Abstract: A solution for efficient and secure automated age assurance checking in association with a third party workflow involving an interaction between a user having an associated email address, and a target service. A request to estimate an age of the user is received and includes the email address. In response, the system issues a query to one or more data sources, each data source being of a different type and having an age attribute associated therewith. The data source(s) return responses to the queries. The system then associates an age attribute (typically, a minimum age) to each indication received from each data source queried. Based on a frequency of occurrence of the indications and the associated age attributes, a digital footprint that includes an estimate of the individual's minimum age is derived. A response (e.g., the estimated minimum age) to the request is then returned to the third party workflow.

Abstract: Data in a portable electronic device is protected by using external and internal status detection means to determine if the device is misplaced, lost, or stolen. The device then takes, singly or in combination, one of several actions to protect the data on the device, including declaring its location to an owner or service provider, locking the device or specific functions of the device to disable all data retrieval functionality, erasing or overwriting all the stored data in the device or, where the data has been stored in the device in an encrypted format, destroying an internally-stored encryption key, thereby preventing unauthorized access to the encrypted data in the device.

Abstract: Apparatus and associated methods relate to a singular event notification system (SENS). In an illustrative example, the SENS may automatically authenticate a singular event signal and dynamically generate an event action package as a function of an event notification signal. The operation, for example, may include retrieving a user notification profile (UNP) associated with a user account upon receiving an event notification signal (ENS). For example, the UNP may include relevant entities to be notified in response to the ENS. If the ENS is authorized based on the UNP, for example, the SENS apply an action model to the UNP to generate an event action package to be transmitted to a predetermined destination. For example, the event action package may include customized forms and contact instructions generated based on entities identified based on the UNP. Various embodiments may advantageously generate a timely and secure response to the relevant entities.

Abstract: First data is stored. A request for the first data is received from a communication device over a link established with a communication device. An access control engine comprising circuitry is to control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link.

Abstract: Provided is an authentication system capable of preventing determination that authentication of a person to be authenticated succeeds even though determination as to whether matching information matches registration information is not performed when authentication using two factors is performed. A determination unit 43 determines whether or not the matching information matches the registration information. A signature generation unit 21 of a client 10 generates a signature based on the message by using a signature key. A signature determination unit 34 determines whether or not the signature is a correct signature by using a first verification key, a message, and the signature. When it is determined that the matching information matches the registration information and it is determined that the signature is the correct signature, the authentication determination unit 37 determines that the authentication succeeds.

Abstract: Apparatus and associated methods relate to providing secure gatekeeping of communication from a remote internet-based website having an Internet-Protocol (IP) address to an implantable biomedical device. A gatekeeping device receives the communication transmitted by the remote internet-based website. The communication received is encoded using a first encoding algorithm. The gatekeeping device decodes the communication received. The gatekeeping device then encodes the communication decoded using a second encoding algorithm. The gatekeeping device wirelessly relays the communication encoded using the second encoding algorithm to the implantable biomedical device.

Abstract: Systems, methods, and devices authenticate mobile network cellular cells using asymmetric/public-key cryptography algorithms (e.g., Digital Signature Algorithm (DSA)) through integrity protecting the cellular cells broadcasted messages (e.g., paging and/or system information blocks (SIBs) system information broadcast messages) by message authentication code (MAC).

Abstract: A continuous authentication system and related methods are provided. The system detects requests to perform user actions. A security value is associated with each user action. The system determines a subsequent session security level in response to an adjustment to a session security level by a security value of a requested user action. The requested user action is permitted and the session security level is adjusted based on the security value of the requested user action in response to a determination by the system that the subsequent session security level is greater than or equal to a threshold session security level. A user authentication challenge is caused (e.g., prompted) in response to a determination by the system that the subsequent session security level is less than the threshold session security level.

Abstract: A method, including, associating a wireless tracker with an asset, tracking a location of the asset via the wireless tracker, determining a recipient mobile device authorized to accept receipt of the asset, determining a recipient mobile device holder is authorized to accept receipt of the asset, determining if the location of the asset is within a defined delivery location, determining if the authorized recipient mobile device is within the defined delivery location, sending a passcode to the authorized recipient mobile device if the authorized recipient mobile device location and the location of the asset are within the defined delivery location, receiving an authenticated passcode from the authorized recipient mobile device within the defined delivery location and notifying a delivery agent that delivery of the asset is approved.

Abstract: According to an embodiment, a communication control device includes a first communication system connected between a first device and a network communication network, and a second communication system connected between the first device and the network communication network separately from the first communication system. The first communication system and the second communication system each include a controller. The controller executes switching such that one of the communication systems executes communication in the first communication mode, and when a problem is detected in the communication system that is executing communication in the first communication mode, the other communication system executes communication in the first communication mode.

Abstract: A method that is performed to access data nodes of a data cluster. The method includes obtaining, by a data access gateway (DAG), a request from a host; and in response to the request, obtaining bidding counters from the data nodes; obtaining metadata mappings from the data nodes; identifying, based on the bidding counters and metadata mappings, a data node of the data nodes associated with a highest bidding counter of the bidding counters and an appropriate metadata mapping of the metadata mappings; and sending the request to the data node.

Abstract: Methods and devices employed in providing lawful interception (LI) by products related to a service session of an LI target as a unique chain. The packets sent to a legal enforcement agency are chained and have shorter headers. The number of packets is reduced by including both intercept-related information (IRI) and content of communications (CC) in the same packet if time-wise appropriate.

Abstract: A method for distributed assignment of yields of a facility to participating persons on the basis of a smart meter gateway network comprising smart meter gateways comprises storing information with regard to participation of a person in the facility, in a chain of data sets cryptographically linked to one another in the smart meter gateway network; storing a smart contract in a chain of data sets, the smart contract being uniquely allocated to the facility and containing facility parameters necessary to calculate yields of the facility; receiving energy information produced by the facility by at least one smart meter gateway; storing the energy information or information derived therefrom in a chain of data sets; calculating yield tokens on the basis of the energy information and the smart contract; and assigning a part of the yield tokens to a participating person on the basis of the participation information.

Abstract: A data platform provides for encryption of secrets. During operation, an application of the data platform receives a secret and communicates the secret to an encryption client of the data platform. The encryption client generates an encrypted secret using a Data Encryption Key (DEK) and the secret. The encryption client communicates the DEK to an encryption server of the data platform while retaining the encrypted secret. The encryption server generates an encrypted DEK using a Transit Encryption Key TEK. The encryption server communicates the encrypted DEK to the encryption client and the encryption client generates a binary large object (blob) using the retained encrypted secret and the encrypted DEK. The application stores the blob on a data storage device.

Abstract: The present technology relates to a signal processing device and a signal processing method for enabling reduction of a processing load while ensuring safety. The signal processing device includes a control unit that acquires designation information indicating a designated portion to be encrypted in output data and an encryption processing unit that encrypts the designated portion indicated by the designation information in the output data using a key. Furthermore, the designated portion indicated by the designation information is changed with time. The present technology can be applied to an in-vehicle camera.

Abstract: This disclosure provides methods and techniques of referencing row access policy (RAP) protected mapping tables in a RAP for a data table are disclosed herein. An example method of referencing a mapping table in a data table using nested RAP includes defining, by a processing device, a first access policy for the mapping table to control access by specific users or under specific conditions. The processing device further defines a second access policy attached to the data table referencing the mapping table. The processing device in response to a query, executes the second access policy of the data table to provide a response or operation of data associated with the data table and the mapping table. Executing the second access policy invokes executing the first access policy of the mapping table.

Abstract: Provided are mechanisms and processes for computational risk analysis and intermediation. Security practices information characterizing security measures in place at a first computing system may be received from the first computing system via a network. Computing services interaction information characterizing data transmitted from a second computing system to the first computing system may be received from the second computing system via the network. A processor may determine a risk profile for the first computing system based on the security practices information. Based on the risk profile and the computing services interaction information, the processor may then determine an estimate of the information security risk associated with transmitting the data from the second computing system to the first computing system. A risk assessment message including the estimate of the information security risk may be transmitted to the second computing system.

Abstract: A data privacy protecting tool operates on behalf of a user to watermark or otherwise fingerprint selected data provided to a digital service provider (DSP) sites/apps. The watermarked data can then be used to monitor a DSP's compliance with distribution or access rules for the user data.

Abstract: Systems and methods for controlling the exposure of data privacy elements are provided. The systems and methods may generate an artificial profile model. The artificial profile model may include a constraint for generating new artificial profiles. A signal may be received indicating that a computing device is requesting access to a network location. One or more data privacy elements associated with the computing device can be detected. An artificial profile can be determined for the computing device. The artificial profile may be usable to identify the computing device. The one or more data privacy elements may be automatically modified according to the constraint included in the artificial profile model. The method may include generating a new artificial profile for the computing device. The new artificial profile may include the modified one or more data privacy elements. The new artificial profile may mask the computing device from being identified.

Abstract: A peer to peer (P2P) system and method for sharing encrypted digital content may be used in a content delivery network system.