Abstract: A digital license plate has a secure communication system able to initialize the digital license plate, support external communications, and have various antitheft features. In some embodiments, a communication module can transmit both vehicle identification number and digital license plate identifier to a central server. The central server is able to act in the event of a security mismatch to modify operation of the digital license plate.

Abstract: A technological approach to management of data lifecycle includes protecting data. Datasets from distinct computing environments of an organization can be scanned to identify data elements subject to protection, such as sensitive data. Data lineage associated with the identified data elements can be determined including relationships amongst other data and linkages between computing environments or systems. The identified elements can be automatically protected based at least in part on the lineage such as by masking, encryption, or tokenization. Further, the datasets can be monitored to create audit trails for interactions with the datasets.

Abstract: The description relates to systems and methods for extending applications. For example, a voice assistant application can be the application to be extended. In an example, a mobile banking application can be the application that provides the extension. For example, a voice assistant might not have capability to conduct fingerprint (or biometric) authentication and bill payment function. An extension point within the voice assistant application that would enable this kind of capability might not exist. The mobile banking application can have a biometric tool for fingerprint authentication capability and a payment tool for a bill payment or money transfer function. Embodiments described herein can involve a deep link from the voice assistant application to the mobile banking application (which does offer fingerprint authentication and bill payment capability). The navigation to the mobile banking application can generate a visual impression at the UI similar or consistent with the voice assistant application.

Abstract: Embodiments of the present disclosure provide methods and apparatuses for blockchain-based multi-party computation, a device and a medium, relate to blockchain technology in the field of computer technology. An embodiment of the method can include: encrypting business data, to obtain a ciphertext of the business data; hashing the ciphertext of the business data, to obtain a hash result of the business data; sending the hash result of the business data to a blockchain node, so that the blockchain node writes the hash result of the business data into a blockchain; and sending the ciphertext of the business data to a target trusted computing module in a target server, for instructing the target trusted computing module to perform multi-party computation based on the ciphertext of the business data and the hash result of the business data in the blockchain.

Abstract: A computer-implemented method includes receiving deduplication information at a storage system. The deduplication information is accessible to the storage system for performing operations thereon. The deduplication information includes signatures associated with portions of client data. The method also includes receiving the client data encrypted with a client secret key. The client secret key is unavailable to the storage system. The method includes deduplicating data chunks stored in the storage system against chunks of the client data, wherein the client data chunks are selected from the client data for deduplication using the deduplication information.

Abstract: A model parameters security protection method is implemented in a computing device in communication connection with at least one security protection device. The method includes training a data model based on an artificial neural network using a number of images and obtaining parameter information of the data model, encrypting the parameter information and generating a configuration file comprising the encrypted parameter information, and sending the configuration file to the at least one security protection device. The parameter information includes at least one of a weight of neuron and an offset value of the neuron of the artificial neural network.

Abstract: A method including determining, by a manager device configured to manage network services provided by an infrastructure device, a manager request including a signature header signed by utilizing a manager private key associated with the manager device and a timestamp header identifying a point in time when the signature header was signed; transmitting, by the manager device to the infrastructure device, the manager request to request performance of an action associated with managing the network services; authorizing, by the infrastructure device, the manager request based at least in part on determining that a difference between the point in time when the signature header was signed and a current time satisfies a predetermined duration of time; and enabling, by the infrastructure device, performance of the action associated with managing the network services based at least in part on authorizing the manager request. Various other aspects are contemplated.

Abstract: A method and apparatus for processing a transaction between a merchant system and a customer system, the customer system associated with a customer of the merchant are described. The method may include receiving, at a commerce platform, a transaction request from the merchant system, wherein the transaction request is generated by the merchant system and comprises a card identifier and encrypted payment card data, wherein the card identifier is determined from card data for a payment card used in the transaction and the encrypted payment card data comprises at least an encryption of a payment account number. The method may also include decrypting, by the commerce platform, the encrypted payment card data using an encryption key selected based on the card identifier, the encryption key associated with the commerce platform. Furthermore, the method may include authorizing, by the commerce platform in communication with one or more authorization systems, the transaction using the decrypted payment card data.

Abstract: A method, system, and computer program product for key in lockbox encrypted data deduplication are provided. The method collects a set of deduplication information by a host in communication with a storage system via a communications network. A fingerprint is generated for a data chunk to be stored on a storage system. The method encrypts the data chunk using a first encryption key to generate an encrypted data chunk. The fingerprint is encrypted with a second encryption key to generate an encrypted fingerprint. The method encrypts the first encryption key with a third encryption key to generate a first encrypted key. The method encrypts the first encryption key with a fourth encryption key to generate a second encryption key. A data package is generated for transmission to the storage system. The method transmits the data package to the storage system.

Abstract: A packet is received by a hypervisor from a first virtualized execution environment, the packet to be provided to a second virtualized execution environment. It is then determined whether the packet was successfully delivered to the second virtualized execution environment. In response to determining that the packet was not successfully delivered to the second virtualized execution environment, a network policy is identified that indicates whether to subsequently provide the packet to the virtualized execution environment. In response to the network policy indicating that the packet is to be subsequently provided, the packet is provided to the virtualized execution environment again.

Abstract: This disclosure describes techniques that include identifying sensitive information from any appropriate set of data, such as data produced by operations of a business or organization. In one example, this disclosure describes a method that includes receiving text data containing sensitive information, including structured sensitive information and unstructured sensitive information; applying a rule-based model to identify the structured sensitive information in the text data; applying a machine learning model to identify the unstructured sensitive information in the text data, wherein the machine learning model has been trained to identify unstructured sensitive information in text; and generating output text data from the text data by modifying the structured sensitive information identified by the rule-based model and the unstructured sensitive information identified by the machine learning model.

Abstract: Managing network interactions by engaging a networked information broadcast service, receiving information from the networked information broadcast service, filtering the information according to a profile, and sending information according to the filtered information using another network communications connection.

Abstract: A system and method for secure cloud computing. The cloud based processing system comprises a user interface, allowing a user to enter and edit data, a proxy server, and a cloud based processing server. The user interface sends data entered by a user to the proxy server, which sends the encrypted data to the cloud based processing server. The proxy server receives editing commands from the user interface, and sends those commands to the cloud based processing server along with the encrypted data. The cloud based processing server receives the encrypted data and editing commands, applies the editing commands to the encrypted data, and sends the edited encrypted data back to the proxy server.

Abstract: A user using a client computer registers with a server computer over a computer network by submitting a biometric scan of a body part of the user. The user commands the client computer to encrypt an electronic file. The client computer generates a private key, encrypts the electronic file and transmits the key to the server computer. The client computer saves the encrypted file. The encrypted file and the key are saved at different physical locations. The owner of the file is able to grant permission to other registered users to unlock the encrypted file.

Abstract: A method of controlling the operating mode of a remote device based upon a local user preference setting includes determining a user privacy setting by a user at a local device and storing the user privacy setting. The user privacy setting is conveyed to the remote device and the operational mode of the remote device is modified based upon the transmitted user privacy preference setting. The operational mode of the remote device is returned to the normal operational mode upon meeting a predetermined condition.

Abstract: Embodiments disclosed herein relate to methods, systems, and computer programs for verifying that data incorporated into a computer program is current. The methods, systems, and computer programs compare a source identifier status code associated with the data to a current source identifier status code at the location where the data was obtained. The methods, systems, and computer programs include at least one validation function which determines the validity of the data according to selected parameters. If the source identifier status code and current source identifier status code match and the at least one validation function determines the data is valid, an executable computer program incorporating the data and one or more functions is produced as output.

Abstract: A storage system and method for command execution ordering by security key are provided. In one example, the storage system has a non-volatile memory, a volatile memory storing a plurality of keys, and a controller with a cache storing a subset of the plurality of keys. The storage system gives priority to a command whose key is stored in the cache in the controller over commands whose keys are stored only in the volatile memory. This avoids transferring a key from the volatile memory to the cache in the controller, thereby improving efficiency of the storage system.

Abstract: Systems, methods, and computer program products for a contactless automated teller machine (ATM) experience receive, from a telephone number, a first short message service (SMS) message including a unique identifier associated with an ATM terminal; in response to receiving the first SMS message, communicate, to the ATM terminal, a first password associated with the telephone number and the unique identifier; receive, from the telephone number, a second SMS message including the first password; verify the first password; in response to verifying the first password, transmit, to the telephone number, a third SMS message including an option to withdraw cash from the ATM terminal; receive, from the telephone number, a fourth SMS message including a selection of the option to withdraw the cash from the ATM terminal; and communicate, to the ATM terminal, a cash dispense command that causes the ATM terminal to dispense the cash.

Abstract: A method and a system for preventing an activity of a malware application in a computer system are provided. The method comprising: receiving at least one artefact of a sandbox environment to be installed in the computer system for simulating the sandbox environment in the computer system; receiving an indication of at least one interaction of a given application with the at least one artefact; analyzing an activity of the given application to detect at least one of a first type event and a second type event triggered thereby after executing the at least one interaction; in response to the analyzing rendering a positive result: identifying the given application as being the malware application; and using data indicative of a digital footprint of the given application in the computer system for further updating the at least one artefact for further preventing the activity of the malware application.

Abstract: A method for initiating a cardless automated teller machine (ATM) transaction via a mobile computing device includes: storing, in a memory of a mobile computing device, at least transaction account data and authentication data; receiving, by an input device of the mobile computing device, at least desired transaction data and authentication information; receiving, by the input device of the mobile computing device, a unique identifier associated with an automated teller machine (ATM); authenticating, by an authentication module of the mobile computing device, the received authentication information based on the stored authentication data; and electronically transmitting, by a transmitting device of the mobile computing device, at least the received desired data and unique identifier and a result of the authentication to an external computing system.

Abstract: A method performed by a device for identifying a network node within a network to which data will be replicated is disclosed. The method comprises encrypting a session key according to an attribute-based encryption scheme; broadcasting the encrypted session key within the network; receiving at least one message encrypted using the session key from at least one network node within the network; and selecting a network node from the at least one network node to which data will be replicated. A further method, a device and a non-transitory machine-readable medium are also disclosed.

Abstract: In one embodiment, a file system of a computing device may receive from a first application a write request to write a file to a storage device of the computing device. The request may include a privacy preference for the file. In response to the write request, the file system may generate privacy metadata corresponding to the privacy preference, associate the privacy metadata to the file, and write the file and the associated privacy metadata to the storage device. The file system may receive from a second application a read request to read the file from the storage device. In response to receiving the read request, the file system may provide the second application access to the file and the associated privacy metadata. The privacy metadata can be configured to be used by the second application to select a distribution policy for the file.

Abstract: The present invention concerns a method for secure data classification by a computer platform. A client sends to the platform data to be classified in encrypted form using a first symmetric key. Similarly, a supplier sends to the platform parameters of a classification model in encrypted form using a second symmetric key. The invention uses a homomorphic cryptosystem defined by a public key and a private key. The platform performs a first transcryption step by deciphering the data to be classified in the homomorphic domain and a second transcryption step by deciphering the model parameters in the homomorphic domain. The classification function is then evaluated in the homomorphic domain for providing a classification result encrypted by said public key.

Abstract: In some examples, a system and method for pairing a payment object reader with a point-of-sale (POS) terminal is described herein. The payment object reader includes one or more light indicators configured to display information in an optical pattern of one or more colors, brightness, lightness, and intensities, wherein the light indicators display a first optical pattern representative of an operational status of the payment object reader in a first mode, and a second optical pattern representative of a pairing code in a second mode. A display control component, executed by a processor, is configured to control the light indicators in accordance with the pairing code to generate the second optical pattern, the second optical pattern when shared with the POS terminal enables pairing between the payment object reader and the POS terminal. When paired, the payment object reader allows the POS terminal to accept payments from a customer.

Abstract: A key rotation that results in a first key version associated with a key being replaced by a second key version associated with the same key, wherein the first key version remains associated with the key for decrypting a previously generated ciphertext but not for future encryption requests. The first key version may be associated with a first cryptographic key material and the second key version may be associated with a second cryptographic key material different from the first cryptographic key material.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for referenced access control lists. In one aspect, a method includes accessing an object hierarchy for a plurality of objects, each object being representative of one of a storage location or a file. The object hierarchy includes for each object, a respective node, for each object that is a parent object having a child object, a directed edge connecting the node representing the parent object. In addition, for each object, including metadata that includes an access control list identifier that identifies an access control list for the object and that is owned by an access control list root object. The method including receiving updates to an access control list for particular objects, generating a new access control list, and storing the new access control list identifier in metadata for each object that descends from the particular object.

Abstract: There is provided a computer implemented method encrypting and/or decrypting data, comprising: accessing data for encryption and/or decryption, wherein the data is of a user account of a plurality of user accounts, obtaining an account key in an encrypted state, the account key is obtained from an account key dataset storing at least one encrypted account key for each of the user accounts, providing over the network, the encrypted account key to a key management system(s) (KMS) hosted by a server, receiving over the network, a decrypted account key from the server hosting the KMS(s), wherein the KMS(s) decrypts the encrypted account key using an organization key stored and managed by the KMS(s), storing the decrypted account key in a data storage device set to provide temporary storage for decrypted account keys, and encrypting and/or decrypting the data associated with the user account using the decrypted account key.

Abstract: A system and methods for facilitating secure computing device control and operation. The invention discloses a framework to supply security and policy-based control to computing applications as a software service. Clients running the framework make requests for services whereby they identify the service needed and its required parameters, encrypt and sign them, and send them to the service handler. The service handler decrypts, checks for policy allowance, and then, if allowed, executes the functions. The handler then encrypts and returns the response to the client. The framework allows for an aggregator that collects service requests for any number of clients and manages the distribution to service handlers and communications back to the clients.

Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web browser can receive a document comprising a plurality of data elements including a secure element that comprises an encrypted value. An extension component may generate a secure container element to replace the secure element. The extension component can also insert a subdocument into the secure container element. The web browser may be configured to prevent web applications from accessing the subdocument. The extension component may also decrypt the encrypted value to generate a clear value and write the clear value to the subdocument. The web browser may render the document using the clear value.

Abstract: A method and system for performing authentication for a backup service provided by a server is provided. The method receives a request for authentication from a client device, the request for authentication including a signature generated using a private key. The method sends a request to obtain a public key corresponding to the private key to the server and receives the public key from the server, the public key being retrieved by the server from a backup of a virtual machine. The method verifies the signature using the public key and generates a token encrypted using the public key, the token enabling the client device to access the server for the backup service. The method sends the token to the client device, the token to be decrypted using the private key by the client device.

Abstract: Embodiments are directed to providing remote healthcare services including remote diagnostics, and facilitating third-party healthcare payments. In one embodiment, a computer system receives an input including authentication credentials from a healthcare entity, and also requests assistance from another healthcare entity. The computer system authenticates the first healthcare entity using the authentication credentials, receives an input including authentication credentials from the other healthcare entity, and authenticates the other healthcare entity using these authentication credentials. The computer system further receives real-time information related to a health condition of a patient, where the real-time health condition information is provided to the second healthcare entity.

Abstract: The description relates to systems and methods for extending applications. For example, a voice assistant application can be the application to be extended. In an example, a mobile banking application can be the application that provides the extension. For example, a voice assistant might not have capability to conduct fingerprint (or biometric) authentication and bill payment function. An extension point within the voice assistant application that would enable this kind of capability might not exist. The mobile banking application can have a biometric tool for fingerprint authentication capability and a payment tool for a bill payment or money transfer function. Embodiments described herein can involve a deep link from the voice assistant application to the mobile banking application (which does offer fingerprint authentication and bill payment capability). The navigation to the mobile banking application can generate a visual impression at the UI similar or consistent with the voice assistant application.

Abstract: The systems, devices, and methods discussed herein are directed to a portable communication device, or a user equipment (UE), for obtaining cellular network services with an unassociated cellular network with assistance from a wireless local area network (WLAN). The UE registers with the WLAN, discovers the unassociated cellular network, sends request to a WLAN service provider of the WLAN to obtain cellular network services with the unassociated cellular network, and obtains cellular network services with the unassociated cellular network.

Abstract: A cloud-based platform encrypts data imported from an organization using respective data encryption keys (DEK). The platform prevents decrypted data of the organization, and the DEK(s) used to encrypt such data, from being persistently retained within the platform. Access to the DEK may be controlled by the organization. Accordingly, the organization may retain control over access to its data, after the data has been exported to the platform. The platform may provide a purge control by which the organization can configure the platform the purge any cached DEK and/or unencrypted data pertaining to the organization.

Abstract: A method for combining different partial data includes providing a secure connection between a connection unit in a first network and an analysis unit a second network, separating original data into at least two items of partial data comprised of analysis data and personal data as first and second partial data that can be assigned to each other by way of assigning information, pseudonymizing the second partial data, transmitting the first partial data and pseudonymized second partial data and the assigning information to the analysis unit, storing the second partial data on the connection unit, providing third partial data on the analysis unit in the form of analyzed first partial data, transmitting the third partial data and the pseudonymized second partial data with the assigning information to the connection unit via the secure connection, and combining the third partial data and the second partial data using the assigning information.

Abstract: Authentication is a key procedure in information systems. Conventional biometric authentication system is based on a trusted third-party server which is not secure. The present disclosure provides a privacy preserving multifactor biometric authentication for authenticating a client without the third-party authentication server. The server receives a plurality of encrypted biometric features from the client, encrypted using Fully Homomorphic Encryption. Further, the server evaluates the plurality of encrypted biometric features to obtain a client identifier value and a plurality of encrypted resultant values. The server encrypts each of the plurality of resultant values based on a time based nonce and the client identifier value. The encrypted authentication tags and the corresponding resultant values are aggregated by the server and transmitted to the client. The client decrypts the resultant value and the authentication tag and transmits to the server.

Abstract: An object blocking method, a terminal, a server, and a storage medium are provided. The method includes: sending, when whether to block a target object cannot be determined according to a first blocking strategy library, feature information of the target object to a server. The feature information instructs the server to generate a target blocking strategy according to the feature information and feed back the target blocking strategy. The method also includes: receiving the target blocking strategy fed back by the server; adding the target blocking strategy to the first blocking strategy library; and performing subsequent object blocking according to the first blocking strategy library added with the target blocking strategy, including: determining whether to block the target object according to the target blocking strategy in the first blocking strategy library.

Abstract: A method and a computing apparatus for tracking device utilization are provided. The method includes: obtaining first data that relates to a physical location of a device; obtaining second data that relates to network switch information of the device; obtaining third data that relates to a network activity performed by using the device; using each of the first data, second data, and third data to determine a utilization of the device; and outputting a result of the determination. The first data may include a building identification, a floor number, and/or a seat identification. The second data may include a switch host name, card information, and/or port information. The third data may include a management system into which the device is logged in.

Abstract: Systems and methods utilized to protect data. One method includes maintaining, by one or more processing circuits in a production environment, encrypted data associated with a cryptographic function. The method further includes decrypting, by the one or more processing circuits in the production environment, the encrypted data to generate cleartext data. The method further includes encrypting, by the one or more processing circuits, the cleartext data using a homomorphic encryption function to generate ciphertext data. The method further includes masking, by the one or more processing circuits, the ciphertext data using a masking function to generate alternate ciphertext data. The method further includes decrypting, by the one or more processing circuits, the alternate ciphertext data to generate masked cleartext data and storing, by the one or more processing circuits in a lower environment, the masked cleartext data.

Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.

Abstract: A method for validating a message recipient includes: storing, in a memory of a processing server, a device profile, wherein the device profile is related to a mobile computing device and includes at least a device identifier, and token validation data; receiving, by a receiver of the processing server, a data signal from an external system that is encoded with a message packet, wherein the message packet includes at least the device identifier, a device token, and a content message; validating, by a processing device of the processing server, the device token using at least the token validation data; and electronically transmitting, by a transmitter of the processing server, the content message to the mobile computing device.

Abstract: A method of blockchain-based data management of distributed binary objects includes identifying a binary object to be stored in a first data store. The method further includes encrypting, by a processing device, the binary object using a cryptographic function of a blockchain to generate an encrypted binary object. The method further includes storing the encrypted binary object in the first data store. The method further includes storing a reference to the encrypted binary object on the blockchain.

Abstract: Generating a rights blockchain storing rights of a user, including: receiving an enrollment request and a public key from the user; verifying that the user has a private key corresponding to the public key; generating a user identifier using the public key; and generating and delivering the rights blockchain having a genesis block including the user identifier to the user.

Abstract: A method of storing data allowing a seed value for generating an encryption key to be retrieved is provided. The method comprises obtaining, for each of a plurality of biological data sources, a respective set of biometric data from an authorised user. A respective biometric identifier is generated from each set of biometric data. The biometric identifiers are stored in a database. A plurality of seed portions are generated that are combinable using a function to generate the seed value. Each seed portion is stored in the database in association with a biometric identifier.

Abstract: The present invention discloses an intelligent cloud server for cloud storage information management and encryption. In some embodiments, the intelligent cloud server can save and store documents without the need of first saving them in a local drive for upload. Upon storage, the document can be scanned and classified in a security level according to pre-determined settings and parameters. In some embodiments, depending on the classification, the system can encrypt portions of the document in order to facilitate the sharing and access of information in a secure way. Encryption keys and access to the encrypted portions are only provided upon authentication of the user, network, and/or need, according to corresponding protocols for the information.

Abstract: This disclosure is directed to computing services that provide secure network connections using public-private key-based security for Internet of Things (IoT) devices, such as voice devices, that may have more than a predefined set of users. Device certificates that authorize IoT devices to access a secure network, such as an enterprise network and/or services eternal to an enterprise network are provided. A setup system may cooperate with an IoT device and a subordinate CA to generate a device certificate that allows the IoT device to access a secure enterprise network and services outside of the secure enterprise network. The IoT device may generate a certificate signing request (CSR) which may be signed by a remote subordinate CA to generate the device certificate using a root certificate of an enterprise CA. Systems are also disclosed that renew certificates for the IoT devices prior to their expiration.

Abstract: A method includes sending an encrypted first hash value set to a data provider; receiving an encrypted second hash value set and a double-encrypted first hash value set from the data provider; re-encrypting the received encrypted second hash value set to obtain a double-encrypted second hash value set; calculating an intersection of the double-encrypted first hash value set and the double-encrypted second hash value set to determine one or more shared users shared with the data provider; and recommending or providing a service to the one or more shared users.

Abstract: Technologies are described for retaining configuration information for software applications during upgrades. For example, when an addon software package is deployed to a web application server running a main software platform, the configuration information for the addon software package can be preserved separately (e.g., independent of the common configuration file) and used later to restore the addon configuration information if needed. In some implementations, an addon presence file is used to store an entry for the addon software package. The entry identifies another file containing the configuration information for the addon software package. If the main software platform is upgraded resulting in the common configuration file being overwritten or replaced, then the addon configuration information can be added back to the common configuration file using the preserved configuration information.

Abstract: Techniques are described for sampling across trusted and untrusted distributed components. In accordance with embodiments, a first computing device receives a request from a second computing device, the first request including an operation identifier (ID) and a sampling ID that was generated by transforming a telemetry scope ID from a first value in a first domain to a second value in a second domain. The transformation may serve to anonymize and compress the telemetry scope ID. The first computing device determines whether or not to sample by comparing a ratio between the sampling ID and a size of the second domain with a sampling rate associated with the first computing device. The first computing device records telemetry about its processing of the first request in response to determining to sample and does not record any telemetry about its processing of the first request in response to determining not to sample.

Abstract: Examples include blocking an interface of a sponsor networking device from receiving data packets and receiving at the sponsor networking device an authentication packet from a first networking device. The first networking device is physically connected to the interface. Examples also include automatically setting by the first networking device, a unique local address for the first networking device; receiving, at the sponsor networking device, a local data packet from the first networking device, and translating, by the sponsor networking device, the local data packet to an off-fabric data packet.