Abstract: Various systems and methods for providing a walk away lock are provided herein. A plurality of data packets may be received at a compute device from a user device. Here, each packet has corresponding time-to-receive value. A baseline latency value of the plurality of data packets may be determined based on their respective time-to-receive values. Additional data packets may be received from the user device, each of these additional data packets having their own corresponding time-to-receive values. A current latency value of the additional data packets may be calculated based on the respective time-to-receive values. A security operation may be performed based on the baseline latency value and the current latency value.

Abstract: The present disclosure relates to related methods, systems, and media containing instructions for detecting security risks related to a software component deployable in a container-based runtime environment. The method comprises receiving a trigger, the trigger indicating that a layer of a container within the container-based runtime environment is to be checked for security risks. A check layer of the container is identified that is to be checked for security risks. A determination is made that a check for security risks has not been previously performed for the check layer according to a check criterion, and responsive to this determination, a determination is made that a security analysis indicates a security risk. Responsive to this determination, a remedial action may be initiated.

Abstract: An operating method for a push authentication system and device, belonging to the field of information security.

Abstract: The present invention disclosed a method operable on a multiparty signing system for performing a multiparty signing act on a digital content. The multiparty signing system disclosed in the present invention comprises at least two multiparty signing servers configured with methods to perform the multiparty signing act of a digital content to sign. The multiparty signing system can be configured to perform the multiparty signing act by a private signing key split to at least two key shares, wherein each key share is held by each of the at least two multiparty signing servers. The multiparty signing system is also configured to communicate with at least one computerized node employed to conduct an approval process for approving the multiparty signing act. The approval process can be configured to conduct the approval process by employing a secure multiparty computation, wherein the approval process is configured to utilize secret shares held by the at least one computerized node.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, to provide digital identification. One of these methods includes comparing the location of a requester of a digital identification to the location of an owner of the digital identification. The method also includes providing information about the digital identification to the requester based at least in part on determining that the requester and the owner are within a predetermined distance.

Abstract: A computer implemented method of authenticating a user based on comparison of biometric data authentication process parameters measured during a biometric authentication process against a biometric signature authentication process model of the user, comprising receiving sensory data captured by one or more sensors operated to capture biometric data of a user during a biometric authentication process conducted to verify a biometric signature of the user, calculating a deviation of values of a plurality of authentication process parameters measured during analysis of the sensory data from the values of corresponding reference authentication process parameters retrieved from a biometric signature authentication process model of the user and authenticating the user based on verification of the biometric signature and according to the deviation.

Abstract: An MRI image processing and analysis system may identify instances of structure in MRI flow data, e.g., coherency, derive contours and/or clinical markers based on the identified structures. The system may be remotely located from one or more MRI acquisition systems, and perform: error detection and/or correction on MRI data sets (e.g., phase error correction, phase aliasing, signal unwrapping, and/or on other artifacts); segmentation; visualization of flow (e.g., velocity, arterial versus venous flow, shunts) superimposed on anatomical structure, quantification; verification; and/or generation of patient specific 4-D flow protocols. A protected health information (PHI) service is provided which de-identifies medical study data and allows medical providers to control PHI data, and uploads the de-identified data to an analytics service provider (ASP) system. A web application is provided which merges the PHI data with the de-identified data while keeping control of the PHI data with the medical provider.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based decentralized-identifier authentication, are provided. One of the methods includes: obtaining a request for authenticating a decentralized identifier (DID), wherein the request comprises the DID, a plaintext associated with a challenge for authenticating the DID, and a digital signature on the plaintext; obtaining a public key associated with the DID; determining, based on the obtained public key and the plaintext, that the digital signature on the plaintext is created based on a private key corresponding to the DID; and generating, based on the determination, a message confirming authentication of the DID.

Abstract: The present disclosure generally relates to managing content item collections. A collection management system receives a request for collection item metadata associated with a collection item. Collection management system obtains a content item identifier corresponding to the collection item identifier. Collection management system requests content item metadata from a content management system. Collection management system receives from the content management system content item metadata corresponding to the content item identifier. Collection management system filters the content item metadata to remove a portion of the content item metadata comprising privileged information. Collection management system retrieves collection item metadata using the collection item identifier. Collection management system adds the filtered content item metadata to the collection item metadata.

Abstract: A system that includes a tagging engine and a routing engine. The tagging engine is configured to link a data element with an access control tag array that links access control tags with end user groups. The tagging engine is configured to encrypt a hash of the access control tag array using a first key and to apply a second key to the access control tag array to obfuscate the access control tag array. The tagging engine is configured to send the data element, the encrypted hash, and the obfuscated access control tag array to a target network node. The routing engine is configured to compute a hash of the access control tag array and to forward the data element to the target network node in response to determining that the received hash of the access control tag array to the computed access control tag array are the same.

Abstract: Systems and methods that provide secure analytics using homomorphic and injective format-preserving encryption and an encrypted analytics matrix are disclosed herein. An example method includes encoding an analytic parameter set using a homomorphic encryption scheme as a homomorphic analytic matrix; transmitting a processing set to a server system, the processing set including at least the homomorphic analytic matrix and a keyed hashing function; and receiving a homomorphic encrypted result from the server system, the server system having utilized the homomorphic encryption scheme, the keyed hashing function, and a format preserving encryption scheme to evaluate the homomorphic analytic matrix over a datasource.

Abstract: An example electronic device includes memory for storing a program for unlocking the first electronic device using a wearable electronic device; wireless communication circuitry; and one or more processors configured to execute the program stored in the memory to cause the electronic device to at least establish wireless communication, via the wireless communication circuitry, with the wearable electronic device when the wearable electronic device is in a wireless communication range of the first electronic device; determine whether the wearable second electronic device is authenticated for unlocking the first electronic device; determine whether the wearable electronic device is in a specific range of the first electronic device based on a signal transmitted from the wearable electronic device being worn; and unlock the first electronic device based on determining that the wearable electronic device is authenticated and is in the specific range of the electronic device.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. An authentication session is first initiated to authenticate, via iris, a person claiming to be an authorized user, in which a first set of signals is randomly generated for controlling light strobing to be applied to the iris of the person for detecting liveness of the iris. A second set of signals is accordingly generated for controlling iris picture capturing synchronized with the light strobing. The light strobing is applied to the person via strobes generated based on the first set of signals and pictures of the iris of the person are acquired, based on the second set of signals, that are synchronized with the light strobing. Whether the person is live is then determined based on the synchronized pictures acquired when the light strobing is applied.

Abstract: A secure, remote support platform allows secure, remote device support with an edge device (101) and a trusted intermediary server resource (“trusted server”). The trusted server (113) is an endpoint for secure connections with a support application used by a remote technician and with the edge device. The secure connections carry messages with inputs, data requests, and feedback. Messages between the trusted server and support edge device are secured in a manner that allows each endpoint to validate the messages. The remote technician controls the edge device to assesses a target device connected to the edge device. The edge device presents emulated peripheral devices to the target device while capturing the target device desktop with a camera or presents remotely controlled peripherals and returns screen captures or updates of the desktop from the target device.

Abstract: Methods and systems for visualizing, analyzing, archiving and securing computer and internet of things (IoT) data networks are disclosed. The system includes a data collection device (sensor), preprocessing unit, analysis unit containing at least the Koopman mode analysis unit, and a postprocessing unit. The methods include Koopman mode analysis, support vector machines or deep learning used to compute the baseline, detect and rank known and unknown threats to the system, visualize and archive them. The methods also include creating and representing an Artificial Intelligence (AI) determined risk level indicators; using combined intel and notice alert severities with the AI risk level indicators to rank the alerts; using the AI indicators to create zero day risks; an AI Button to show the AI indicators and ranked alerts on a computer screen; and graphic user interfaces (GUI) to intuitively represent and interact with the AI indicators and ranked alerts.

Abstract: The present disclosure is for a system and a method for tracking physical and digital communication that is sent to an inmate who is incarcerated in a correction facility. The present invention enables a significant reduction in contraband and/or prohibited communication that is sent to inmates, and, at the same time, provides transparency in the communication delivery process such that a sender is appraised as to the status of the communication as it is processed by various systems and sub-systems within a correctional facility. Moreover, the present invention enables the identification and detection of criminal or prohibited communication that would otherwise have been undetected using prior art systems.

Abstract: Provided is a method, performed by a device, of protecting information from a side channel attack, the method including: loading a library shared by at least one application installed in the device to a memory of a first layer; inputting a value to a function of the library; based on the value being input, detecting a region of the memory accessed by the device from among regions of the memory of the first layer, to which the library is loaded; generating a protection code which accesses regions of the memory other than the detected region from among the regions of the memory of the first layer, to which the library is loaded; and adding the protection code to the function of the library.

Abstract: Provided is an information processing apparatus including a physical unclonable function (PUF) to generate a unique key using a process variation in a semiconductor manufacturing process, and an encryption unit to encrypt a password and/or bio-information received from a user using the unique key.

Abstract: Techniques for processing blockchain data are described. Each contract participant of a plurality of contract participants in a blockchain generates, for a target contract, a paired temporary public key and private key generated based on an asymmetric encryption algorithm. Each contract participant sends the temporary public key to other contract participants. First signature data is generated by each contract participant signing data information including the target contract and temporary public keys of the contract participants by using the temporary private key. A contract participant encrypts predetermined contract information by using a regulatory key of a regulator to generate an encrypted contract signed by each contract participant using the temporary private key, to generate second signature data.

Abstract: There are disclosed devices, system and methods for detecting malicious scripts received from malicious client side vectors. First, a script received from a client side injection vector and being displayed to a user in a published webpage is detected. The script may have malicious code configured to cause a browser unwanted action without user action. The script is wrapped in a java script (JS) closure and/or stripped of hyper-text markup language (HTML). The script is then executed in a browser sandbox that is capable of activating the unwanted action, displaying execution of the script, and stopping execution of the unwanted action if a security error resulting from the unwanted action is detected. When a security error results from this execution in the sandbox, executing the malicious code is discontinued, displaying the malicious code is discontinued, and execution of the unwanted action is stopped.