Abstract: Systems and methods for encryption and authentication are disclosed. A system receives a document request over a network from a first computer system, the document comprising a plurality of fields configured to receive input data. The document is transmitted to the first computer system. Context data and the document, including field input data, are received from the first computer system. An encryption key is generated and used to encrypt the document field input data and the context data. A payload is generated including the encrypted document field input data, the encrypted context data, and a non-encrypted identifier linked to the key. The payload and an image of the document are provided to a second computer system. The document image is viewable using a portable document format viewer. A decryption key request including the identifier linked to the key is received. The decryption key is provided to the second computer system to decrypt the encrypted field input data and the encrypted context data.

Abstract: A system and method is provided to allow access to centralised patient data captured from a medical device across an open network to a third party. The system and method receives the request based upon patient-specific information, checks the request and allows access if the request matches stored information.

Abstract: A networked system has a plurality of nodes, each of which is configured for secure, encrypted communication of data over a general network. Protected devices communicate with the general network only via a respective associated one of the nodes and are network-addressable only via its associated node. Each node can automatically discover the presence of the other nodes, determine data communication routes to the other nodes, and establish point-to-point tunnels between themselves and selected ones of the other nodes, over which tunnels the protected devices may communicate with each other. The nodes and protected devices are thus organized as a mesh such that the protected devices are undetectable and unaddressable via the general network by entities external to the mesh.

Abstract: The disclosed computer-implemented method for controlling uploading of potentially sensitive information to the Internet may include (i) loading, at the computing device, at least a portion of a webpage and (ii) performing a security action including (A) converting, at the computing device, components of the webpage from an online status to an offline status, (B) receiving a sensitive information input to a respective offline component of the webpage, (C) converting, based on a stored user preference and in response to receiving the sensitive information input, the respective offline component to the online status, (D) buffering an outgoing network request comprising the sensitive information input, (E) receiving an approval input indicating approval to transmit the potentially sensitive information to the Internet, and (F) releasing the outgoing network request in response to receiving the approval input. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments of the present invention disclose a key exchange method and apparatus. A network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information.

Abstract: Systems and methods are described wherein sensor devices for gathering sensor data are in communication with a sensor processing application enabled to receive sensor data and to perform a function such as storing, processing, and redistributing sensor data or processed sensor data. A communication network to which the sensor devices are connected comprises a publish-subscribe broker network including a broker adapted to provide publish-subscribe broker services for entities including the sensor devices and the sensor processing application. A key management application distributes keys to entities that are authorized to send or receive on channels established within the broker network. An authorized subscriber entity connected to the broker network via a broker is enabled to receive data on a specific identified channel by subscribing to the channel and receive published data on the channel published by an authorized publisher entity.

Abstract: Systems, methods, and devices for provisioning user equipment devices. A zero touch configuration proxy (ZTCP) component may be configured to receive a client certificate and a request for a configuration file from a UE device, verify the authenticity of the received client certificate, use PKI and the SSL_CLIENT_S_DN_CN field of the client certificate to identify the UE, issue various commands/API calls to a provisioning system, determine whether the specific UE device is currently authorized to receive a particular service (e.g., VoIP, etc.), determine whether the specific UE device is allowed to access the requested configuration file, and send the configuration file to the UE device in response to determining, based on SSL_CLIENT_S_DN_CN field in the client certificate, that the UE device is authorized to access the configuration file and receive the requested service.

Abstract: The present invention is related to systems and methods for identifying and reporting a crisis status. In at least one embodiment, the system comprises a central server; an administrative work station communicably coupled to the central server, wherein the administrative work station is accessible only by an authorized administrator; a database communicably coupled to the central server, the database including a floor plan of the area, wherein the database is accessible and modifiable by the authorized administrator at the administrative work station; and a remote device at a particular location in the area, the remote device communicably coupled to the central server, the remote device capable of communicating securely to the database the particular location of the remote device and the crisis status of the particular location.

Abstract: Plaintext data is encrypted to produce ciphertext which is transmitted along with a hash of the plaintext data and corresponding metadata comprising an initialization vector and information about the encryption key version used to encrypt the plaintext data to a backend storage system. The encrypted ciphertext is deduplicated at the backend storage system (without first decrypting it) using the hash and stored based upon the metadata.

Abstract: Security features a situational awareness system using location tracking information including requiring a security identifier, such as a password or a bio identifier, as a condition to providing situational awareness information. The system may also restrict situational awareness information to data pertaining to members that have creating a permission setting or responded to an “opt-in” prompt authorizing data from their profile to be included in the situational awareness information. Situational awareness information may also be denied to requesters identified as public offenders in a public offender database. Situational awareness information may also be restricted by access rules specified in a security rule base, such as rules related to enrollment and rules related to the age of the requester and the age of a demographic profile of interest identified in the situational awareness request.

Abstract: According to certain embodiments, an electronic device comprises a housing comprising a front surface and a rear surface oriented in a direction opposite to the front surface, a touchscreen display exposed through at least a portion of the front surface, a fingerprint sensor arranged between the touchscreen display and the rear surface underlapping a region of the touchscreen display when viewed from above the front surface, at least one processor operatively connected to the touchscreen display and the fingerprint sensor, and a memory operatively connected to the at least one processor, wherein the memory stores instructions for causing the at least one processor, when executed, to perform operations comprising displaying a user interface comprising an object on the touchscreen display, receiving a gesture input for dragging the object toward the region, the gesture input inputted through the touchscreen display, identifying whether a finger providing the gesture input is a predetermined finger registered fo

Abstract: Techniques are described for providing access to anonymized user data derived from external data providers. A persona management system generates a searchable data store containing metadata related to a plurality of users of the persona management system. The metadata includes entries indicating: a first identifier of a user of the plurality of users of the persona management system, a second identifier of an external data provider of a plurality of external data providers that possess data related to users of the persona management system, a third identifier of an algorithm that is used to transform data possessed by the external data provider related to the user of the persona management system into one or more transformed data values, and the one or more transformed data values. In response to requests from various data consumers, the persona management system uses the metadata to identify users matching specified search criteria.

Abstract: Embodiments of the disclosure relate to methods, apparatus and systems for biometric processes. The invention relates to initiating generation of an acoustic stimulus for application to a user's ear and extracting features for use in a biometric process from a measured response signal. The measured response signal may be used to derive one or more quality metrics and the quality metrics may be used to validate features extracted from the measured response. The quality metrics may be used to provide feedback to the user seeking to carry out the biometric process.

Abstract: A moderation framework monitors content posted in a database network and uses a declarative configuration scheme that defines moderation rules without having to write new software. A user interface operated by the moderation platform allows selection of different user criteria and different content criteria for triggering the moderation rules. The user interface also provides selectable actions for the moderation rules to apply when the content matches the selected user and content criteria. The user interface also allows selection of different entities for associating with different moderation rules, such as accounts, cases, opportunities, Chatter® feed posts, or custom objects defined by customers.

Abstract: A chip includes a processing device to perform cryptographic operations by secret data; a memory to store a first plurality of information portions that correspond to a first breakdown of the data and from which the secret data are reconstructible by combination of the first plurality of information portions; a random number generator to provide random values; and a conversion device to ascertain second breakdowns of the data into a second plurality of information portions, from which the secret data are reconstructible and to control the memory for an ascertained second breakdown to store the present second plurality of information portions. The conversion device is further configured to ascertain the second breakdowns based on the random values and/or to determine the interval of time between the ascertaining and storing of a second breakdown and the ascertaining and storing of the subsequent second breakdown based on the random values.

Abstract: The present disclosure discloses a network access method performed at a computer server in connection with a social networking platform, comprising: receiving a network access request from a first social networking account at a first mobile terminal for accessing a wireless network bound to a second social networking account when the first mobile terminal is within a predefined distance from the wireless network; forwarding the network access request to the second social networking account, the network access request including the first social networking account and an identifier of the wireless network; receiving authorization information of accessing the wireless network from the second social networking account; and sending the authorization information to the first social networking account, the authorization information including verification information used for accessing the wireless network.

Abstract: The present invention relates to methods, apparatus and systems for authentication of a user based on ear biometric data, and voice biometric data or other authentication data. The ear biometric data may be combined with voice biometric data or with a security question and response.

Abstract: In a wireless network, a distributed ledger client maintains hardware-trust with a wireless network slice and distributed ledger nodes. The wireless network slice delivers wireless communication services to wireless user devices. When the distributed ledger client maintains hardware-trust with the wireless network slice, the wireless network slice transfers slice data to the distributed ledger client. The slice data that characterizes the delivery of the wireless communication services. The distributed ledger client transfers the slice data to the distributed ledger nodes. The distributed ledger nodes log the slice data when the distributed ledger client maintains hardware-trust with the distributed ledger nodes.

Abstract: The disclosed computer-implemented method for preventing system level browser attacks through mobile applications may include (i) intercepting a message transmitted by a mobile application, wherein the message is based on data received by the mobile application, (ii) obtaining a universal resource locator (URL) from the message, (iii) obtaining reputation data using the URL, (iv) determining that the URL is for a malicious website based on the reputation data, and (v) in response to determining that the URL is for the malicious website, performing a security action to protect the computing device from system level browser attacks. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The method of securing secure communication between a User Equipment (UE) and evolved NodeB (eNB), involves deriving a user plane (UP) encryption key (KUPenc) from a shared key (KeNB) associated with the UE for an ongoing communication session. At the UE, the UP encryption key (KUPenc) may be hashed with a number of random numbers to generate a plurality UP encryption keys(KUPenc(n)), wherein the random numbers are transmitted to the eNB through a Packet Data Convergence Protocol (PDCP) control message. One or more data packets sent from the UE to the eNB may be encrypted, by the UE, using the plurality of UP encryption keys (KUPenc(n)).