Abstract: A computer-implemented method for improving security of a biometrics-based authentication system comprises receiving, by one or more servers, enrolled biometric samples of an enrolled user during an enrollment stage of the biometrics-based authentication system. Augmented biometric samples are created by adding learned perturbations to the enrolled biometric samples of the enrolled user. During a request for authentication, submitted biometric samples are received from a second user. The submitted biometric samples of the second user are compared to the enrolled biometric samples and to the augmented biometric samples of the enrolled user based on predefined metrics. Based on the comparison it is determined whether the submitted biometric samples of the second user have been modified to impersonate the enrolled user.

Abstract: Embodiments for authenticating a source of website content utilizing computer-generated or anonymized digital deoxyribonucleic acid (DNA) sequences include: receiving a request for a security sequence from a user device during a browser session; sending a first-generation digital DNA sequence (F1) to the device, wherein the F1 is generated from first and second DNA sequences (P1) and (P2) associated with a website; receiving a request for a second security sequence; generating a second-generation DNA sequence (F2) based on the F1 and the P1, wherein the F2 includes at least one genetic marker of the F1 and/or the P1; sending the F2 to the user device; receiving a request for security confirmation from the device; determining whether the F2 is a child DNA sequence of the F1 and/or the P1 utilizing Marker Assisted Selection techniques; and sending a response to the device indicating whether website content originates from the website.

Abstract: A method is provided for managing key rotation (use of series of keys) and secure key distribution in over-the-top content delivery. The method provided supports supplying a first content encryption key to a content packaging engine for encryption of a first portion of a video stream. Once the first content encryption key has expired, a second content encryption key is provided to the content packaging engine for encryption of a second portion of a video stream. The method further provides for notification of client devices of imminent key changes, as well as support for secure retrieval of new keys by client devices. A system is also specified for implementing a client and server infrastructure in accordance with the provisions of the method.

Abstract: An input information management system for a vehicle that can be used by using each of a plurality of electronic keys, the system managing input information that is input by a user, where the system includes a key information acquisition unit that acquires and stores key information of an electronic key, when an operation is performed on the vehicle using the electronic key, and an input information erasure unit that erases the input information that is stored in a storage device, where, when the key information is acquired by the key information acquisition unit, the input information erasure unit compares current key information that is acquired with last key information that is last stored by the key information acquisition unit before acquisition of the current key information, and erases the input information that is stored in the storage device on a basis of a result of the comparison.

Abstract: Systems and methods of secure analytics using an encrypted analytics matrix are disclosed herein. An example method includes encoding an analytic parameter set using a homomorphic encryption scheme as a homomorphic analytic matrix, wherein the homomorphic analytic matrix is generated by extracting a set of term components from an analytic and the analytic parameter set using a term generator function; transmitting a processing set to a server system, the processing set including at least the homomorphic analytic matrix and a keyed hashing function; and receiving a homomorphic encrypted result from the server system, the server system having utilized the homomorphic encryption scheme and the keyed hashing function to evaluate the homomorphic analytic matrix over a datasource.

Abstract: A modem of a smart electricity meter obtains, following a registration in the powerline communication network of the ad hoc type, routing information and encryption information, by exchanges of messages in the powerline communication network. The smart electricity meter saves in non-volatile memory the routing information and the encryption information, the routing information being saved in association with information representing an instant at which the backup is made. At the time of a subsequent re-registration of the smart electricity meter following a disconnection of the powerline communication network, the smart electricity meter retrieves the routing and encryption information previously saved in the non-volatile memory, updates it by deleting any route information that is no longer valid, and uses it to communicate in the powerline communication network.

Abstract: Systems and methods for controlling the exposure of data privacy elements are provided. The systems and methods may generate an artificial profile model. The artificial profile model may include a constraint for generating new artificial profiles. A signal may be received indicating that a computing device is requesting access to a network location. One or more data privacy elements associated with the computing device can be detected. An artificial profile can be determined for the computing device. The artificial profile may be usable to identify the computing device. The one or more data privacy elements may be automatically modified according to the constraint included in the artificial profile model. The method may include generating a new artificial profile for the computing device. The new artificial profile may include the modified one or more data privacy elements. The new artificial profile may mask the computing device from being identified.

Abstract: The disclosure provides a key generation method and apparatus. The key generation method comprises: encrypting a first key factor generated by a first device with an initial key, and sending the encrypted first key factor to a second device through a first secure channel, wherein the initial key is a key preset for the first device and the second device; receiving, through the first secure channel, a second key factor encrypted with the initial key, wherein the second key factor is generated by the second device; decrypting the second key factor encrypted with the initial key and received through the first secure channel, so as to obtain the second key factor; and generating a shared key between the first device and the second device according to the first key factor and the second key factor.

Abstract: System and methods for synchronizing and encrypting profile information are provided. A method establishes a first browser instance on a first virtual machine being in communication with a first browser profile sync and encrypt agent. The method also establishes a second browser instance on a second virtual machine. The method may use the first browser profile sync and encrypt agent acting through a profile helper service to encrypt profile changes involving the first browser instance on an encrypted master profile and use the second browser profile sync and encrypt agent acting through the profile helper service to encrypt profile changes involving the second browser instance on the encrypted master profile. The method maintains a browser profile persistence for the first browser instance and for the second browser instance, using the encrypted master profile, on a single on-disk profile.

Abstract: Security systems and methods continuously monitor for known threats and proactively pursue information on emerging or unknown threats on devices and data. Efforts for spying, attacks from spyware, phishing, and vishing, among other threats, are used by bad actors to attack devices and data. The security systems and methods protect devices and/or data, and any associated devices and/or data, such as by anonymizing client devices and data through deconstruction and scattering data, assigning the data to one or more qubits and distributing the qubits over a blockchain. In some examples, algorithms are scanned to identify whether inputs are intended to or inadvertently targeting specific races or genders. These inputs may be used to draw particular conclusions about the individual's race, economic status, the area's economic state, etc. As such, an algorithm scanning engine protects against algorithmic biases with respect to race, gender, economic status, etc.

Abstract: A backup or storage management system is provided that can secure data within a primary storage environment that stores data in an unsecured format. The storage management system can automatically analyze data received for backup from the primary storage environment and determine whether the data includes information that has been identified as sensitive and/or information that is determined within a threshold degree of probability to be sensitive. The storage management system can then modify the storage of the data that includes sensitive information at the primary storage environment, thereby enabling the data to be secured within the unsecured, or partially secured, primary storage environment. Advantageously, in certain embodiments, by securing data with sensitive information within an unsecured storage environment, embodiments disclosed herein can reduce the occurrences of a data breach or data leak.

Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the lock when a current reservation certificate has been presented.

Abstract: A computer vision processor in an image cluster defines a fenced memory region (FMR) that controls access to image data stored in a first portion of a trusted memory region (TMR). The computer vision processor receives FMR requests from an application implemented in a processing cluster. The FMR requests are to access the image data in the first portion of the TMR. The computer vision processor selectively allows the requesting application to access the image data. In some cases, the computer vision processor acquires the image data and stores the image data in the first portion of the TMR, such as buffers in the TMR. A data fabric selectively permits the image processing application to access the data stored in the TMR based on whether the image cluster has opened or closed the FMR for the portion of the TMR.

Abstract: A computer-implemented method, a system, and a computer program product for renewing a digital certificate. According to an embodiment of the present invention, the computer-implemented method comprises copying a digital certificate, from a first computer, onto a second computer, and requesting, from the second computer, renewal of the digital certificate by a certificate authority. The method further comprises loading a renewed digital certificate from the certificate authority, and saving the renewed digital certificate on the second computer. The renewed digital certificate is checked, on the second computer, for specified conditions, and the renewed digital certificate is copied from the second computer onto the first computer.

Abstract: A biometric authentication system is disclosed that provides authentication capability using biometric data in connection with a challenge for parties engaging in digital communications such as digital text-oriented, interactive digital communications. End-user systems may be coupled to devices that include biometric data capture devices such as retina scanners, fingerprint recorders, cameras, microphones, ear scanners, DNA profilers, etc., so that biometric data of a communicating party may be captured and used for authentication purposes.

Abstract: An information processing apparatus includes: a registration unit that, for a role to be assigned to users who utilize a system, pre-registers authority to be granted and identity confirmation to be required in association with the role; a storage unit that, for each of the users, stores information on identity confirmation which has been performed by the users; and an authority control unit that, in response to assignment of a new role to a user, in a case where the storage unit stores information which indicates that the user has performed the identity confirmation associated to the new role, controls to validate authority associated with the new role.

Abstract: A system and method for authenticating network access of a terminal is described. The method may include sending, by the terminal, a user identity authentication request including first authentication information and second authentication information to an authentication server, where the first authentication information is used to authenticate a user identity of the terminal, and the second authentication information is used to determine a platform corresponding to the terminal. The method may also include after receiving user identity authentication acknowledgment information sent by the authentication server, sending, by the terminal to the authentication server, a platform identity authentication request including third authentication information used to determine the platform corresponding to the terminal.

Abstract: A method of data encryption according to one embodiment includes generating a structured query language (SQL) syntax that includes manipulation target data and encryption policy identification information in the form of an annotation regarding the manipulation target data, receiving encryption policy information that corresponds to the encryption policy identification information in the form of an annotation from an encryption policy server, and converting the manipulation target data in the SQL syntax into cipher text on the basis of the encryption policy information.

Abstract: Systems and methods of configuring, managing and ensuring security compliance of Virtual Network Slices that transit through physical networks, virtual networks (SDN), cloud networks, radio access networks, service provider networks, and enterprise networks are identified. The methods include user side security validation methods while attempting to use a network slice for a specific service, and security validation of physical or virtual networks and the associated transit network elements. The methods disclose enriching the Security Certificates with policy parameters and the associated procedures that transit elements are required to assure for security compliance. Additionally, methods for incorporating a mobile native security platform in Wireless Mobile Network (4G/5G) that supports generating X.509 Certificates enhanced with policy requirements, validating allowed/disallowed list of transit network vendor devices, virtual network appliances are identified.

Abstract: Provided is a method of transmitting security information of a single-bit analog-to-digital converter (ADC) wiretap channel. In the method of transmitting the security information of the single-bit ADC channel, a transmitting terminal adds additive noise to a transmission signal and transmits the transmission signal, and a receiving terminal and a wiretap terminal which each include a single-bit ADC receive the transmission signal, wherein received information is processed so as not to be determined by the wiretap terminal. When intensity of additive noise of the receiving terminal is less than that of additive noise of the wiretap terminal, a binary phase-shift keying (BPSK) distribution is used, and when the intensity of the additive noise of the receiving terminal is greater than that of the additive noise of the wiretap terminal, a codebook is designed using an asymmetric BPSK distribution in which both of two message points have a positive value.