Abstract: The present teaching relates to a method, system, and programming for encrypted searching. In a search session, a uniform resource locator (URL) is received, wherein a portion of the URL is encrypted via a first key. A second key associated with the first key is obtained. A determination is made regarding whether a time-related criterion associated with the second key is satisfied. In response to the time-related criterion being satisfied, the portion of the URL is decrypted based on the second key to obtain a keyword, one or more search results are obtained based on the keyword, and a webpage including the one or more search results to be provided to a user is generated.

Abstract: Techniques are disclosed relating to sharing data. A first computer system may receive data shared by a second computer system to permit the first computer system to perform processing of the data according to a set of policies. The first computer system may instantiate a verification environment in which to process the shared data. The first computer system may process a portion of the shared data by executing a set of processing routines to generate a result based on the shared data. The verification environment may verify whether the result is in accordance with the set of policies. The verification environment may determine whether to output the result based on the verifying and may send an indication of an outcome of the determining to the second computer system. The indication may be usable to determine whether to provide the first computer system with continued access to the shared data.

Abstract: A computer-implemented method comprising: storing, using a server computer executing within a protected environment, a plurality of media items, each of the media items corresponding to one of a plurality of different status values; receiving, from a requesting computing device that is outside the protected environment, a request to send certain media items outside the protected environment to a client computing device; computing, using a plurality of machine learning systems executed by the server computer, each of the machine learning systems having been trained with one of the plurality of status values as an output, a plurality of likelihood values associated with a particular status value for the client computing device, each of the machine learning systems having been trained at least in part using attribute values associated with health data records as inputs, and an existence or a non-existence of a one of the plurality of different status values as outputs, the server computer storing first data comp

Abstract: The disclosure herein describes a system and method for predictive identification of breached entities. Identification number and expiration date pairs associated with compromised records in a source file are analyzed to identify a set of candidate entities having records at least partially matching the source file data pairs having events occurring during a selected time period. Probability vectors are calculated for records associated with each identified entity. A divergence value is calculated which represents a distance between probability distribution vectors for each entity and probability distribution vectors for the source file. A predicted breached entity is identified based on the divergence values. The predicted breached entity is notified of the predicted breach. The notification can include an identification of the breached entity, identification of breached records, predicted time of breach, and/or a recommendation to take action to mitigate the predicted breach.

Abstract: A method is disclosed, comprising: configuring, based on hardware characteristics of a radio access device, a first security certificate; setting up a first encrypted tunnel with a first security server using the first security certificate, the first security server configured to grant permission via the first security certificate for obtaining a second security certificate providing access to an operator core network; tearing down the first encrypted tunnel; and setting up a second encrypted tunnel to a second security server within the operator core network using the second security certificate, the second encrypted tunnel configured to allow the radio access device to securely communicate with the operator core network for providing connectivity for user devices to the operator core network, wherein the first encrypted tunnel and the second encrypted tunnel to use a single transport port to obtain the second security certificate via the first encrypted tunnel.

Abstract: There is provided a conversion cable including: a connector to be connected to an electronic device that outputs a digital voice signal; an IC having a function of converting a digital voice signal supplied through the connector into an analog voice signal; and an output unit for an analog voice signal output from the IC, in which the IC holds an encryption key for permitting the electronic device to output a digital voice signal that requires copyright protection.

Abstract: A technique for preventing a man in the middle attack is proposed. A security gate system includes an admission card and a security gate apparatus. The admission card has condition data that is data for specifying a condition to be satisfied when or before or after encrypted authentication data are transferred from the admission card to the security gate apparatus. When a user attempts to enter a building, authentication data including condition data are generated in the admission card 100 (S802), and encrypted into encrypted authentication data (S803). The encrypted authentication data are transmitted from the admission card to the security gate apparatus (S804, S904), and decrypted to be returned to the authentication data (S905). The security gate apparatus performs authentication determination which is a determination as to whether a condition specified by the condition data included in the authentication data is satisfied (S906), and opens a gate plate when a determination result is positive (S907).

Abstract: Systems and methods for employing non-custodial techniques for data encryption and decryption are provided. One example method includes transmitting, to a first remote server, an encryption request; receiving, from the first remote server, a first response comprising a secret token; generating a first cryptographic signature using the secret token; generating a first cryptographic key based on the first cryptographic signature; encrypting one or more files using the first cryptographic key; and transmitting, to a second remote server, the one or more encrypted files.

Abstract: Methods, devices and systems are disclosed for inter-app communications between software applications on a mobile communications device. In one aspect, a computer-readable medium on a mobile computing device comprising an inter-application communication data structure to facilitate transitioning and distributing data between software applications in a shared app group for an operating system of the mobile computing device includes a scheme field of the data structure providing a scheme id associated with a target software app to transition to from a source software app, wherein the scheme id is listed on a scheme list stored with the source software app; and a payload field of the data structure providing data and/or an identification where to access data in a shared file system accessible to the software applications in the shared app group, wherein the payload field is encrypted.

Abstract: Software installed in the nodes in a communication network allows them to perform a “name server” function, which entails the management of a dynamic list of the client devices that are connected to the cloud, a “task” function, which entails the receipt and transmission of the packets, and an “authority” function, which entails the determination of the routes of the packets through the cloud. Each node is capable of performing only one function at a time. After completing a job, a node reverts to an undifferentiated, state awaiting its next performance request.

Abstract: A method at a controller (112) of a database network (110) is provided. The controller (112) receives (S100) a request for a first set of data entries (200a). The request comprises a public identifier and an identifier of a first database (111a) of the plurality of databases (111) from which the first set of data entries (200a) is to be retrieved, each data entry (210) in the first set of data entries (200a) comprising a respective raw value for each of a plurality of attributes (220). The controller (112) retrieves the first set of data entries (200a) and uses the public identifier to transform (S120) the raw values of at least a first attribute (220a) of the plurality of attributes (220) into respective synthetic values. The controller (112) generates (S130) and outputs (S140) a first dataset (300a) comprising data entries having the synthetic values for the first attribute (220a) and the raw values for at least one of the attributes (220).

Abstract: A method, computer system, and computer program product for processing a secure data phone request are provided. The embodiment may include receiving a plurality of user responses to one or more security questions. The embodiment may also include identifying, during a phone call, a request for sensitive information by a call participant. The embodiment may further include identifying a response within the plurality of received user responses that satisfies the identified request. The embodiment may also include transmitting the identified response to the call participant.

Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.

Abstract: Systems, apparatuses, and methods for implementing a metadata tweak for channel encryption differentiation are disclosed. A memory controller retrieves a device-unique identifier (ID) from a memory device coupled to a given memory channel slot. The memory controller uses the device-unique ID to generate a tweak value used for encrypting data stored in the device. In one scenario, the device-unique ID is embedded in the address bits of the tweak process. In this way, the memory device can be migrated to a different memory channel since the data can be decrypted independently of the channel. This is possible since the device-unique ID used for the tweak operation is retrieved from the metadata stored locally on the memory device. In one implementation, the memory device is a persistent dual in-line memory module (DIMM). In some implementations, the link between memory controller and memory device is a compute express link (CXL) compliant link.

Abstract: The present disclosure relates to authenticity and data security for bus-based communication networks in a vehicle. The present disclosure teaches a protocol frame, a sender on data link layer, and a receiver on data link layer providing such authenticity and data security as well as a communication network in a vehicle employing the protocol frame, the sender and the receiver according to the present disclosure.

Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.

Abstract: A method for managing data asset in a data bank is provided, including: acquiring a confirmation authentication request, wherein the confirmation authentication request includes a data asset to be confirmed, characteristic information of the data asset and characteristic information of a data provider uploaded by the data provider; performing a confirmation verification on the data asset through a confirmation blockchain based on the data asset, the characteristic information of the data asset and the characteristic information of the data provider in response to the confirmation authentication request; storing confirmation information corresponding to the data asset into the confirmation blockchain after it is determined that the data asset has passed the confirmation verification; inserting identification data for tracing a data owner into the data asset, obtaining and storing the data asset having the identification data.

Abstract: A method includes storing a test database of tests and corresponding test rules, storing a user information database, storing a profile database, and storing a threshold database including thresholds corresponding to test scores and similarity scores. The method includes, in response to receiving interaction parameters of an interaction performed by a user, identifying a set of tests based on the interaction parameters. The method includes, for each of the set of tests: calculating a score using user data of the user, corresponding test rules, and the interaction parameters; adjusting the score based on the user's profile; obtaining a threshold corresponding to the identified test; and, in response to the score exceeding the threshold, categorizing the interaction within a first category. The method also includes generating and transmitting an alert in response to the interaction being categorized within the first category.

Abstract: Some embodiments provide a novel secure method for suppressing address discovery messaging. In some embodiments, the method receives an address discovery record that provides a network address associated with a machine connected to a network. The method then identifies a set of one or more rules for evaluating the received address discovery record to determine whether the address discovery record or its provided network address should be distributed to one or more hosts and/or devices associated with the network. The method then processes the set of rules to determine whether the received address discovery record violates a rule in the set of rules so as to prevent the distribution of its provided network address. When the address discovery record violates a rule, the method discards it in some embodiments.

Abstract: Methods and systems for performing on demand access transactions are disclosed. In one example, the method includes receiving, by a directory service computer from an authorizing computer, a file including a primary access identifiers and virtual access identifiers, the virtual access identifiers not being capable of being used at resource providers to conduct transactions. The method also includes receiving a request to provide an access token that is associated with an account, the request comprising information that identifies the account. The method further includes retrieving a virtual access identifier based on the identifying information; and requesting, by the directory service computer to a token service computer, that the access token be provisioned on the user device or an application computer associated with an application on the user device.