key. The blockchain receives the request and generates an identity token. The identity token includes credentials that are specified in the user public key. The blockchain transmits the identity token to the server and the server uses the identity token to processes the transaction.

Abstract: A process of requesting and providing an anonymization service for sharing images or videos capturing identity of persons. An anonymization server receives a request including information corresponding to an identifier identifying the image or the video, a region within the image or video in which an identity of a person is captured, an encryption key used to encrypt the region of the image or the video, and contact information of the person. When the anonymization server receives a request from the second agency to share an encryption key for decrypting the region, the server transmits a request to the person to provide a permission to deanonymize the identity of the person captured in the image or video. The anonymization server transmits a response including the encryption key to the second agency when a response indicating a permission is received from the person.

Abstract: Techniques for performing predictability-driven compression of training data sets used for machine learning (ML) are provided. In one set of embodiments, a computer system can receive a training data set comprising a plurality of data instances and can train an ML model using the plurality of data instances, the training resulting in a trained version of the ML model. The computer system can further generate prediction metadata for each data instance in the plurality of data instances using the trained version of the ML model and can compute a predictability measure for each data instance based on the prediction metadata, the predictability measure indicating a training value of the data instance. The computer system can then filter one or more data instances from the plurality of data instances based on the computed predictability measures, the filtering resulting in a compressed version of the training data set.

Abstract: The present invention concerns the field of software verification, in particular to check whether the run-time integrity of a software application can be demonstrated.

Abstract: A method of identifying one or more pieces of personal data associated with a data subject based at least in part on one or more triggering action; identifying a storage location of each of the one or more pieces of personal data associated with the data subject; automatically determining that a first portion of the one or more of the pieces of personal data has one or more legal bases for continued storage; automatically maintaining storage of the first portion of the one or more pieces of personal data; and automatically facilitating deletion of a second portion of the one or more pieces of personal data associated with the data subject.

Abstract: An example of a computer-readable medium to store machine-readable instructions. The instructions may cause a processor to verify a licensing object and determine a license has expired. An application may be controlled based on an expiration parameter specific to the licensing object.

Abstract: A security device generates a key based on a physically unclonable function (PUF). The security device includes a physically unclonable function (PUF) block, an integrity detector, and a post processor. The PUF block outputs a plurality of first random signals and a plurality of corresponding first inverted random signals each having a logic level opposite to that of each of the plurality of corresponding first random signals. The integrity detector determines data integrity of the plurality of first random signals by using the plurality of first random signals and the plurality of corresponding first inverted random signals. The post processor generates a first row key that includes validity signals satisfying the data integrity.

Abstract: Techniques are disclosed relating to a computer system accessing a client credential set to authenticate with a destination computer system. A computer system may, subsequent to receiving an indication to make available an application for a particular user, retrieve configuration data specifying a reference to a key value. The computer system may maintain a data object that includes a client credential set for the particular user. In response to an occurrence of an event associated with the application, the computer system may access the client credential set of the particular user from the data object using the key value and an indication of the particular user. The computer system may then send a request including the client credential set to a destination computer system for authentication with the destination computer system and receive a response indicating whether the computer system has been authenticated.

Abstract: A scalar multiplication operation includes an iterative procedure performing a set of operations at each iteration on a bit or on a group of consecutive bits of a secret key. The multiplication operation includes multiplying values of projective format coordinates by a random value. The random value is a product of a random number generated over a range having as end value a first value, with a second value, which is larger than said first value. The first value is a power of two of a word size multiplied by a multiplier value, minus one. The second value is equal to a power of two of a number of bits of the coordinates divided by the first value. The multiplier value is an integer greater than or equal to one and smaller than a ratio of said number of bits to the word size.

Abstract: Device for secure distance measurement being a prover (P) or a verifier (V) comprising: a receiver (R3) configured to receive a receiving signal (RS) with a transmitted message (M) encoded therein, wherein the transmitted message (M) contains a verifying bit sequence (VBS), wherein a bit of the transmission message (M) is transmitted in the transmission signal (TS) by a pulse with a pulse modulation parameter with two pulse states, and a decoder (R2) configured to decode the verifying bit sequence (VBS) from the transmitted message (M) encoded in the receiving signal (RS).

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: A method, apparatus and system for secure one-way RFID tag identifications provided. The method comprising generating, at an RFID tag, an auxiliary identifier; generating, at an RFID tag, a secure representation based on the auxiliary identifier; transmitting, from the RFID tag and receiving at an RFID reader, one or more representations of the auxiliary identifier and the tag identifier including the secure representation; and verifying the identity of the RFID tag based on the received representations.

Abstract: A method for scanning a website and tracking data subject interaction with the website, comprising: determining a data subject is interacting with a particular website; determining one or more website parameters associated with the particular website, the one or more website parameters associated with the particular website include scanning the particular website to determine website cookies that capture data subject information, and determining a website category of the particular website; determining a geo-location of the data subject when the data subject is interacting with the particular website; determining one or more data subject consent parameters based at least in part on the one or more website parameters associated with the particular website and the geo-location of the data subject when the data subject is interacting with the particular website; and applying the one or more data subject consent parameters to the data subject interaction with the particular website.

Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may support the correlation of identities from authoritative source systems and accounts from non-authoritative source systems using artificial intelligence techniques.

Abstract: A method by a network device for assigning data types to data values included in application programming interface (API) responses sent by an API server to one or more API clients via an API. The method includes obtaining a first set of API responses from an endpoint of the API, generating a profile for the endpoint of the API based on analyzing the first set of API responses, where the profile of the endpoint indicates an expected structure of API responses and expected data types associated with data fields included in API responses, obtaining a second set of API responses, and using the profile of the endpoint of the API to assign data types to data values included in API responses in the second set of API responses.

Abstract: A method of cracking a private key of an asymmetric cryptosystem includes extracting a modulus and a public key exponent from a public key, calculating the digital root of the modulus, deriving a set of candidate base pairs corresponding to the digital root and the last digit of the modulus, each of the candidate base pairs including a first candidate base and a second candidate base, iteratively testing values of a multiplier until a sum of one of the candidate bases with ninety times the multiplier is a factor of the modulus, and determining the private key using the public key exponent and the factor of the modulus. The method may further include decrypting an encrypted message using the private key.

Abstract: A system and method for securely encrypting and booting a headless appliance. A computerized method is disclosed that includes: providing the network appliance with content encrypted with a secret key; launching the network appliance in a fallback configuration that provides limited operational capabilities; forwarding a request for the secret key to an online service that independently utilizes an identity provider to establish trust with an appliance administrator; receiving the secret key from the online service upon establishment of trust with the appliance administrator; decrypting the content with the secret key received from the online service; and utilizing the content to launch the network appliance in a full configuration.