Abstract: Various embodiments include systems and methods to implement a process for generating vulnerability check information for performing vulnerability assessments associated with security vulnerabilities. Vulnerability information corresponding to a security vulnerability is input into a multi-headed neural network. An extractive summary of the vulnerability information is output via a vulnerability check head of the multi-headed neural network. Synthetic scan results forming a set of positive examples are generated based at least in part on the extractive summary. An inductive logic programming system is implemented that uses the positive examples and predefined negative examples as inputs to determine, using a set covering algorithm, a general logic program that matches the positive examples and does not match the negative examples.

Abstract: Methods and systems for managing the performance of workloads in a distributed system are disclosed. The distributed system may include any number of clients and deployments where workloads may be performed. The workloads may be performed by deploying container instances to the deployments. The container instances may perform the workload when deployed. It may be challenging to ascertain whether a container instance, container image on which the instance is based, and/or corresponding build file used to obtain the container image should be trusted. Metadata block chains may be used to ascertain whether container instances should be deployed to service the workload requests.

Abstract: A method is disclosed. The method includes transmitting, by a user device to an access device, a digital certificate and a seed. The access device encrypts the seed and a first access device key with a public key from the digital certificate to form encrypted data. The method also includes receiving from the access device, the encrypted data, decrypting the encrypted data using a private key corresponding to the public key to obtain the seed and the first access device key, verifying that the seed received from the access device matches the seed sent to the access device, encrypting a secret or derivative thereof with the first access device key to form an encrypted secret or derivative thereof, and transmitting to the access device, the encrypted secret or derivative thereof.

Abstract: A system for switching between communication platforms using a secure healthcare communication system the system comprising: a healthcare provider server device. Transmitting a communication switch request to a first communication platform and establish a first communication channel between the user device and the healthcare provider server device to communicate one or more messages to the first communication platform. Transmit an encoded message over the first communication channel to the first communication platform in response to receiving the communication switch initiation request, the encoded message including an identifier associated with a second communication platform. Switch to an encrypted second communication channel from the first communication channel in response to receiving an encrypted communication initiation request. Encrypted communication initiation request is generated based on the identifier.

Abstract: A ledger verifiable pruning system includes a skewed Merkle tree production module in which according to a linked list scheme, root hash value Rn?1 of a previous sub-tree is included in data block Tn, data block Tn in which root has value Rn?1 is included is hashed, thereby obtaining h(Tn), obtained h(Tn) and root hash value Rn?1 of the previous sub-tree are summated and then hashed, thereby obtaining h(h(Tn)|Rn?1), and obtained h(h(Tn)|Rn?1) is successively added to respective nodes of a binary Merkle tree structure to expanding and produces a skewed Merkle tree.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure end-to-end digital communications involving mobile wallets. The result is direct, secure, in-band messaging using mobile wallets that may be used to send messages such as payments, requests for money, financial information, or messages to authorize a debit or credit.

Abstract: A method includes receiving, by an embedded universal integrated circuit card (eUICC), first information from a local profile assistant (LPA), where the first information includes a first certificate issuer (CI) public key identifier, and the first CI public key identifier is a CI public key identifier that the eUICC does not have. The method further includes sending, by the eUICC, second information to an OPS, where the second information includes the first CI public key identifier. The method further includes receiving, by the eUICC, a patch package from the OPS, where the patch package includes at least a first CI public key corresponding to the first CI public key identifier. The method further includes updating, by the eUICC, a CI public key of the eUICC by using the first CI public key.

Abstract: Aspects of the disclosure relate to computing hardware and software for IoT event processing. A computing platform may monitor communication between an initiating IoT device and a service provider IoT device to detect an event processing request. The computing platform may extract, from the event processing request, event features. The computing platform may feed the event features into a deep learning engine, which may produce a smart contract corresponding to the event processing request. The computing platform may identify, using a distributed ledger, whether the event features comply with the smart contract. Based on identifying that the event features do comply with the smart contract, the computing platform may send, to an event processing system, authorization to process the event processing request, which may cause the event processing system to transfer funds from an initiating user to the service provider.

Abstract: Disclosed in some examples are devices, systems, and machine readable mediums for establishing peer to peer mobile wallet communications (P2PMW) over short range wireless communication networks. These P2PMW communications allow exchange of information between two wallet clients. Example communications include payments, providing identification, providing loans, and the like. The use of P2PMW communications opens up the prospect of anyone accepting payment from anybody else at any time. All that is needed is a computing device with a mobile wallet. Example short range wireless communications include Wireless LANs (WLAN) such as WIFI (e.g., communicating according to an Institute for Electrical and Electronics Engineers (IEEE) 802.11 family of standards), BLUETOOTH® or the like.

Abstract: Disclosed are various examples for enrollment of gateway enrollment for Internet-of-Things (IoT) device management. In some examples, a client device receives a gateway management installation package from a management service. The client device installs a gateway management application to the gateway device using the installation package. Enrollment credentials are entered through a user interface generated using the gateway management application and shown on the client device. The client device instructs the gateway management application enroll the gateway device with the management service. Usage of the enrollment credentials prevents a user from being exposed to gateway credentials that authenticate communications between the gateway device and the management service.

Abstract: A system and a method to build a recovery capability for a compromised network based on user controlled ad-hoc randomness combined with simplicity; immunized against stealth cryptanalysis which overshadows the prevailing security solutions.

Abstract: Systems and methods are provided for child-friendly authentication for autonomous vehicle rides. In particular, systems and methods are provided for offering alternative authentication methods that automatically engage child-friendly features. The systems and methods provided enable unsupervised children to take advantage of autonomous rideshare and delivery programs using child-friendly authentication methods. Additionally, augmented autonomous vehicle safety and security practices for children are provided.

Abstract: A cryptographic key management service receives a request, associated with a principal, to use a cryptographic key to perform a cryptographic operation. In response to the request, the service determines whether a rate limit specific to the principal is associated with the cryptographic key. If the rate limit is associated with the cryptographic key, the service generates a response to the request that conforms to the rate limit. The service provides the response in response to the request.

Abstract: Systems and methods which prevent or limit access to protected content (e.g., value bearing indicia (VBI)) by a general purpose user interface application (e.g., web browser) are shown. Embodiments implement techniques to avoid displaying protected content by a general purpose user interface application, or displaying protected content during a time in which a user does not have access to particular functions of the general purpose user interface application, to protect the content from various operations, such as repeated printing, electronic copying, etc. Data presentation formatting control in the form of style sheets may be utilized to control access to content. Additionally or alternatively, executable code or an executable object may be implemented within a page or other content to control access to content. Similarly, separate areas, such as windows or pages, may be utilized to control access to content.

Abstract: A non-fungible physical fabric token (NFPFT) system includes a piece of smart fabric coupled to a physical item. The piece of smart fabric includes a grid of cells configured to receive and persistently store one or more datasets. The NFPFT system also includes a verification and authentication device configured to receive a first dataset associated with the physical item and a second dataset associated with a non-fungible token (NFT) recorded in a decentralized system. The NFT is associated with the physical item. The verification and authentication device is further configured to cause the first dataset and the second dataset to be persistently stored in the grid of cells of the smart fabric.

Abstract: Techniques for providing localization at scale for a cloud-based security service are disclosed. In some embodiments, a system/method/computer program product for providing localization at scale for a cloud-based security service includes receiving a connection request at a network gateway of a cloud-based security service; performing a source Network Address Translation (NAT) from a registered set of public IP addresses associated with a tenant; and providing secure access to a Software as a Service (SaaS) using the cloud-based security service.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: Technologies for accelerated QUIC packet processing include a computing device having a network controller. The computing device programs the network controller with an encryption key associated with a QUIC protocol connection. The computing device may pass a QUIC packet to the network controller, which encrypts a payload of the QUIC packet using the encryption key. The network controller may segment the QUIC packet into multiple segmented QUIC packets before encryption. The network controller transmits encrypted QUIC packets to a remote host. The network controller may receive encrypted QUIC packets from a remote host. The network controller decrypts the encrypted payload of received QUIC packets and may evaluate an assignment function with an entropy source in the received QUIC packets and forward the received QUIC packets to a receive queue based on the assignment function. Each receive queue may be associated with a processor core. Other embodiments are described and claimed.

Abstract: A system and method are provided for identifying a browser instance in a browser session between a server hosting a web domain and the browser instance executing on a user computing device. The method conducted at the browser instance includes obtaining a private key and a public key of a key pair unique to a combination of a web domain and the browser instance being used to access the web domain. The method includes obtaining a browser certificate issued for the key pair and storing the private key at a storage provided by the browser instance for use by the browser instance during an active browser session with the web domain. The private key is stored as unextractable from the storage and with configuration for use by the browser instance during an active browser session with the web domain in signing or cryptographic operations without the private key being revealed.

Abstract: A method comprises registering, by a first device having a public key, with a gateway server by providing a proof of work based on the first device public key and encrypting and decrypting data using cryptographic information transmitted via the gateway server between other devices similarly registered.