Abstract: A method, apparatus, and computer program product for offline authentication are provided. An example method includes receiving, by a computing device, a request for authentication from a first user device associated with a first user. The request includes first authentication credentials generated based upon user attributes retrieved by the first user device from a digital identity construct database at a first time. The method includes determining an offline condition of the computing device at a first time. The method also includes obtaining, by the computing device, second authentication credentials associated with the first user that are based upon one or more user attributes retrieved by the computing device from the digital identity construct database at a second time later than the first time. The method incudes determining a discrepancy between the first and second authentication credentials and authenticating the first user based upon a forecast operation of the same.

Abstract: Systems and methods for gateway communications between non-distributed ledger systems and distributed ledger systems are disclosed. In one embodiment, a method for gateway communication may include: (1) receiving, at a listener comprising a computer processor and from an application in a first domain, a message for a destination distributed ledger system that is one of a plurality of distributed ledger systems in a second domain; (2) generating, by the listener, a payload for the message, wherein the payload identifies the destination distributed ledger system for the message; and (3) encrypting, by the listener, the payload and passing a payload message comprising the encrypted payload to one of a plurality of adapters in a gateway communication service using an API. The adapter may receive the payload message, decrypt the payload, identifies the destination distributed ledger system, and communicate the decrypted payload to the destination distributed ledger system.

Abstract: A communication device may obtain email information inputted by a user, the email information including an email address and server information for using a mail server. The communication device may send a first email by using the server information included in the email information. The communication device may register a first password and the email information in a memory in a case where a registration request is received from a terminal device which has received the first email. The communication device may send a second email by using the server information in the memory in a case where a first change instruction is obtained after the first password and the email information have been registered. The communication device may change the first password in the memory to a second password in a case where a change request is received from the terminal device.

Abstract: Provided is a method and apparatus for registering a shared key. A method of registering, by a second electronic device, a shared digital key in a target device includes receiving a digital key sharing attestation and a key tracking server (KTS) signature corresponding to the digital key sharing attestation, receiving an authentication request from the target device, and transmitting an authentication response including the digital key sharing attestation and the KTS signature to the target device in response to the authentication request.

Abstract: Selectively rewriting URLs is disclosed. An indication is received that a message has arrived at a user message box. A determination is made that the message includes a first link to a first resource. The first link is analyzed to determine whether the first link is classified as a non-rewrite link. In response to determining that the first link is not classified as a non-rewrite link, a first replacement link is generated for the first link.

Abstract: The disclosed computer-implemented method for managing privacy policy violations may include obtaining, by the computing device, an intermediate representation of a privacy policy, wherein the intermediate representation denotes a formal policy and is generated by extracting the privacy policy in natural language from a website and parsing the privacy policy. The method may also include comparing, by the computing device, behavior of the website against the intermediate representation, thereby detecting at least one violation of the formal policy. The method may further include enforcing, by the computing device, the formal policy at least in part by taking a security action in response to the violation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems are disclosed for payment authentication. For example, a method may include: the method comprising: storing a first device fingerprint in association with a token representing a primary account number, the first device fingerprint being derived from a device attribute of a user device and behavioral biometric data derived from a behavioral pattern of a user in using the user device; receiving an authentication request indicative of the token and a second device fingerprint generated by a customer device associated with a customer of a merchant, the authentication request being associated with a transaction between the merchant and a customer using the token; identifying the stored first device fingerprint based on the token indicated by the authentication request; and determining whether the second device fingerprint matches the stored first device fingerprint.

Abstract: A data generalization apparatus that can perform generalization processing on large-scale data at high speed using only a primary storage device of a small capacity. Included is a rearrangement unit that rearranges the attribute values in a secondary storage device in accordance with an order of arrangement of the attribute values in a generalization hierarchy in the secondary storage device, an attribute value retrieval unit that retrieves some of the rearranged attribute values from the secondary storage device into a primary storage device, and a generalization hierarchy retrieval unit that retrieves a portion of the generalization hierarchy from the secondary storage device into the primary storage device. Further, there is a generalization processing unit that executes generalization processing based on the attribute values retrieved into the primary storage device and the generalization hierarchy retrieved into the primary storage device, and a re-rearrangement unit.

Abstract: Technologies and techniques for monitoring and correcting the obfuscation of vehicle-related data. Personal data may be removed from the transmitted vehicle-related data, and the vehicle-related data after the removal of the personal references may be combined to form a vehicle-related data set without personal references. A temporal and spatial obfuscation of the vehicle-related data set may be carried out without personal references based on an estimated size of a cluster of data-collecting vehicles for generating an anonymous data set. The anonymous data set, including the degree of obfuscation, may be provided to a data user and an actual cluster size for a spatial region based on the provided anonymous data sets may be determined and compared with the estimated cluster size used for the obfuscation of the anonymous data set. The comparison result may be then used to correct the obfuscation of the spatial region.

Abstract: Systems and methods are described for performing blockchain validation of user identity and authority. In various aspects, the blockchain-based validation system includes: a server communicatively coupled to a blockchain-based network; and program instructions stored in a program memory that, when executed by the server, cause the server to: receive a blockchain ID associated with a user, wherein the blockchain ID is associated with a blockchain; aggregate a plurality of blockchain transactions, the plurality of blockchain transactions including at least a blockchain transaction associated with the blockchain; establish, based on the plurality of blockchain transactions, a trust relationship between the user and a second entity; and generate a trust profile for the user and the second entity based on the trust relationship, wherein the trust profile includes a level of trust between the user and the second entity based on the plurality of blockchain transactions.

Abstract: A computer-implemented method of monitoring activity of devices in a network is provided. The method comprises passively collecting data regarding how the devices access the network, and for each device on the network, identifying all other devices on the network with which the device communicates. All communication traffic from the devices to outside the network is identified. A determination is made if there are any required updates and if patches for the devices execute in a fashion defined as safe. A number of risk indicators for privacy risks are determined according to device communication within the network, device communication to outside the network, and update and patch execution. A visualization of any identified risk factors is displayed to a user through a user interface.

Abstract: Content, such as an encryption key, may be transmitted between computing systems that both use more than one encryption algorithm. Secrets may be used to encode the content. The different encryption algorithms may be used to separately encrypt the encoded content and the secrets prior to communicating the encrypted, encoded content and encrypted secrets between computing systems.

Abstract: Computer-implemented methods, apparatuses, and computer program products are provided for frequency based operations. An example computer-implemented method includes receiving a request for data transfer of a plurality of data elements of a production data environment to a non-production data environment. The method includes determining an access frequency associated with each data element and grouping each data element into a first set of data elements or a second set of data elements based upon the determined access frequency. The method further includes refreshing the first set of data elements according to a first refresh protocol defining a first refresh rate and refreshing the second set of data elements according to a second refresh protocol defining a second refresh rate less than the first refresh rate. The method also includes outputting the plurality of data elements to the non-production data environment.

Abstract: A processing apparatus, an embedded system, a system-on-chip, and a security control method are disclosed. The processing apparatus includes a processor, adapted to execute a program; and a memory, coupled to the processor and adapted to provide a plurality of enclaves isolated from each other. One of the plurality of enclaves is a source enclave, another one of the plurality of enclaves is a target enclave, and the source enclave and the target enclave each are used to provide a storage space required for running a corresponding program. The processing apparatus further comprises a storage access controller, adapted to transmit specified data stored in the source enclave to the target enclave.

Abstract: An image processing device includes: a recognition unit configured to recognize a part of a confidential target from a captured image; a processing unit configured to process the captured image such that the part recognized by the recognition unit is concealed; an encryption unit configured to encrypt data relating to the part recognized by the recognition unit; and a merging unit configured to merge data of the image processed by the processing unit and the data encrypted by the encryption unit.

Abstract: The present invention provides a novel approach for storing, analyzing, and/or accessing biological data in a cloud computing environment. Sequence data generated by a particular sequencing device may be uploaded to the cloud computing environment during a sequencing run, which reduces the on-site storage needs for the sequence data. Analysis of the data may also be performed in the cloud computing environment, and the instructions for such analysis may be set at the originating sequencing device. The sequence data in the cloud computing environment may be shared according to permissions. Further, the sequence data may be modified or annotated by authorized secondary users.

Abstract: Secure communications can be established in which a request is received from a client computing device to instantiate a virtual key store (VKS) node. In response to the request, a cryptographically calculated uniform resource locator (URL) is generated. In addition, a crytopgraphic identity certificate is received from a certification authority server. Subsequently, a virtual desktop infrastructure (VDI) instance is instantiated and configured with the cryptographic identity certificate. Communications are then established between the client computing device and the VDI instance using the generated cryptographically calculated URL such that the VDI instance acts as a cryptographic proxy with at least one remote computing device.

Abstract: Systems and methods for emulator detection are disclosed. In one embodiment, a user agent string may be embedded into a first numerical data vector representation. Hardware characteristics of a client device corresponding to the user agent may be embedded into a second numerical data vector representation. Based on the first numerical data vector representation of the user agent and the second numerical data vector representation of the hardware characteristics, and their consistency, the client device may be determined to be an emulator or a non-emulator device.

Abstract: There is disclosed in an example a gateway device, including a hardware computing platform, and a secure domain name system (DNS) engine having circuitry and stored instructions to-program the circuitry, the secure DNS engine to communicatively couple to an endpoint via a local network, begin a secure DNS transaction with the endpoint, determine whether the endpoint supports delegated credentials, and after determining that the endpoint supports delegated credentials, establish a secure DNS session with the endpoint using a delegated credential.

Abstract: A device may receive historical operational technology data and historical information technology data associated with historical systems and may train a machine learning model with the historical operational technology data and the historical information technology data to generate a trained machine learning model. The device may receive real-time operational technology data and real-time information technology data associated with a system and may process the real-time operational technology data and the real-time information technology data, with the trained machine learning model, to determine a trust score and a risk score for an event or set of events associated with the real-time operational technology data and the real-time information technology data. The device may perform one or more actions based on the trust score and the risk score.