Abstract: A document management system manages documents. The documents are managed such that the documents may be shared with one or more users during an online sharing session for electronic signing. During the online sharing session, one or more documents are collaboratively reviewed by one or more participants of the online sharing session. The one or more documents are e-signed at least one of the participants of the online sharing session.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for utilizing machine learning to predict future deceitful domain names and determine preferred security responses. As such, the system allows for use of a machine learning engine to collect new domain name registration information from a plurality of sources and predict future name registrations associated with said sources. A single user may register deceitful domain names through a plurality of domain name registration systems. By collecting data from multiple servers, the system may identify data trends and generate predictions of future domain names independently of any individual server. Thus, the system may benefit a number of entities, by providing real-time data analysis that would not be obtainable by any one entity operating alone.

Abstract: Protecting sensitive data from unauthorized disclosure is provided. For example, systems, methods, and computer readable storage devices are described that may be operable or configured to tokenize sensitive data attributes that may be included in a data file received from a client. Tokens that are anonymized but representative of the attributes may be generated and mapped to the sensitive data attributes. A tokenized data file may be de-tokenized and re-tokenized to perform processes that require the sensitive data attributes. A document may be transformed to protect the sensitive data attributes while reducing risk of disclosure of the sensitive data.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for secure communication based on random key derivation. An example method includes receiving an initial symmetric key shared between the key depot device and a host device. The method also includes receiving seed data shared between the key depot device and the host device. The method also includes establishing a connection to a client device. The method also includes generating, by key derivation circuitry of the key depot device, a first symmetric key based at least on a portion of the seed data. The method also includes causing transmission of the first symmetric key to the client device. The method also includes generating a key allocation indication that identifies an authentication target and comprises an indication of the generation of the first symmetric key. The method also includes causing transmission of the key allocation indication to the host device.

Abstract: Apparatuses, methods, and systems are disclosed for enabling roaming with authentication and key management for applications. An apparatus includes a processor that determines a serving network of a user equipment (“UE”) device, the serving network comprising a visited public land mobile network (“VPLMN”) that is different from a home PLMN (“HPLMN”) associated with the UE. The processor selects a network function within the serving network for provisioning an authentication and key management for applications (“AKMA”) security context for an application function (“AF”) based on a name for the serving network. The apparatus includes a transceiver that sends the security context to the network function.

Abstract: Disclosed herein are system, method, and computer program product embodiments for managing the dissemination of documents using downstream control. A document linking system may facilitate the creation of a document link, graphical document link, and/or a corresponding document token. This link may be distributed downstream via messages, emails, or other applications. The document linking system may track document interactions, trace locations, and/or control individualized downstream access. The document linking system may provide instructions to a document delivery system to integrate a plugin or widget into its corresponding application (e.g., a messaging or email application). A user using the application may select a GUI object to access the document linking system and generate a document link. This link may then be embedded into a message or email and disseminated. The document linking system may also generate graphical document links that may be scanned with a camera to access the document.

Abstract: A protocol state fuzzing method for security of a control plane of a distributed software-defined network is provided. The protocol state fuzzing method includes receiving input alphabets being abstract symbols of a protocol message in an ambusher of a distributed network operating system (NOS), converting the input alphabets into the protocol message, and sending the protocol message to a cluster, monitoring, by the cluster, intercommunication between instances in the distributed NOS, and selecting a set of sequences executable in the cluster and searching a cluster log for an output by executing the sequence to generate an attack result.

Abstract: Method, system, and programs provide automatic anonymization of protected data items when a request is associated with authentication via a ticket. Ticket authentication includes sending a ticket to a recipient address. The ticket is included in a request for information. Responsive to receiving a request with a ticket, an example system may determine if the ticket is still valid and, if so, generate mock identifiers for any identifiers in information provided back to the requestor, replace the identifiers with their corresponding mock identifiers, as well as delete any protected information from the information provided back to the requestor. The system may store a mapping of the identifiers with their mock identifiers by session id. These mappings may be deleted after a predetermined time, so that the mapping is valid only for a particular session for a limited time.

Abstract: A method of providing a data disclosure to a requester can include: receiving a data subject request from a requester, the data subject request including a request for stored personal data; categorizing the element data into one of a plurality of tiers based on a sensitivity level of the element data; assigning an assigned tier to the element data and associated data values; determining a level of detail of the associated data values for each of the element data to provide based on the assigned tier; and providing a data disclosure report to the requester, wherein the data disclosure report includes the level of detail of data values for each of the element data based on the assigned tier.

Abstract: Systems, apparatuses and methods include technology that generates a signature based on one or more characteristics of an artificial intelligence (AI) model. The AI model is in a source code. The technology generates a compiled blob based on the AI model and embeds an identifier based on the signature into a metadata field of the compiled blob.

Abstract: Use of embedded metadata for data privacy compliance is provided. In a data store, self-managed data is maintained including metadata specifying retention policy data. Responsive to a self-update to scrub PII from the self-managed data being indicated by the retention policy data, the PII is removed from the self-managed data maintained by the data store. Responsive to a self-update to delete the self-managed data from the self-managed data being indicated by the retention policy data, the self-managed data is removed from the data store.

Abstract: The present disclosure relates to a system, method, and computer program for graph-based multi-stage attack detection in which alerts are displayed in the context of tactics in an attack framework, such as the MITRE ATT&CK framework. The method enables the detection of cybersecurity threats that span multiple users and sessions and provides for the display of threat information in the context of a framework of attack tactics. Alerts spanning an analysis window are grouped into tactic blocks. Each tactic block is associated with an attack tactic and a time window. A graph is created of the tactic blocks, and threat scenarios are identified from independent clusters of directionally connected tactic blocks in the graph. The threat information is presented in the context of a sequence of attack tactics in the attack framework.

Abstract: Methods, systems, and devices for wireless communications are described. In some examples, a wireless device may modify a cyclic redundancy check (CRC) generation and attachment operation based on a secret key to support enhanced security. In some examples, a first device may identify a set of data to transmit to a second device and prior to transmitting the set of data, the first device and the second device may obtain a set of key bits for data protection. The first device may generate a bit vector based on a subset of the set of key bits and a cyclic redundancy check polynomial. The transmitting device may then generate an encoded codeword based on the bit vector and transmit the encoded codeword to the second wireless device. The second device may decode the encoded codeword and obtain the set of data based on the set of key bits.

Abstract: Ad-hoc network comprising a configurator device and a plurality of nodes, wherein each node is an electronic device, wherein each node is connected by a communication connection with at least one of the other nodes and/or with the configurator device, wherein each node can be in different states comprising at least a non-commissioned state (NC), a commissioned state and a trust ring member state (TR) wherein a first node of the plurality of nodes being in the non-commissioned state (NC) is configured to send an non-commissioned advertisement message to the configurator device comprising an identifier of the first node, wherein the configurator device is configured to send an automated commissioning initialization (ACI) message to the first node containing a token, wherein the token is encrypted by a symmetric network key, wherein the first node is configured to send out a commissioning request message containing the received encrypted token, wherein the first node is configured to change its state, when it re

Abstract: This document describes techniques and apparatuses for distributed network cellular identity management. In particular, a distributed-network cellular-identity-management (DNCIM) server includes a lookup table that stores and relates together a user-equipment (UE) public key associated with a UE private key, a core-network (CN) public key associated with a CN private key, and a subscriber identity. Using the DNCIM server, the UE and an authentication server respectively generate two different (e.g., asymmetric) cipher keys based on the UE private key and the CN public key, and the UE public key and the CN private key. The UE and the authentication server can also authenticate one another by referencing information in the lookup table of the DNCIM server. Using these cipher keys, the UE and the authentication server can establish secure communications with each other.

Abstract: A system and method are provided which include receiving, by a server computer from a trusted entity computer, user data corresponding to a user. Based on the user data, the server computer determines a set of assertions for the user. The server computer receives, from a relying entity, an assertion request for the user. Responsive to the assertion request, the server computer provides, to the relying entity, an assertion, of the set of assertions. The relying entity thereby grants the user a particular type of account based on the assertion.

Abstract: A tokenization system receives a request for data anonymization, the request referencing unstructured/semi-structured content containing values of interest. The tokenization system performs a tokenization operation on the unstructured/semi-structured content, generates self-describing tokens for the values of interest, each self-describing token having a preconfigured pattern, an indication of a protection strategy, and a token value, and stores the values of interest in a secure data vault. The tokenization system may receive a request to reveal the self-describing tokens in the unstructured/semi-structured content. In response, the tokenization system searches the anonymized version of the unstructured or semi-structured content for the preconfigured pattern, identifies self-describing tokens, uses the self-describing tokens to retrieve the values of interest from the secure data vault, and produces a detokenized version of the unstructured/semi-structured content containing the values of interest.

Abstract: Proxied multi-factor authentication using credential and authentication management in scalable data networks is described, including initiating a request by an extension to authenticate a browser to access a data network, the request being associated with an address and transmitted over HTTP, receiving at a proxy browser a first message from the data network in response to the request, the first message comprising authentication data, the authentication data being forwarded to a server in data communication with the proxy browser and the browser, sending a second message from the server to the extension, the second message comprising the authentication data, and transferring authentication data to the data network from the browser and the extension in response to an query from the data network.

Abstract: Disclosed herein are embodiments providing coordinated privacy for targeted communications and reporting. In particular, the embodiments provide a source user querying an information system to generally identify target users for a communication campaign. A privacy controller alters a first dataset of a query response by a first alteration quantity for transmission to the source user. The source user then generally identifies target users within the first dataset for development of a communication campaign of targeted communications directed to the target users. Subsequently, a reporting system generates a report with a second dataset detailing viewership by target users. The privacy controller alters a second dataset of a report by a second alteration quantity for transmission to the source user. The second alteration quantity is based on the first alteration quantity.

Abstract: An automated system tracks digital service providers (DSP) data management agreements, and user behavior, individually and in aggregate, to determine potential changes for a personal/corporate privacy charter. The personal/corporate privacy charter is thus dynamically adaptable to permit users to continue to engage seamlessly in accordance with user/corporate target goals with digital service providers (DSPs) and similar entities.