Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for providing intelligent proactive identification of, and protection against, malfeasant data collection, user device control, or user account access. The invention utilizes a continuous data analysis technique in order to recognize patterns in device data and network communications indicative of remote device control requests, and responds to these identified data points by implemented an automated solution to protect users against unauthorized access of their devices or accounts.

Abstract: In a method for statistical analysis of aggregate encrypted data with key-leakage resilience for smart grids, every user area is managed by a fog node which plays the role of data aggregation gateway and data relay. All the users' electricity consumption data sent by smart meters in the same user area are firstly aggregated by the fog node to generate a fog-level aggregate ciphertext. Then the fog node further generates a digital signature for the fog-level aggregate ciphertext and sends these data to a cloud server for long-time storage. The cloud server stores all the aggregate ciphertexts and digital signatures received from different user areas in its database, and provides data query and statistical analysis services for the control center of smart grids. On the premise of without violating users' privacy, the cloud server could provide enough information for the control center, enabling it to compute the sum, arithmetic mean and variance of all users' data in specified areas in a privacy-preserving way.

Abstract: A method including transforming metrics, related to a computer network environment, into a digital image including pixels that represent the metrics. The computer network environment initially is load balanced by a first load balancing scheme selected from among load balancing schemes. The method also includes generating a classification of the digital image. The method also includes selecting, based on the classification of the digital image, a selected load balancing scheme from among the load balancing schemes. The method also includes changing the first load balancing scheme to the selected load balancing scheme such that the selected load balancing scheme is applied to the computer network environment.

Abstract: Methods and systems for detecting a privacy violation in an image file. A policy to be used by a master imaging application is obtained and a file system is monitored for a digital image modified by a monitored imaging application. It is then determined that the digital image file includes at least some content in violation of a defined setting for the master imaging application and, based on the determination that the digital image file includes at least some content in violation of the defined setting for the master imaging application, taking an action.

Abstract: A method includes determining, by a computing device of a storage network, a storage inconsistency exists for a set of encoded data slices based on an indicator of a difference list, where the difference list is regarding storage of the set of encoded data slices within a set of storage units of the storage network and where a data segment is error encoded into the set of encoded data slices. The method further includes determining a storage resolution of a plurality of storage resolutions for the storage inconsistency based on the one or more indicators. The method further includes facilitating the storage resolution to resolve the storage inconsistency for the set of encoded data slices.

Abstract: Systems and methods for side-channel monitoring a local network are disclosed. The methods involve generating a program trace signal from at least one of power consumption, electromagnetic emission, or acoustic emanation of a control processor connected to the local network and operating a monitoring processor to detect a communication of a message on the local network; identify at least one purported control processor related to the communication; analyze the program trace signal of the at least one purported control processor relative to the communication; and at least one of an authenticate or verify one or more purported control processors of the at least one purported control processor based on the program trace signal of the at least one purported control processor.

Abstract: A system comprises a server system including at least one processor. The at least one processor is configured to receive a request to generate a digital secured document, generate a unique identifier of the digital secured document, and embed a plurality of security data in at least one of the one or more defined areas of the digital secured document. The plurality of security data includes a scannable code. The scannable code has embedded therein an encrypted message that, when decrypted by the server system, validates an authenticity of the digital secured document. The at least one processor is also configured to mint the digital secured document on a blockchain, including generate metadata on the blockchain associated with the digital secured document, and store the metadata and one or more images associated with the digital secured document permanently with an on-chain permaweb protocol.

Abstract: Embodiments of the present disclosure provide systems and methods for managing access rights for a copy of an original digital document. The method performed by a server system includes receiving a request for generating a copy of an original document. The method includes performing an authorization of the request for generating the copy of the original document based on the access rights associated with the original document. Further, the method includes generating a copy document of the original document upon successful authorization. The method includes determining the access rights defined for the copy document in the original document. The method further includes transmitting the access rights to the copy document. The method includes sending the copy document with the access rights. The access rights set on the copy document facilitate the user to perform document-related operations on the copy document.

Abstract: A container includes a user program and data generated by the user program within a regulatory jurisdiction. Before the container leaves the regulatory jurisdiction, the data is validated by the jurisdiction to ensure the data complies with privacy laws of the jurisdiction. Upon ingress to a second regulatory jurisdiction, the data is signed locally to provide for confirmation that the data can leave the second regulatory jurisdiction, since it was not generated within the second jurisdiction. By allowing the user program to move from the first regulatory jurisdiction to a second regulatory jurisdiction, the disclosed embodiments overcome limitations in current solutions that restrict access to local data based on what a public application programming interface (API) can provide. By operating within the regulatory jurisdiction, albeit subject to access controls imposed by that jurisdiction, flexibility in the processing of sensitive data is improved.

Abstract: Example methods, apparatus, systems and articles of manufacture (e.g., physical storage media) to implement contextual key management for data encryption are disclosed. Example apparatus disclosed are to determine whether a key mapping is associated with a combination of two or more context rules defined for a set of context values associated with input data to be encrypted. Disclosed example apparatus are also to, in response to a determination that no key mapping is associated with the combination of two or more context rules, map a key identifier to the combination of two or more context rules and generate a key corresponding to the key identifier. Disclosed example apparatus are further to encrypt the input data based on the key to obtain encrypted data.

Abstract: There is provided a system, comprising: a hardware processor(s) executing a code for: receiving a request to identify data for execution of action(s) in a limited allocated memory resource (LAMR) of a blockchain storage system, the LAMR defining storage space for storing data of smart contracts, when the requested data is not found in the LAMR, acquiring a cryptographic proof of the requested data from the LAMR, using the cryptographic proof for acquiring a copy of the requested data from a virtual allocated memory resource (VAMR), storing the copy of the requested data in the LAMR for performing the action(s) by the blockchain storage system using the stored copy, the performance of the action(s) updates the stored copy in the LAMR, replacing the cryptographic proof with a new cryptographic proof created by processing the updated stored copy in the LAMR, and storing the updated stored copy in the VAMR.

Abstract: A data transcoding device includes a memory device for storing clear data containing private information and a processor configured as a data transcoder. The processor is configured to create packets of the clear data, prepare the packets for transcoding the clear data into an indecipherable multimedia data file appearing as noise, by determining properties of the indecipherable multimedia file based on parameters of the clear data. The processor is configured to generate the indecipherable multimedia file by transcoding the clear data based on the determined properties.

Abstract: The present disclosure provides an electronic signature authentication system and method capable of enhancing stability and reliability of an electronic signature by generating electronic signature information for authentication of an electronic document based on biometric information of a user.

Abstract: The disclosed technology addresses the need in the art for a content management system that can be highly flexible to the needs of its subjects. The present technology permits any object to be shared by providing a robust and flexible access control list mechanism. The present technology utilizes a data structure that is highly efficient that both minimizes the amount of information that needs to be written into any database, but also allows for fast reads and writes of information from authoritative tables that are a source of truth for the content management system, while allowing for maintenance of indexes containing more refined data that allow for efficient retrieval of certain information that would normally need to be calculated when it is needed.

Abstract: A system and method for monitoring and protecting sensitive data that includes identifying sensitive data and statically tracking sensitive data using data flow analysis across a code base, monitoring flow of the data during application runtime, and responding to vulnerabilities according to a sensitive data characterization of the data. Identifying sensitive data includes processing a semantic description of the data in the application code and characterizing the sensitive data. Monitoring flow of the data includes: identifying and characterizing sensitive data through data usage, updating the characterization for the sensitive data through data usage, and enforcing security measures on the data according to the sensitive data characterization of the data.

Abstract: A method for providing a secret unique key for a volatile FPGA uses layers of encryption with different and independent keys and the possibility to store auxiliary data in the configuration memory. The configuration may be stored in a bit-file protected using hardwired bit-file encryption. The configuration includes a security block with an embedded group key used for protecting the auxiliary data. In the beginning, the auxiliary data may include a specific field with null identifier, which indicates that the device has not been initialized. During the initialization, the device generates a unique key and sets the field to specific identifier, which indicates that the device has been initialized, and replaces the original auxiliary data in the non-volatile configuration memory with a new auxiliary data constructed from these values. During normal operation this key is fetched from the auxiliary data and used to build a root-of-trust.

Abstract: An example network device receives an encapsulated network packet via a network tunnel; extracts IPv6 header information from the encapsulated network packet; extracts IPv4 header information from the encapsulated network packet; determines that the encapsulated network packet is a spoofed network packet based on the IPv6 header information and the IPv4 header information; and in response to detecting the spoofed network packet, transmits a message to a Tunnel Entry Point (TEP) device, the message including data representing the IPv6 header information and IPv4 header information. A tunnel entry point (TEP) device may receive the message and use the message to detect spoofed IPv6 traffic, e.g., when an IPv6 header and an IPv4 header of an encapsulated packet matches the IPv6 header and the IPv4 header specified in the message. In this manner, the TEP device may block, rate limit, or redirect spoofed network traffic.

Abstract: Techniques for secure fast channel change in live content streaming are described. In some embodiments, during content preparation, a packager and/or an encoder encrypts media content items at both the service level (e.g., by encrypting a first portion of the plurality of segments with a service level access key unique to a service) and the channel level (e.g., by encrypting a second portion of the plurality of segments with a channel level access key unique to a channel associated with the service). On the receiving end, a client device (e.g., a media player) requests a service level access key prior to content acquisition. As such, a client can join any channel on a segment protected with the service level key without waiting for a license for that channel first, and the channel license can be acquired in parallel with the content acquisition during channel switching.

Abstract: Technologies are disclosed for integrating an account with a third-party application. Upon completion of an account creation procedure or an account configuration procedure at a service provider network, a system may automatically (e.g., absent additional manual inputs) integrate the new account and/or the account configuration with the third-party application, for instance, such that the new account and/or the account configuration is replicated across multiple cloud accounts managed by the third-party application. The service provider network may comprise an organization account creator, an account configurer, an event monitor for detecting an account-related event (e.g.

Abstract: A method for sharing resource identification includes receiving, at a lookup service, from a first application executing on a particular device associated with a user, a resource identifier (ID) request requesting the lookup service to provide the first application access to a resource ID that identifies the particular device. The method also includes determining, by the lookup service, whether the first application executing on the particular device is authorized to access the resource ID. When the first application is authorized to access the resource ID, the method includes obtaining, by the lookup service, the resource ID and transmitting, by the lookup service, to the first application executing on the particular device, the resource ID.