Abstract: A method for anonymizing data sets for use with risk management applications comprises receiving a data set from a source, the data set containing a plurality of correlated attributes. This embodiment further comprises analyzing the plurality of correlated attributes to create an attribute classification. Applying a differential privacy algorithm to the plurality of correlated attributes if the attribute classification requires data randomization is likewise a part of this embodiment. The randomized data set is provided to a risk management application. The randomized data set is used to create a risk management report, wherein the risk management report is an output of the risk management application.

Abstract: A method and system is disclosed for registering a user to a cloud-based application, for enabling user access to a cloud-based application. It may comprise receiving a registration request for user access to the cloud-based application, the registration request comprising an identifier associated with a telephone apparatus. The method may further comprise initiating a communication to the telephone apparatus using the identifier, and detecting receipt of the communication at the telephone apparatus to establish a telephony connection. The method may further comprise, subsequent to detecting receipt of the communication to establish a telephony connection, registering the user to the cloud-based application for enabling subsequent access.

Abstract: The present application concerns a method and a system of storing one or more service data items. To store and share in particular confidential data, the one or more service data items are partitioned into one or more data stores. The one or more data stores are stored. Metadata of the one or more data stores is generated and the metadata is stored in a metadata database.

Abstract: Exemplary systems and methods for malware attack detection and identification are provided. A malware detection and identification system a controller that features an analysis environment including a virtual machine. The analysis environment to (1) receive data by the virtual machine of the analysis environment and identify a portion of the data that have been received from one or more untrusted, (2) monitor state information associated with the identified portion of the data during execution by the virtual machine, (3) identify an outcome of the state information by tracking the state information during execution of the identified portion of the data by the virtual machine, and (4) determine whether the identified outcome comprises a redirection in control flow during execution by the virtual machine of the portion of the data, the redirection in the control flow constituting an unauthorized activity.

Abstract: A system and/or a method based on a scalable requirement, active compliance and resource management for enhancing real-time and/or near real-time Cyber security, utilizing a learning (self-learning) computer integrated with (a) one or more learning/quantum learning/fuzzy/neuro-fuzzy logic algorithms in real-time or near real-time and/or (b) one or more software agents in real-time or near real-time and/or (c) encrypted data or a set of encrypted data blocks identified with a blockchain, further coupled with a (quantum computing resistant) public key/private cryptosystem and/or semantic web and/or hardware authentication is disclosed.

Abstract: A requester device 12 registers inspection target data in a file server 18. An inspector device 14 operated by an inspector who inspects whether the inspection target data is illegitimate or not acquires, from the file server 18, the inspection target data registered by the requester device 12 and registers an inspection result of the inspection target data in a blockchain network 22. A viewer device 16 acquires, from the blockchain network 22, the inspection result registered by the inspector device 14 and executes data processing based on the inspection result.

Abstract: Cybersecurity peer identification (CPI) technology obtains security group definitions from an identity directory, computes peerSimilarityScores that represent user similarity in terms of security permissions, and submits contextual cybersecurity peer data to cybersecurity peer-based functionality (CPBF). CPBF code may then perform behavior analytics, resource management, permissions management, or location management. Cyberattacks may then be disrupted or mitigated, and inefficiencies may be avoided or decreased. Having smaller security groups in common gives users higher peerSimilarityScores than having larger groups in common, as a result of logarithmic, reciprocal, or other score functions. Security group definitions are refreshed and peer scores are updated at regular intervals or on demand by CPI code, to avoid staleness.

Abstract: Systems and methods for periodically modifying data privacy elements are provided. The systems and methods may identify a set of data privacy elements. A data privacy element can characterizes a feature of a computing device and can be detectable by a network host. A first artificial profile can be generated by modifying a first data privacy element based on an artificial profile model that defines a relationship associated with one or more constraints between the set of data privacy elements. Subsequent to generating the first artificial profile, a second artificial profile can be generated by periodically modifying a second data privacy element in accordance with the relationship defined by the artificial profile model. The computer device can be masked from being identified by the network host by sending the second artificial profile including the second data privacy element to a requested network location.

Abstract: Biometric authentication techniques are provided using selected manipulations of biometric samples. An exemplary method comprises obtaining enrollment information from a user, wherein the enrollment information comprises first manipulations to a first biometric sample of the user; initiating a challenge to the user in connection with an authentication request by the user to access a protected resource; processing second manipulations by the user of a second biometric sample of the user submitted in response to the challenge, and wherein the processing comprises determining a likelihood that the second manipulations of the second biometric sample of the user submitted in response to the challenge matches the first manipulations to the first biometric sample of the user submitted by the user with the enrollment information; and resolving the authentication request based on the likelihood.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. A first request is received to set up authentication information with respect to a user, wherein the first request specifies a type of information to be used for future authentication of the user. It is determined whether the type of information related to the user poses risks based on a reverse information search result. The type of information for being used for future authentication of the user is rejected when the type of information is determined to pose risks.

Abstract: Various aspects and embodiments of dwelling automation administration are described. Among other aspects or features of the embodiments, a dwelling automation system in a computing device authenticates a user. A management interface in the dwelling automation system generates a user interface for administering a plurality of automation devices at different dwellings based on access and control rights of the user. The user interface can grant the user access to at least one automation device associated with a hub associated with at least one dwelling.

Abstract: A controller is provided to construct and run a container from one or more encrypted container images without persisting any decrypted data from the one or more encrypted container images to non-volatile storage at any time. The controller may retrieve a container image with encrypted first data and encrypted second data, and may store the container image to non-volatile storage of a particular node. The controller may construct a container by mounting the container image as part of an encrypted file system of the container. During runtime execution of the container, the encrypted first data may be extracted and decrypted from the file system in response to a file system request for the encrypted first data, and the decrypted first data may be entered into volatile storage of the particular node while the encrypted first data and the encrypted second data are retained on the non-volatile storage.

Abstract: Methods, apparatus, systems and articles of manufacture to provide resource security are disclosed. Example methods and apparatus manage a benchmark specific to a resource, the benchmark created during development of the resource and including a collection of rules to constrain behavior of the resource, enable a rule of the benchmark that corresponds with a type of the resource, disable a rule of the benchmark that does not correspond with the type of the resource, test the enabled rule of the benchmark against the resource, identify an insufficiency of the resource based on the enabled rule of the benchmark, and remediate the insufficiency of the resource to comply with the enabled rule of the benchmark.

Abstract: Embodiments may provide techniques that provide the capability to manage consent for access to personal data common to multiple people. For example, a method may comprise identifying data for which at least a portion of the data is common to a plurality of individuals or entities, determining a consensus level, for a purpose, of the individuals or entities to which the stored data is common, the consensus level being required for access to the data, transmitting a request for consent to the stored data to each of the plurality of individuals or entities, receiving responses to the requests for consent from at least some of the plurality of individuals or entities, determining a consensus score based on the received responses to the requests for consent, and allowing or denying access to the stored data based on the determined consensus score and on the required consensus level.

Abstract: A computer-implemented method includes: in response to a first client device invoking a transaction with respect to a target smart contract, obtaining, by a blockchain node device in a blockchain, encrypted contract codes of the target smart contract; transmitting the encrypted contract codes of the target smart contract to a trusted execution environment; in response to determining that the target smart contract is not a managed smart contract, extracting a decryption key stored in the trusted execution environment, in which the decryption key corresponds to the encrypted contract codes of the target smart contract; decrypting the encrypted contract codes of the target smart contract; executing the decrypted contract codes of the target smart contract in the trusted execution environment; encrypting the execution result; and transmitting the encrypted execution result to the distributed ledgers of the blockchain for storage.

Abstract: This document describes a system and method for generating a common session key for encoding digital communications between devices. In particular, the system allows two devices to verify the veracity of each device before these authenticated devices proceed to generate a common session key that is then utilized to encode digital communications between these two devices.

Abstract: Embodiments of the invention relate to methods, apparatus and systems for biometric processes. The methods include updating stored ear model data for a user following successful authentication of the user. The ear model data may be acquired using a personal audio device that generates an acoustic stimulus and detects a measured response. The acquisition of the ear model data may be responsive to a determination that the personal audio device is inserted into or placed adjacent to the user's ear. The acquisition of the ear model data may also be responsive to the determination that the personal audio device has not been removed from or moved away from the user's ear.

Abstract: Embodiments of the disclosure relate to methods, apparatus and systems for biometric processes. The invention relates to initiating generation of an acoustic stimulus for application to a user's ear and extracting features for use in a biometric process from a measured response signal. The measured response signal may be used to derive one or more quality metrics and the quality metrics may be used to validate features extracted from the measured response. The quality metrics may be used to provide feedback to the user seeking to carry out the biometric process.

Abstract: Embodiments of the disclosure provide systems and methods for determining fingerprint information of a terminal device in a transportation service. An exemplary system may include a communication interface configured to establish a communication link between first and second terminal devices and receive user data from the first terminal device associated with a user of the transportation service. The communication interface may also be configured to receive authentication information authenticating the second terminal device. The system may also include a memory configured to store the user data and at least one processor coupled to the memory. The at least one processor is configured to determine a first fingerprint of the first terminal device based on the user data after receiving the authentication information authenticating the second terminal device.

Abstract: Disclosed are various approaches for generating a device posture token corresponding to a client device. The device posture token can be used by a verification computing device to determine whether the client device complies with the security policies of a particular facility.