Abstract: Technologies are generally described for methods and devices for generating a final signature. The methods may comprise receiving a message by a processor. The methods may comprise generating a random number by a random number generator. The methods may comprise forwarding, by the processor, the random number to a cloaking element generator. The methods may comprise forwarding, by the processor, a private key to the cloaking element generator. The methods may comprise forwarding, by the processor, a group to the cloaking element generator. The methods may comprise forwarding, by the processor, a homomorphism to the cloaking element generator. The methods may comprise processing, by the cloaking element generator, the random number, the group, the private key, and the homomorphism to produce a cloaking element. The methods may comprise applying the cloaking element to transform the message into the final signature.

Abstract: A single Internet of Things (IoT) gateway flow computer (either on a gateway machine or a non-gateway machine) that controls flow through both of the following types of gateways: (i) cloud gateways; and (ii) edge gateways. Both overall configuration and sub-configuration are automatically and dynamically controlled by the single, system-wide IoT gateway flow computer.

Abstract: Automated registration of one or more IoT devices seeking connection to one or more IoT platforms using a secure provisioning service. The secured provisioning service verifies and administers connection credentials to each IoT device, ensuring legitimate devices cannot be impersonated or controlled by unauthorized personnel. The provisioning service matches the IoT devices and metadata of each IoT device to the provisioning rules. Connection credentials and/or rules defining each IoT device's access to IoT platforms are based on the provisioning rules of the rules registry. Matching each IoT device to one or more provisioning rules offers flexibility to dynamically add, delete or amend one or more rules in a complex rules-based system, allowing for automatic updates to the connection credentials of each IoT device, wherein each IoT device can be provisioned or re-provisioned using the most up to date set of new or amended rules.

Abstract: A Confidence Broker System is disclosed. One embodiment of the present invention includes a confidence broker (10) which communicates with a plurality of confidence producers (12A, 12B, 12C) and a plurality of confidence consumers (14A, 14B, 14C). Communications between these elements is conducted via a communications infrastructure (16). The confidence broker (10) also includes a communications interface (42) which is connected to a protocol converter (44). The protocol converter (44) is connected to a confidence normalizer (46). The confidence normalizer (46) is connected to a confidence mediator (48). The confidence mediator (48) is connected to a confidence mapper (50). The confidence mapper (50) is connected to the protocol converter (44). Each of the protocol converter (44), the confidence normalizer (46), the confidence mediator (48) and the confidence mapper (50) is connected to a storage device (52).

Abstract: The system and method disclosed performs entity authentication through identification proofing. A relying party such as a corporation or other type of entity having a secure website, computer network and secure facility working a risk engine can determine the authenticity, validation and verification during registration of a user entity. The identification proofing is integrated with a risk engine. The risk engine is capable of using bio-behavior based information which may be continuously monitored.

Abstract: A method of operating a mobile device includes displaying a user interface as an image, the user interface being composed of a plurality of widgets, storing a privacy policy identifying at least one of the widgets, capturing a screenshot image corresponding to the screenshot image, excluding the at least one of the widgets from the screenshot image to create a modified screenshot image, and transmitting the modified screenshot image over a network to a monitoring server.

Abstract: Methods and systems for ensuring security of in-car systems in vehicles, particularly, user data privacy and protection of in-car systems from cyber attacks, hacking etc. is provided. After a two-level authentication process, wherein user identification data, token and passwords are used and matched to authenticate the user, a secure OS container is created for use for the user accessing the IVI system of the vehicle. This container is created on the host root file system such that the environments of the container and the host root file system of the IVI system are sandboxed from each other.

Abstract: The invention relates to a method for linking a terminal (1) into a region (4a) of an interconnectable computer infrastructure (2) which is designed for a plurality of users (6, 6a), said region being allocated to a user (6a). A user certificate (12a) is generated for the region (4a) allocated to the user (6a) and is provided to the user (6a) and/or the interconnectable computer infrastructure (2). A terminal certificate (16a) which is compatible with the user certificate (12a) is generated, and the terminal certificate (16a) is entered into the terminal (1). The terminal (1) is registered in the interconnectable computer infrastructure (2) via a data connection (20), wherein the terminal certificate (16a) and/or a password which is encrypted using the terminal certificate (16a) is transmitted from the terminal (1) to the interconnectable computer infrastructure (2) via the data connection (20) for the registration process.

Abstract: One embodiment provides a method, including: providing, using a light source operatively coupled to an information handling device, illumination on an object; capturing, using a sensor operatively coupled to the information handling device, illumination reflectance from the object; determining, using a processor and based on the illumination reflectance, whether the object is associated with a human user and whether the human user is an authorized user; and authenticating, responsive to determining that the object is associated with the human user and that the human user is an authorized user, the human user. Other aspects are described and claimed.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a data request is received. The request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. The authentication data can specify an authentication site of the network service. A navigation action is automatically performed on the authentication site. The requested data is received. A command to present on a client device the data is transmitted to the client device.

Abstract: Distributed systems and methods for encrypting data on a blockchain network are disclosed. One system comprises at least one injector coupled to a node on the blockchain, a controller coupled to the injector, and a generator coupled to the controller. The injector intercepts messages bound for the blockchain and encrypts data in the messages using encryption information received from the controller. The controller acquires encryption information from the generator, which generates encryption keys and derives encryption information from those encryption keys. The encryption information may be divided into multiple parts and distributed between a plurality of injectors. As a result, to assemble an encryption key for encrypting or decrypting data, an injector may have to cooperate with other injectors to acquire sufficient encryption information to re-assemble the encryption key.

Abstract: Techniques are provided for selecting attributes to cluster users for a user application entitlement evaluation.

Abstract: An information output device includes: a first output unit that outputs acquired information acquired by a sensor; and a second output unit that converts personal information included in the acquired information into attribute information from which identification of an individual is impossible, and outputs the attribute information.

Abstract: A security event identification system may enable obtaining, for each of the set of web requests, a screenshot of a corresponding web path resulting from the web request; applying a hash to each obtained screenshot; and determining, based on a comparison of the hashed screenshots, whether a security event exists related to the set of web requests.

Abstract: A user is assigned an initial risk score during a session with a messaging platform. During the session, the user attempts an operation with an external service. One or more additional authentication factors are requested from the user to dynamically lower the initial risk score. The lowered risk score is processed with the external service to perform the operation on behalf of the user during the session.

Abstract: Techniques for seamless certificate replacement for endpoints in hyperconverged infrastructure are disclosed. In one example, a certificate replacement request for an endpoint may be received. Upon receiving the certificate replacement request, a new certificate may be placed in the endpoint such that the endpoint includes an old certificate and the new certificate. Further, dependent endpoints having communication with the endpoint using the old certificate may be discovered and monitored. Furthermore, the new certificate of the endpoint may be placed in the discovered dependent endpoints and existing communication between the endpoint and each of the discovered dependent endpoints using the old certificate may be maintained. Upon completion of the existing communication, next communication between the endpoint and each of the discovered dependent endpoints may be enabled using the new certificate. Then, the old certificate may be decommissioned from the endpoint and the discovered dependent endpoints.

Abstract: The disclosed computer-implemented method for generating user profiles may include (i) analyzing a data set of user profiles for services, (ii) detecting a measurement of obfuscation that was applied to a specific attribute across multiple user profiles for a specific service, (iii) applying the measurement of obfuscation to true data for a new user by fuzzing the true data to create a fuzzed value, and (iv) generating automatically a new user profile for the specific service by populating the specific attribute within the new user profile with the fuzzed value. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for detecting malicious activity in a computer system. One or more graphs can be generated based on information objects about the computer system and relationships between the information objects, where the information objects are vertices in the graphs and the relationships are edges in the graphs. Comparison of generated graphs to existing graphs can determine a likelihood of malicious activity.

Abstract: Examples associated with firmware encryption are described. One example device firmware includes a base module. The base module controls a base function of the device. The device firmware also includes a first encrypted module that modifies a first function of the device. The first encrypted module is inactive until decrypted. A decryption module decrypts the first module using a first encryption key and controls activation of the first encrypted module.

Abstract: A technology is described for device communication with computing regions. An example method may include receiving at a first computing region a request for a computing resource. In response to receiving the request, a device associated with the request may be authenticated using authentication credentials for the device. An identity token that indicates permission for the device to access the computing resource in a second computing region may be generated and the identity token and instructions to connect to the second computing region may be provided to the device. The device may present the identity token to the second computing region in order to access the computing resource in the second computing region.