Abstract: A system and method for predicting and acting on computer network vulnerabilities before they are actually breached or tampered with by malicious external actors. A monitoring computing device assesses the different components within a network and based on a ranking of the devices, a perceived threat analysis and weaknesses within the network, can take appropriate remediation actions for one or more of the devices within the network. Depending on the ranking of a particular computing device within the network and the determined risk, a remediation can include delaying the implementation of a fix for a weakness because the computing device cannot be taken offline at that particular time.

Abstract: A data processing method for a data processing system having a first communications node and a second communications node where the first communications node corresponds to a first blockchain node and the second communications node corresponds to a second blockchain node that maintains a same block chain as the first blockchain node, the method including obtaining, by the first communications node, to-be-verified data when a terminal camps on a target cell, where the to-be-verified data is obtained based on camping information of the terminal, and the target cell is a cell within signal coverage of the first communications node sending, by the first communications node, the to-be-verified data to the second communications node, so that the second communications node verifies the to-be-verified data based on the second blockchain node, and obtaining, by the first communications node, a target block if the verification succeeds.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes by using physical environment information. A computing device may receive video depicting a physical environment and process that video to identify one or more first objects. The computing device may receive a request for access to an account. The computing device may send a prompt for a physical environment description and receive, in response, an indication of one or more second objects. The indication of the one or more second objects may comprise video of the physical environment, a verbal description of the physical environment, and/or text describing the physical environment. The computing device may grant the user device access to the account based on comparing the one or more first objects to the one or more second objects.

Abstract: This application relates to the field of wireless communications technologies, and provides a communication method, including: receiving, by a mobility management network element, first information from a terminal device; obtaining a user equipment context of the terminal device in a public network and a user equipment context of the terminal device in a private network based on the first information; and using the user equipment context of the terminal device in the public network and the user equipment context of the terminal device in the private network as a user equipment context of the terminal device. According to the solution provided in embodiments, the user equipment context of the terminal device includes the user equipment context in the public network and the user equipment context in the private network, so that the terminal device can access both the public network and the private network, thereby improving user experience.

Abstract: A method and system of authenticating a user logon builds a user logon profile with a plurality of user logon features gathered during at least one successful attempted user logon, determines a logon feature novelty score for each feature, receives a user logon request for authentication and extracts current user logon features, retrieves corresponding logon feature novelty scores, determines a first distance function score for the corresponding logon feature novelty scores of the current user logon features, builds a failed logon attempt database, determines a failed logon feature novelty score, extracts the failed logon feature novelty scores corresponding to current user logon features, determines a second distance function score for the corresponding failed logon feature novelty scores of the current user logon features, and determining to one of allow or deny the user logon request based on at least one of the first distance function score and the second distance function score.

Abstract: A user may conduct a plurality of access requests with a plurality of resource provider computers. A processor server computer may determine whether resource provider computers store access data associated with the user in various ways, including detecting patterns in sets of a plurality of access requests conducted between the user and each of the plurality of resource provider computers. Upon detecting that access data has changed, the processor server computer may automatically send the updated access data to each of the identified resource provider computer.

Abstract: Embodiments decrypt or partially decrypt an encoded message or a private key, the encoded message or private key encoded by a public-key cryptography algorithm. Embodiments encode the public-key cryptography algorithm using a language of a program synthesizer and construct a grammar for the program synthesizer. Embodiments train the program synthesizer with training data comprising input-output pairs and execute the trained program synthesizer to generate a mathematical formula. Embodiments validate the generated mathematical formula and then perform the decrypting using the trained and validated program synthesizer.

Abstract: Distinguishing between functional tracking domains and nonfunctional tracking domains on a host web page. In particular, a list of known tracking domains that load content into host web pages may be received. This list of tracking domains may include tracking domains that are functional and tracking domains that are nonfunctional. The tracking domains that are functional may be determined by evaluating various behaviors and characteristics of the tracking domains. Once functional tracking domains have been determined, these functional tracking domains may be allowed, and other tracking domains may be blocked from loading content onto host web pages thereby preserving the functionality of the web pages.

Abstract: A unique transaction key (Tk) is established amongst multiple entities using a common hardware security module (HSM) with a common HMAC key (HK) and transaction scheme name (T). The transaction key (Tk) can be used for various cryptographic functions (e.g. encryption, MAC, HMAC, key management) with one or more messages at the transaction or session level.

Abstract: A method includes receiving data and a plurality of values at a processor. The data can include real-valued data and/or complex data. The plurality of values includes one of a plurality of random values or a plurality of pseudo-random values. The method also includes generating an automorphism, via the processor, based on the plurality of values, and partitioning the data, via the processor, into a plurality of data blocks. The automorphism includes at least one of a linear transformation or an antilinear transformation. Each data block from the plurality of data blocks can have a predefined size. The method also includes applying the automorphism, via the processor, to each data block from plurality of data blocks, to produce a plurality of transformed data blocks, and causing transmission of a signal representing the plurality of transformed data blocks.

Abstract: Techniques are described for providing delegated access to identity data stored on distributed ledger(s), in which the identity data can include image(s) of physical credential(s) and/or biometric data used to identify individual(s). An application programming interface (API) enables access to the identity data. In some instances, the access is provided to an obfuscated version of the identity data and/or to a hash or other digest of the identity data. The identity data is provided by the API according to the individual's delegation. The individual can specify rules that indicate the particular types of identity data that may be provided and/or used for particular purposes, and/or the particular entities authorized to request the identity data.

Abstract: A node provides a service to a client node in a network. The node is configured to execute a code for providing the service to the client node in an enclave of a trusted execution environment (TEE) and to execute a code library in the enclave to attest to the client node the identity of the service provided. The service provided to the client node may be a distributed service including a result of a cooperation of a plurality of neighbor nodes, which are connected to the node either directly or through other intermediate nodes. The code library is configured to attest to the client node the identity of the distributed service.

Abstract: Systems and methods are provided for consolidation of IHS (Information Handling System) VPN (Virtual Private Network) resources utilized by workspaces operating on the IHS, where the workspaces operate in isolation from the operating system of the IHS. A remote workspace orchestration service manages deployment of workspaces on the IHS. The workspaces are instantiated and operate according to a workspace definition provided by the workspace orchestration service. An embedded controller of the IHS registers a VPN consolidation function of the IHS with the workspace orchestration service, which notifies the workspaces of the VPN consolidation function. A VPN workspace is instantiated that operates according to a workspace definition provided by the workspace orchestration service. The respective workspace definitions of the workspaces are updated to route VPN communications to the VPN workspace.

Abstract: Various embodiments include systems and methods to implement a password requirement conformity check. During a password reset process, a proposed password is received. A homomorphic encryption operation may be performed on the proposed password to generate a first character string. The first character string may be compared to a previous character string associated with a previous password to determine a password similarity metric. The password similarity metric may or may not satisfy at least a distance threshold. Responsive to determining that the password similarity metric does not satisfy the distance threshold, there may be a rejection of the proposed password and a prompt to receive an alternative proposed password during the password reset process.

Abstract: Each index value and primary data for generating the index value are stored in a block of a blockchain. The primary data is received from a set of data sources, each associated with one or more index components of the index. Based on the received primary data, the index value is generated. A cryptographic hash value is generated based on the received primary data, the generated index value, and a previous hash value corresponding to a previous time period. The generated index value, the received primary data, and the generated cryptographic hash value are stored in a new block of the blockchain.

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for masked sampling of polynomials for lattice-based cryptography in a processor, the instructions, including: determining a number m of random bits to be sampled based upon a sample bound parameter ?; producing a plurality of Boolean masked shares of a polynomial coefficient each having the determined number m of random bits using a uniform random function; determining that the polynomial coefficient is within a range of values based upon the sample bound parameter ?; converting the plurality of Boolean masked shares of the polynomial coefficient to a plurality of arithmetic masked shares of the polynomial coefficient; and shifting the plurality of arithmetic masked shares based upon the sample bound parameter ?.

Abstract: In one embodiment, a method comprises: generating and maintaining, by a replicator device in a secure peer-to-peer data network, a secure private key and secure public key; establishing a two-way trusted relationship with a second replicator device for a pairwise topology of two-way trusted replicator devices; establishing a two-way trusted relationship with a first endpoint device based on validating a secure attachment request using the secure private key, and obtaining a second secure public key of the first endpoint device; validating, using the second secure public key, a secure data packet from the first endpoint device and destined for the second endpoint device, and obtaining information for reaching the second endpoint device via the second replicator device; and securely signing the secure data packet, received from the first endpoint device and destined for the second endpoint device, into a secure forwarded packet for secure transmission to the second replicator device.

Abstract: A system, method, and apparatus to securely transfer encrypted personal information between devices via code scanning is disclosed. This system provides convenience for both the user and the recipient of the private data in the forms of speed of information transfer and encrypted security of the information shared with the safety of being contactless exchange of information. The user stores encrypted personal information on their mobile computing device. Scanning a unique ID, generated by a recipient, initiates a secure connection between the user and the recipient. The user may be prompted to confirm the transfer of their personal information when the secure connection is established.

Abstract: Authentication of a networked device with limited computational resources for secure communications over a network. Authentication of the device begins with the supplicant node transmitting a signed digital certificate with its authentication credentials to a proxy node. Upon verifying the certificate, the proxy node then authenticates the supplicant's credentials with an authentication server accessible over the network, acting as a proxy for the supplicant node. Typically, this verification includes decryption according to a public/private key scheme. Upon successful authentication, the authentication server creates a session key for the supplicant node and communicates it to the proxy node. The proxy node encrypts the session key with a symmetric key, and transmits the encrypted session key to the supplicant node which, after decryption, uses the session key for secure communications. In some embodiments, the authentication server encrypts the session key with the symmetric key.

Abstract: Method to create trust for blockchains without the need for Proof-of-Work and without the need for multiple contributing nodes. The method comprises one or more, backward chained elements in each block. These elements have a one-way property from the current block to the previous block. The invention can be implemented in Hardware, Software or in a combination of both. Embodiments of the back-step blockchain comprise existing blockchain applications and new blockchain application where speed or physical size or network independency are desired properties. One, but not the only embodiment is the implementation of the back-step blockchain into smartphones.