Abstract: There is provided an information processing device, including a processing unit configured to perform a calculation using keys assigned to a plurality of areas of a recording medium and generate an authentication key. The processing unit generates the authentication key by performing a calculation using conversion values corresponding to the keys, the conversion values being obtained by converting device-specific information using conversion methods associated with the keys used in the calculation.

Abstract: A method includes storing a test database of tests and corresponding test rules, storing a user information database, storing a profile database, and storing a threshold database including thresholds corresponding to test scores and similarity scores. The method includes, in response to receiving interaction parameters of an interaction performed by a user, identifying a set of tests based on the interaction parameters. The method includes, for each of the set of tests: calculating a score using user data of the user, corresponding test rules, and the interaction parameters; adjusting the score based on the user's profile; obtaining a threshold corresponding to the identified test; and, in response to the score exceeding the threshold, categorizing the interaction within a first category. The method also includes generating and transmitting an alert in response to the interaction being categorized within the first category.

Abstract: Embodiments described herein ensure differential privacy when transmitting data to a server that estimates a frequency of such data amongst a set of client devices. The differential privacy mechanism may provide a predictable degree of variance for frequency estimations of data. The system may use a multibit histogram model or Hadamard multibit model for the differential privacy mechanism, both of which provide a predictable degree of accuracy of frequency estimations while still providing mathematically provable levels of privacy.

Abstract: A method and system for performing computational jobs securely on a shared computing resource. Data files for the computational job are encrypted on a secure system and the encrypted data files are stored in a data store on the shared computing resource. A key distribution server is established using a secure enclave on a front end of the shared computing resource. Cryptographic keys and application binaries are transferred to the enclave of the shared computing resource using a session key. The computational job is run using an application launcher on compute nodes of an untrusted execution environment of the shared computing resource, the application launcher obtaining the application binaries and the cryptographic keys from the key distribution server.

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly low bandwidth for transfer of keys for execution of the respective application on the device.

Abstract: This disclosure includes techniques for using multiple cryptographic certificates for a secure connection. One embodiment is a method including: receiving by a client N public encryption keys over a network from a server, wherein N is an integer greater than 1; generating N session keys in response to receiving the N public encryption keys; encrypting each of the N session keys with a respective one of the N public encryption keys; subsequent to encrypting each of the N session keys, sending the N session keys encrypted over the network to the server; encrypting, with a first one of the N session keys, a first portion of a payload associated with a first message; encrypting, with a second one of the N session keys, a second portion of the payload associated with the first message; and sending the first message, comprising the payload encrypted, to the server from the client.

Abstract: A method and a system of selective encryption of a test dataset is disclosed. In an embodiment, the method may include determining a relevancy grade associated with each of a plurality of datapoints within a test dataset by comparing the test dataset with a common heat map, wherein the common heat map is generated using a plurality of training datasets. The method may further include calculating, based on the relevancy grade, an encryption level associated with each of the plurality of datapoints. The method may further include selectively encrypting at least one datapoint from the plurality of datapoints based on the encryption level associated with each of the plurality of datapoints. The at least one data point is rendered to a user after being decrypted.

Abstract: Techniques and solutions are described for restricting data that is provided to a machine learning application. Restrictions can be based on use status information, such as use status information associated with a retention manager and indicating whether data is blocked from use. Data identifiers used by a cloud-based system can be correlated with archiving objects of a local system so that the cloud-based system can receive use status information to avoid using blocked data. Restrictions can include restricting data based on whether a data subject has provided consent that allows the data to be used by the machine learning application. A data view can be defined that filters query results to those where consent exits. The data view can join, such as an inner join, a table providing consent information with a data having data subject data.

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

Abstract: A cloud-based communication framework. A client device may generate a file for an information technology (IT) device. The client device may request a password for the file. The password may be used to encrypt the file. A signature may be determined based on the encrypted file and the password. The signature and encrypted file may then be stored on a cloud-computing platform for downloading by the IT device, wherein the first signature is used by the IT device to validate authenticity of the encrypted file.

Abstract: Systems and methods for protecting information used to train a machine learning system are described herein. In an embodiment, first data identifying one or more status values of a plurality of personal data records are been sent to a server computer from a processor server and stored in a de-identified manner through a generation of a unique identifier for each personal data record using a unique identifier generation scheme and encrypted using an encryption scheme. Second data comprising a plurality of attributes for each of the plurality of personal data records are also sent to the server computer from a database and stored in a de-identified manner through a generation of the unique identifier for each personal data record using the unique identifier generation scheme and encrypted using the encryption scheme. An external server transmits, to the server computer, instructions to generate a machine learning system and to train the machine learning system using the first data and the second data.

Abstract: A system and method for encrypting a base payload are provided. An encryption processor receives the base payload that includes plaintext and an input command. The input command identifies cryptographic material from various cryptographic domains that is used to encrypt the base payload. The cryptographic material is assembled. Channels that include the encrypted base payload are identified. Reserved channels are identified. A header is generated. The base payload is encrypted using cryptographic material into the channels. Reserved channels are encrypted. A digital payload that includes the header, the encrypted channels and the reserved channels is generated.

Abstract: In accordance with some embodiments, the method includes: detecting, via the one or more input devices, a request to display information for password protected accounts; and, in response to detecting the request, concurrently displaying, on the display device: a representation of a first password protected account that is associated with a credential having one or more security issues, wherein the representation of the first password protected account is visually associated with an alert indicator indicating the one or more security issues associated with the credential of the first password protected account; and a representation of a second password protected account that is associated with a credential having one or more security issues, wherein the representation of the second password protected account is visually associated with an alert indicator indicating the one or more security issues associated with the credential of the second password protected account.

Abstract: Security enhancement herein primarily relate to digital code undergoing a first fortification protocol by which a digital package is prepared, a secure execution environment being configured for use with the package at or via a source facility, and at least some of the package being executed in in the secure execution environment at a destination facility. Such enhanced configurations may arrive to or from a remote facility, for example, without a concomitant loss of performance.

Abstract: A device receives a document that includes a request and supporting data associated with the request. The device determines that the received request is a first request type. A first set of supporting data is determined that is needed to determine a verification status for requests of the first request type. Based on a comparison of the received supporting data to the first set of supporting data, the device determines that the supporting data includes the data needed to determine the verification status for requests of the first request type. The device then extracts document data from the received document. The extracted document data is compared to the supporting data. Based on this comparison, a verification status is determined for the request.

Abstract: This disclosure provides enhanced management of access rights for dynamic groups of users sharing secret data. Instead of relying on traditional administrative techniques for modifying access rights for stored data, the techniques disclosed herein allow a storage service to communicate with a group management system to verify membership of user groups, e.g., channels, chat session, or meetings, and automatically change access rights to stored data as users leave or join a group. Encrypted data can be stored within a storage vault. The storage vault can be dedicated to storing encrypted data shared between a user group, e.g. a channel. A server managing the storage vault can receive membership data from a group management service. As users join the group or leave a group managed by the group management service, each user's access permissions to the storage vault can be added, removed or modified.

Abstract: Novel tools and techniques are provided for implementing firewall functionalities, and, more particularly, to methods, systems, and apparatuses for implementing high availability (“HA”) web application firewall (“WAF”) functionalities. In various embodiments, a first computing system might monitor network communications between a client and a server providing access to software applications, and might determine whether latency has been introduced as a result of at least one first WAF container having been launched and whether any introduced latency exceeds a predetermined threshold, each first WAF container being tuned to a corresponding software application and protecting the software application from network attacks. Based on a determination that latency has been introduced and based on a determination that the introduced latency exceeds the predetermined threshold, one or more second WAF containers may be launched, each being tuned to the corresponding software application.

Abstract: A method for securing data in a data cluster is performed by a data manager of a data cluster. The method includes receiving, by a data cluster, a write request for a user to write data to the data cluster, wherein the write request comprises an object identifier (OID) associated with data and a user identifier (UID) associated with the user; sending, to a key manager, an intermediate key request, wherein the intermediate key request comprises the UID; receiving, by the data cluster from the key manager, an intermediate key; processing the data to obtain a plurality of chunks and metadata associated with the plurality of chunks; generating an encryption key using the intermediate key and the OID; encrypting the metadata using the encryption key to generate encrypted metadata; deleting, after generating the encrypted metadata, the encryption key; and storing the encrypted metadata and the plurality of chunks in the data cluster.

Abstract: The present teaching relates to a method, system, and programming for encrypted searching. In a search session, a uniform resource locator (URL) is received, wherein a portion of the URL is encrypted via a first key. A second key associated with the first key is obtained. A determination is made regarding whether a time-related criterion associated with the second key is satisfied. In response to the time-related criterion being satisfied, the portion of the URL is decrypted based on the second key to obtain a keyword, one or more search results are obtained based on the keyword, and a webpage including the one or more search results to be provided to a user is generated.

Abstract: A method is provided for protecting a software program from copying. The method includes providing a first implementation of the software program. A second implementation of the software program is then provided. The second implementation provides a same functionality as the first implementation, and wherein the second implementation includes a plurality of dummy operations to increase a number of operations and an execution time of the second implementation compared to the first implementation. The dummy operations are encoded. The second implementation may then be compared to another software program to determine if the another software program is a copy of the first implementation of the software program. This allows a copy of the first implementation to be detected without disclosing the first implementation.