Abstract: A server, primary client device, and secondary device may be provided. The server may be configured to receive a login request sent by a secondary client device, the login request including a secondary account identifier and an encoded image, the secondary account identifier associated with a secondary account. The server may decode the encoded image to identify a primary account identifier and an expiration time indicator encoded in the encoded image. The server may determine that the secondary account is linked with a primary account. The server may compare the expiration time indicator with the request time to determine that the encoded image has not expired. The server may authorize privileged communication with the secondary client device in response to the secondary account being linked with the primary account and determination that the encoded image has not expired.

Abstract: Systems, methods, and computer-readable storage media are provided for sharing user-information with bots. An automated task to be performed on behalf of a user is determined from at least one user message provided to a user interface of a first bot. A second bot is determined that is capable of performing the automated task on behalf of the user. User information of the user to provide to the second bot for the performing of the automated task is determined. Content of the user information is based on a trust level of the second bot and service parameters for completing the automated task. The first bot provides the determined user information to the second bot using one or more network communications.

Abstract: A system and method for identifying and preventing vulnerability exploitation is provided. The system comprises a processor and memory. The memory stores one or more programs comprising instructions to execute a method. The method first comprises comparing a first version of a software module with a second version of a software module. Second, the system determines one or more differences between the first version and the second version. Next, the system represents the one or more differences as symbolic constraints. Last, the system generates a firewall for identifying exploitative input using the symbolic constraints.

Abstract: Methods of facilitating communication between clients and servers are contemplated. Embodiments of the inventive subject matter make it possible for a client to establish a packet-based connection with a server by first authenticating with a web backend. This can enable, for example, a client to establish a packet-based connection with a server though a web browser.

Abstract: Provided are exemplary embodiments including a method for creating and using a personal encounter history using a communication device. The method involves the communication device receiving the transmission of a pseudo identifier from a proximal communication device where the pseudo identifier is associated with the user of the proximal communication device. Once received, the method continues with the wireless communication device requesting and receiving the actual identification of the user of the proximal communication device that is correlated with the pseudo identifier. The communication device includes a transceiver capable of communicating wirelessly with a mobile telecommunications network, a memory device and a processor. To ensure privacy, the processor is capable of receiving a pseudo identifier from a proximate communication device and then requesting an actual identification correlated with the pseudo identifier of the proximate communication device.

Abstract: Example systems, methods and storage media to provide a cross-enterprise workflow among clinical systems are disclosed. An example cross-enterprise enabled clinical information system includes a workflow manager to coordinate user workflows with respect to the system and associated content. The system includes an image services manager configured to manage images and associated services for the system and associated content. The workflow manager and image services manager are configured for cross-enterprise content sharing such that the system is to locally authenticate a user at the system and the system is to locally authorize a remote request for access to content at the system from a remote user that has been authenticated remotely. The system is arranged to provide content in response to the remote request after the remote authentication has been received and the system has verified the remote user's authorization for access.

Abstract: A method and apparatus provides a blockchain that includes one or more blocks that contain a cryptographic binding of a signature-verification public key and/or a data encryption public key to the identity of the holder of the corresponding private key. The binding is performed by one or more key binding entities, referred to herein as a blockchain identity binder. Originators and recipients use the identity binding data to secure block chain transactions.

Abstract: A method includes receiving, from a device, (i) a certificate request for a certification authority and (ii) a first digital certificate. The certificate request is digitally signed by the first device, and the first digital certificate is stored in the device. The method also includes verifying, at the certification authority, the first digital certificate using a second digital certificate of another certification authority. The method further includes verifying a digital signature of the certificate request using the first digital certificate. In addition, the method includes, after verifying the first digital certificate and the digital signature, transmitting a second digital certificate to the device.

Abstract: The disclosed technology is generally directed to blockchain technology. In one example of the technology, a pre-determined type of blockchain protocol code is stored in a trusted execution environment (TEE) of a processor. TEE attestation is used to verify that the blockchain protocol code stored in the TEE is the pre-determined type of blockchain protocol code. A blockchain transaction is received. The blockchain transaction is processed while disallowing access to raw transaction data. A state of the processed blockchain is updated for a blockchain network based on the processing of the blockchain transaction, while disallowing access to raw transaction data.

Abstract: Techniques for Diameter security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for Diameter security with next generation firewall includes monitoring Diameter protocol traffic on a service provider network at a security platform; and filtering the Diameter protocol traffic at the security platform based on a security policy.

Abstract: A Data Processing Risk Remediation System may be configured to: (1) access risk remediation data for an entity that identifies suitable action(s) to remediate a risk in response to identifying one or more data assets of the entity that may be affected by potential risk trigger(s); (2) receive an indication of an update to the one or more data assets; (3) identify one or more updated risk triggers for the entity; (4) analyze the one or more potential updated risk triggers to determine a relevance of a risk posed to the entity by the one or more updated risk triggers; (5) use one or more data modeling techniques to identify one or more data assets associated with the entity that may be affected by the risk; and (6) update the risk remediation data to include the one or more actions to remediate the risk.

Abstract: A data de-identification method, a data de-identification apparatus and a non-transitory computer readable storage medium executing the same are provided. Original data including an identification field, a condition field, and a record field is obtained. An event condition is obtained according to the condition field. From the original data, a plurality of event fragment sequences corresponding to each of a plurality of identification data and corresponding to the event condition are obtained according to the plurality of identification data in the identification field and the event condition. Sequence data is obtained according to the plurality of identification data and the plurality of event fragment sequences corresponding to each of the identification data. De-identification data is obtained by adjusting the sequence data.

Abstract: Techniques for network layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for network layer signaling security with next generation firewall includes monitoring a network layer signaling protocol traffic on a service provider network at a security platform; and filtering the network layer signaling protocol traffic at the security platform based on a security policy.

Abstract: Techniques for application layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for application layer signaling security with next generation firewall includes monitoring application layer signaling traffic on a service provider network at a security platform; and filtering the application layer signaling traffic at the security platform based on a security policy.

Abstract: A method performed by a first UE. The method includes: the first UE sending via a first signaling protocol to a network node a service capabilities request, the service capabilities request requesting service capability information for a second UE; the first UE receiving from the network node a response to the service capabilities request, the response rejecting the service capabilities request; and as a result of receiving the response rejecting the service capabilities request, the first UE sending to the second UE, via a second signaling protocol other than the first signaling protocol, a service capabilities exchange invitation requesting an exchange of service capabilities.

Abstract: Techniques for transport layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for transport layer signaling with next generation firewall includes monitoring transport layer signaling traffic on a service provider network at a security platform; and filtering the transport layer signaling traffic at the security platform based on a security policy.

Abstract: A system, method, and apparatus for providing secure communications to one or more users through an unclassified network. The system may include a network access management device may have a plurality of internal data network communications interfaces configured to communicate with at least one classified computing device using a National Security Agency (NSA) Commercial Solution for Classified (CSfC) comprised solution and an external data network communications interface configured to communicate with an unclassified network. A network access management device may use an inner NSA CSfC approved tunneling technology, an outer NSA CSfC approved tunneling technology, and a processor configured to perform processing and routing protocols associated with interconnecting the internal data network communications interface and the external data network communications interface.

Abstract: A data processing request is obtained containing blockchain data and an identifier used to identify a blockchain network to which the data processing request belongs. The identifier is extracted from the data processing request. Based on the identifier, corresponding processing logic associated with the data processing request is executed. The blockchain data is stored to a blockchain storage area corresponding to the identifier.

Abstract: A supplier network device is provided and includes a supplier processor and memory that stores a credential package including information for a chip or a vehicle control module (VCM). The supplier processor: receives ID and signature public keys from the chip, where the ID and signature public keys correspond respectively to private keys stored in the chip; transmit the ID and signature public keys to a certificate authority processor of a vehicle manufacturer data center; and receive the credential package including signing certificates from the certificate authority processor prior to assembling the VCM. The supplier processor: reads the ID public key from the VCM subsequent to incorporating the chip in the VCM; identifies the credential package based on the ID public key; and based on the identifying of the credential package, programs the VCM with the signing certificates prior to installation of the vehicle control module in a vehicle.

Abstract: Utilities (e.g., methods, systems, apparatuses, etc.) for use in generating and making use of priority scores for data generated by one or more data systems that more accurately prioritize those events and other pieces of data to be addressed by analysts and troubleshooters before others (e.g., collectively taking into account threats posed by origin host components and risks to impacted host components) to work the highest risk events and alarms first and to effectively and efficiently spend their alarm monitoring time.