Abstract: In one example, a home network associated with a user equipment obtains an authentication request to authenticate the user equipment to a serving network. The home network generates an authentication vector of a mobile security protocol. The authentication vector includes an indication that the user equipment is to be authenticated using a multi-factor authentication process. The home network provides the authentication vector to the serving network to prompt a response from the user equipment that is in accordance with the multi-factor authentication process. The home network authenticates the user equipment to the serving network based on the response.

Abstract: An example operation may include one or more of capturing a current version of sensitive data by a data processor node, hashing, by the data processor node, the current version of the sensitive data, storing, by the data processor node, a hash of the current version of the sensitive data on a first blockchain, encrypting, by the data processor node, the current version of the sensitive data using a secret key, and storing the encrypted current version of the sensitive data on a second blockchain.

Abstract: An information provision apparatus includes a memory configured to store personal data for each user, and a processor coupled to the memory and configured to in response to receiving a request for first personal data of a first user from a terminal device, determine difference between first data stored in the memory as the first personal data at a first time of receiving the request and second data stored in the memory as the first personal data at a second time before the first time, provision of the second data being permitted, perform, in accordance with the difference, determination of whether provision of the first data is permitted, and when it is determined that the provision of the first data is permitted, transmit the first data to the terminal device.

Abstract: Embodiments of the present disclosure describe selective discovery, management, and deletion of personal data. The method accesses a set of data on a networked resource. The data is formed of a plurality of data elements which are arranged in at least one data table. The method identifies one or more sensitive data elements within the set of data related to one or more individuals. The method determines a sensitivity level of the one or more sensitive data elements and generates a catalogue including at least one new data element representative of the one or more sensitive data elements and based on the sensitivity level of the one or more sensitive data elements. The method tags the one or more sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements corresponding to the new data element.

Abstract: Embodiments afford secure transfer of security key type(s) between different database servers having different key hierarchies. For example, a key transfer may occur from a source server to a target server during a database migration process. Particular embodiments comprise a SQL transfer command statement (e.g., TRANSFER ENCRYPTION KEY) recognized by an engine. Syntax of the SQL transfer command includes a password and a filename for a security key. Upon receiving the SQL transfer command, the engine references an information repository to identify a relevant key hierarchy and key type, encrypts the security key with a key derived from password, and stores (exports) the encrypted security key in a file for consumption (import) at the target server. The SQL transfer command may further comprise a direction component determining flow of key information, and an override function to deal with error messages arising from any already-existing security key having the same name.

Abstract: A client computer may split a process into sub-processes, send each sub-processes to a different group of peers in a blockchain network, wherein each group has at least one peer from each essential organization in the blockchain network, receive processed sub-transactions from the peers in the blockchain network, validate each sub-transaction, and validate the transaction based on the validation of all sub-transactions, wherein all sub-transaction must be valid for the transaction to be valid.

Abstract: An apparatus and method for joining an Internet of Things (IoT) network are provided, the apparatus including a communicator configured to receive, from an electronic device, an encrypted auto-onboard configuration data associated with the IoT network, a sensor configured to detect a user command, and at least one processor configured to generate a decryption key based on features extracted from the user command, decrypt the encrypted auto-onboard configuration data using the decryption key, and join the IoT network.

Abstract: Methods, systems, and devices for communications are described. A device or a group of devices may generate data. The group of devices may receive a group profile from a node that identifies the devices to be included, and the group profile may include a function to be evaluated at each of the devices. The node may also provision evaluation parameters which may allow the device to provide authenticated aggregate data to a requesting third party, without sharing the data between the devices, thus concurrently maintaining individual data privacy and data provenance.

Abstract: A computing system may generate and/or use a behavior photographic identification (“behavior photo ID”) that is based, at least in part, on anonymized parameters related to the behavior of a person. The behavior can include a history of phone calls, texts, or internet browsing. The behavior photo ID, which may be used to uniquely identify the person, may digitally modify a digital photo to encode behaviors or activities of the person. In some implementations, the behavior photo ID may be modified periodically, or from time to time, to produce an updated behavior photo ID that reflects new external events as well as relatively recent behaviors or activities of the person.

Abstract: Described is a system for continuously predicting and adapting optimal strategies for attacker elicitation. The system includes a global bot controlling processor unit and one or more local bot controlling processor units. The global bot controlling processor unit includes a multi-layer network software unit for extracting attacker features from diverse, out-of-band (OOB) media sources. The global controlling processing unit further includes an adaptive behavioral game theory (GT) software unit for determining a best strategy for eliciting identifying information from an attacker. Each local bot controlling processor unit includes a cognitive model (CM) software unit for estimating a cognitive state of the attacker and predicting attacker behavior. A generative adversarial network (GAN) software unit predicts the attacker's strategies.

Abstract: A method, device and non-transitory computer readable medium for randomized multi-factor authentication with biometrics includes randomly selecting one of a plurality of biometrics in response to a request from a client device. At least the randomly selected biometric is requested from the requesting client device. A match of the requested randomly selected biometric received from the requesting client device against stored biometric information above a set threshold is verified. Access for the request is granted when the verification indicates the match.

Abstract: Example systems and methods for biometric authentication that can bridge fuzzy extractors with deep learning and achieve the goals of preserving privacy and providing recoverability from zero are disclosed. Embeddings comprising a face or speaker embedding in a non-Hamming distance space can be processed to create a personal reliable bit map and a reliable locality-sensitive hash (LSH) for mapping the non-Hamming distance space to a Hamming distance space. A fuzzy extractor can be applied to create metadata that can be stored on a computing device. A secret can be recovered from the metadata and can be used for identification.

Abstract: An example operation may include one or more of generating, by a first blockchain client, a transaction to a blockchain network to transfer a document, transferring over a private channel, by a second blockchain client, a first key to the first blockchain client, the private channel providing a point-to-point connection between the first and second blockchain clients, encrypting the document using a shared key, transferring, by the first blockchain client, the encrypted document over the private channel, generating, by the second blockchain client, a transaction to acknowledge receipt of the encrypted document, and transferring the shared key encrypted with the first key.

Abstract: A system includes at least one data processor and memory storing instructions which, when executed by the at least one data processor, configures the at least one data processor to: provide, via a display, a visual stimulus including an animation containing at least a first object and a second object, the visual stimulus prompting for user input for authentication to a virtual domain; monitor movement of a user while providing the visual stimulus; identify, based on the monitoring, a sequence of dwell times of a characteristic of the user's movement with respect to the first object and the second object; compare the identified sequence of dwell times to a stored sequence of dwell times; and provide the comparison to enable authentication of the user in the virtual domain. Related apparatus, systems, techniques and articles are also described.

Abstract: A certificate transfer system includes a first certificate management host and a certificate transfer management host. The first certificate management host is configured to generate a first certificate, sign an electronic device with the first certificate, and transmit a first Internet address to the electronic device to complete a certificate-issuance operation. The certificate transfer management host is configured to store a transfer device list and a second Internet address. When the first certificate management host receives the first certificate issued by the electronic device, the first certificate management host verifies that the first certificate is correct and determines that if the first certificate matches one of the certificates in the transfer device list, the first certificate management host returns the certificate transfer management host address to the electronic device.

Abstract: Systems and methods for controlling a peripheral device with a web browser. A system includes a peripheral device and a user computing device executing a web browser and a device manager, the device manager configured to operate the peripheral device and including a device manager web server. An authentication token can be passed to the web browser from a web server upon coupling of the peripheral device with the user computing device and login by the user with the web browser. The web browser can pass the authentication token to the device manager through the device manager web server. The device manager can transmit the authentication token to the web server to pair the web browser with the device manager.

Abstract: The present invention relates to a method for encrypting a data pipeline in a computer system. A device receives a request to encrypt a data pipeline. The device can also receive encrypted stages of a data pipeline that are encrypted by an encryption key. The device can generate random locations in storage where the data pipeline stages will be stored. The random locations can be generated in response to the data pipeline stages being encrypted. The random storage locations can be stored in a mapping file. The mapping file can be selected to store the random locations based on the random storage locations being generated. The device can encrypt the mapping file based on the mapping file storing the random storage locations. The device can place the encrypted mapping file in memory.

Abstract: A handshake message includes a field containing random data that is filled with data used to derive keying material on the source and destination computers. The data may be elliptic curve data and may include a representation of the data used by the destination computer to verify that elliptic curve data is present. The data may additionally include data for deriving second keying material on a second destination computer that the first destination computer forwards to the second computer, receives a response, and returns data from the response as part of its own handshake message.

Abstract: A receiver apparatus and method for optimized decryption and despreading of a very low frequency (VLF) bitstream is disclosed. In embodiments, the receiver includes antenna elements for receiving a transmission security (TRANSEC) encoded bitstream associated with an uncertainty window size and a spread factor. The receiver includes cryptographic processors that, when the spread factor is sufficiently large, select key section numbers A and data section numbers B based on the window size and spread factor. The cryptographic processors generate an output sequence of correlation windows, each correlation window associated with a symbol of the bitstream, via pipelined sectional mirrored-key convolution based on a key section number A and data section number B chosen to optimize performance (e.g., processor performance, memory performance).

Abstract: A computer implemented method of securing an application executing in a software container deployed in a computer system includes providing access to the application selectively in accordance with access control rules by sharing an encryption key with authorized accessors.