Abstract: A personal identification apparatus includes a recording unit that records in advance feature information concerning an activity of at least one of a first person (person A) and a second person (person B or C) when the first person and the second person are together; an information acquiring unit that acquires identification information for identifying the other person; and an identification processing unit that identifies the other person as the second person, based on matching between the identification information and the feature information.

Abstract: A computer system includes an independent compute core; and an isolated secure data storage device to store data accessible only to the independent compute core. The independent compute core is to open an Application Program Interface (API) during runtime of the computer system in response to receiving a verified message containing secure data to be written to the secure data storage device.

Abstract: A method for execution by a dispersed storage and task (DST) processing unit includes obtaining audit records for an audit object and determining when the audit object is complete. When the audit object is complete, aggregating the audit records of the audit object within the audit object by generating the audit object to include the audit records; generating identifier (ID) information and generating integrity information. Fields of the audit object are populated with the audit records, the ID information, and the integrity information and a name of the audit object is determined for storage of the audit object and the name of the audit object in a dispersed storage network (DSN).

Abstract: A method including determining, by a first device, unavailability of a first biometric unit associated with the first device for verification of first biometric information; selecting, by the first device based on determining unavailability of the first biometric unit, a second biometric unit associated with a second device for verification of second biometric information; receiving, by the first device from the second device based on a first verification of the second biometric information, a first factor associated with authentication of the first device by a service provider; receiving, by the first device from the second device based on successful authentication of the first factor and on a second verification of the second biometric information, a second factor associated with authentication of the first device by the service provider; and receiving, by the first device from the service provider, a service based on successful authentication of the second factor.

Abstract: Systems and methods for quick start-up of playback in accordance with embodiments of the invention are disclosed. Media content may be encoded in a plurality of alternative streams and a quick start-up stream. The quick start-up stream may include media content that is encoded at a lower quality that the alternative streams and may be encrypted with a different, less secure encryption process than that of the alternative streams. During a start-up of playback, the playback device streams the media content from a quick start-up stream until a metric, such as a decryption key for the alternative streams is met. The device then streams the media content from the alternative streams in response to the metric being met.

Abstract: A system supporting a networked database service includes a controller configured to receive one or more data request and authenticate the one or more data request. A gateway (GW) in communication with the controller, is configured to receive at least one of the one or more data request from the controller, perform data classification on data received in the request, and generate a cryptographic key based on the data classification, a hardware-protected key of the GW, and a second (encryption) key. The cryptographic key is for accessing a database. The controller and the GW are operated by different parties.

Abstract: Systems, methods, and devices for adaptably authenticating a user are disclosed. A device captures a user input, and sends data corresponding thereto to a system. The system determines natural language understanding (NLU) results representing the user input. A user authentication component of the system receives the NLU results and determines a skill configured to perform an action responsive to the user input. The user authentication component adaptably performs user authentication based on a user authentication condition associated with the skill. If the user can be authenticated to the satisfaction of the condition, the NLU results data are sent to the skill, along with an indicator representing the user was authenticated by the system.

Abstract: An integrated circuit includes a system memory, a security processor and a non-security processor. An attack against the integrated circuit is made more difficult based on using a key generated by the security processor. The security processor, as an example, reads a program image from the system memory and generates the key based on the program image. In some instances, a dedicated communication channel is provided for communication between the non-security processor and the security processor. The dedicated channel may be used to provide the key to the non-security processor for performance of a security operation.

Abstract: An apparatus and method for quantum direct communication using single qubits. The apparatus includes a quantum state preparation unit for preparing quantum states including a message state prepared using pairs of single qubits based on a bit of a message to be sent to a communication partner, an authentication state prepared using random qubit pairs, and a verification state prepared using random qubit pairs, a quantum state communication unit for transmitting the quantum states to the communication partner and measuring a quantum state of a message received from the communication partner, an authentication unit for authenticating, using the authentication state, the communication partner depending on whether an authentication key previously shared with the communication partner is possessed, a verification unit for verifying security of a quantum channel using the verification state, and a message restoration unit for restoring the received message using the message state.

Abstract: A machine detects a request to execute a transaction specified by a first set of user inputs. The machine determines, based on the first set of user inputs that specified the transaction, that the request to execute the transaction is to be verified with a corresponding challenge prompt that is to be generated for the request to execute the transaction. The machine then generates the challenge prompt that corresponds to the request to execute the transaction specified by the first set of user inputs that specified the transaction, and the machine causes presentation of the generated challenge prompt that corresponds to the request to execute the transaction. In response to the presented challenge prompt, the machine may receive a second set of user inputs. Based on the second set of user inputs, the machine then generates an indication of whether the request is verified.

Abstract: A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.

Abstract: A system and apparatus for data confidentiality in a distributed ledger are disclosed. The system and apparatus preserve qualities of distributed ledgers, such as transparency, integrity, and redundancy, while also providing confidentiality, scalability, and security not previously available in distributed ledgers. The system includes a data confidentiality module that exploits a trusted execution environment for both transaction processing and key synchronization. The apparatus accessing the distributed ledger provides for new nodes joining the network, sending transactions to the ledger by existing nodes, securely processing the transaction using the trusted execution environment, securing transmission to the logic layer for application of business logic, reading and writing data to local storage, and reading encrypted transactions.

Abstract: A method, system, and computer program product for providing protected remote access from a remote access client to a remote access server over a computer network through a plurality of inspections. A remote access configuration file is created for the remote access client. A digital hash of the configuration file is then generated. The digital hash is compared with a configuration file stored at a predefined web location. If the comparison results in a match between the digital hash and the stored configuration file, a digital hash comparison is performed between an encrypted remote access configuration file and an encrypted configuration file stored at the predefined web location. If the plurality of inspections are passed, the remote access client is released from a quarantine state and a virtual private network (VPN) connection to the remote access server is established.

Abstract: A key management apparatus receives a key request including a first device identification information and a second device identification information, encrypts a common key using the first device identification information to generate a first encrypted common key, encrypts the common key using the second device identification information to generate a second encrypted common key, and transmits a key response including the first encrypted common key and the second encrypted common key. A first device receives the key response, decrypts the first encrypted common key using the first device identification information to obtain the common key, and transmits the second encrypted common key. A second device receives the second encrypted common key and decrypts the second encrypted common key using the second device identification information to obtain the common key.

Abstract: An industrial safety architecture integrates employee identity and enterprise-level security policy into plant-floor functional safety systems, allowing control and safety systems on the plant floor to regulate safe interactions with hazardous controlled machinery based on user identity or role. The architecture leverages existing employee identity and security policy data maintained on the corporate level of an industrial enterprise to manage identity- and/or role-based control and safety on the plant level. Safety authority systems at both the corporate level and the plant level of the industrial enterprise obtain employee and security policy data from corporate-level systems and provides this data in as SIL-rated manner to industrial control and safety systems on the plant floor, where the identity and security policy information is used by functional safety systems to control access to industrial systems as a function of user identity, role, certifications, or other qualifications.

Abstract: In an approach to augmenting authentication methods using a face covering, one or more computer processors receive an image of a user wearing a face covering, where a portion of the face of the user is visible in the image, and the face covering covers another portion of the face of the user in the image. One or more computer processors detect an identifier operably coupled with the face covering. One or more computer processors determine whether the first portion of the face of the user is associated with the identifier. In response to determining the first portion of the face of the user is not associated with the identifier, one or more computer processors receive an alternate authentication. One or more computer processors authenticate the user.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for detecting network attacks. One of the methods includes obtaining input data associated with a plurality of accounts associated with a particular entity; extracting features from the input data; performing unsupervised attack ring detection using the extracted features, wherein the unsupervised attack ring detection identifies suspicious clusters of accounts that have strong similarity or correlations in the high dimensional feature space; and generating an output for the detected attack rings.

Abstract: A user authentication method in a messaging application of an electronic device. The method comprises, if at least one text message is typed by a user in the messaging application, collecting image data relating to said user and behavioral data relating to said user, and, if at least one voice message is pronounced by said user in the messaging application, collecting image data relating to said user and voice data relating to said user.

Abstract: A system and method for scrubbing data to be shared between organizations to test a joint solution, and for preventing the introduction of unscrubbed data. Each organization captures a subset of data, which may be customer data from a line of business. The first organization scrubs its data according to scrubbing rules, and then passes the scrubbed data to its test environment, while the second organization passes its unscrubbed data to its test environment. The scrubbed data is communicated to the second organization and is applied to the unscrubbed data in order to scrub it, and then communicate it to the first organization. Both organizations use the scrubbed data in their respective test environments to test the joint solution or joint testing. Scrubbing the data may involve scrubbing only specific data fields containing sensitive information.

Abstract: This invention provides systems and methods for data processing by means of an ongoing background process on an end-user's computer. As a user receives and generates data, files are analyzed. A container file is opened into the volatile memory and its contents (including data and metadata) are extracted, without requiring an index to be created. The extracted components are analyzed based on predefined characteristics.