Abstract: A relay device transfers a plurality of original data fragments corresponding to a plurality of secret sharing values of original data to a plurality of secure computation devices, transfers, to each of the secure computation devices, a request to send a result fragment based on a secure computation result corresponding to any one of the original data fragments, and transfers the result fragment. The relay device controls timing with which the original data fragments are transferred and timing with which the request to send is transferred.

Abstract: An apparatus has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to store identity attributes including real identity attributes for a real individual and at least two sets of digital identity attributes each operative as a personal privacy proxy with compartmental identity attributes. The at least two sets of digital identity attributes each include a digital identity name, a digital identity mobile device number and a digital identity email address. The at least two sets of digital identity attributes are evaluated to produce a similarity measure. The real individual is provided with a recommendation based upon the similarity measure.

Abstract: A system and method for a computer system for the secure storage, transmittance and access of genetic data includes a coordinator server including a coordinator program arranged to update secure access information, the coordinator server being in communication with a genetic data sequencing server, a genetic data analysing server, and a genetic data storage server, whereby the coordinator server communicates the secure access information in a manner to allow the genetic data storage server to act as a proxy server between the genetic data sequencing server and the genetic data analysing server.

Abstract: Measurements of a device's firmware are made regularly and compared with prior, derived measurements. Prior measurements are derived from a set of identical firmware measurements obtained from multiple devices having the same make, model and firmware version number. The firmware integrity status is reported on a data and device security console for a group of managed endpoints. Alerts about firmware changes, which may be potential attacks on the firmware, are given automatically.

Abstract: The disclosure relates to techniques for enforcing a limit on single sign-on (SSO) sessions for users across multiple data centers in a multi data center deployment. Users may request access to resources that are governed by an access manager deployed across multiple data centers, with each data center being associated with its own identifier. Each user may be associated with an identity attribute preserved in identity stores across the multiple data centers. The prerequisite for session creation at a data center may be to update the identity attribute of the user to that data center's identifier. If the identity attribute can be updated successfully, the access manager can create a new SSO session at that data center. Updates to the identity attribute may be synchronized across all of the data centers, with each data center aware of any existing sessions based on the current value of the identity attribute.

Abstract: A method, comprises: receiving, by a server device, a policy identifier from a user device, wherein the policy identifier represents the occurrence of an event on the user device; matching, by the server device, a policy to the policy identifier; and outputting, by the server device, the matched policy to the user device to cause the user device to set the policy on the user device.

Abstract: A user may be authenticated using an authentication scheme based on user access to two or more selected electronic devices. A security key may be assigned to the user. The security key is divided into multiple parts that are distributed among electronic devices associated with the user. The security key can be reconstructed based on a distributed trust among the devices, where some devices may have a higher trust level than others. For example, each device can receive a number of key parts. In response to a request to authenticate the user, parts of the security key may be retrieved from two or more, but less than all, of the plurality of electronic devices associated with the user. The retrieved parts are used to reconstruct the security key, and the user is authenticated based on the reconstructed security key.

Abstract: Systems and methods for applying and detecting cross dependent marks incorporated into an electronic or digital image to form a watermark. The electronic or digital image may include encoded information for example a machine-readable symbol. The watermarking may include an encoding and insertion sub-process that inserts one or more marks into an image at a first point in time for form a marked image, an extraction sub-process that extracts the marks at a second point in time, and a detection sub-process 108 that determines if any modifications have been made to the marked image. The marked image may be formed by determining a first original descriptor and first original mark within the image, determining a second original descriptor and second original mark within the image, and incorporating the first original mark into the second original descriptor and incorporating the second original mark into the first original descriptor.

Abstract: A communication system including a receiver to receive training data. An input interface to receive input data coupled to a hardware processor and a memory. The hardware processor is configured to initialize the privacy module using the training data. Generate a trained privacy module, by iteratively optimizing an objective function. Wherein for each iteration the objective function is computed by a combination of a distortion of the useful attributes in the transformed data and of a mutual information between the sensitive attributes and the transformed data. Such that the mutual information is estimated by the auxiliary module that maximizes a conditional likelihood of the sensitive attributes given the transformed data. Receive the input data via the input interface. Apply the trained privacy module on the input data to produce an application specific transformed data. A transmitter to transmit the application specific transformed data over a communication channel.

Abstract: A method for providing a token code in conjunction with a value token is disclosed. The token code serves as a shared secret for authenticating the use of the value token. Multiple token holders can possess the same value token, but each token holder may have a different token code for use with the value token.

Abstract: Implementations of this disclosure provide verification in a blockchain-type data storage ledger. An example method performed by a server includes receiving a verification request that includes a hash value to be verified; determining a data record of the blockchain-type data storage ledger that corresponds to the hash value to be verified; obtaining a value of a service attribute included in the data record; determining a set of data records of the blockchain-type storage ledger that correspond to the value of the service attribute in the blockchain-type data storage ledger; determining one or more data blocks of the blockchain-type data storage ledger that store data records included in the set of data records; and performing integrity verification on each one of the data blocks that store the data records included in the set of data records.

Abstract: An authentication apparatus, included in a device supporting a network communication, includes a certificate handler that receives a certificate of an opponent and parses or verifies the certificate of the opponent. Cryptographic primitives receive an authentication request of the opponent, generate a random number in response to the authentication request, generate a challenge corresponding to the random number, and verify a response of the opponent corresponding to the challenge. A shared memory stores the parsed certificate, the random number, the challenge, and the response. An authentication controller controls the certificate handler, the cryptographic primitives, and the shared memory through a register setting, according to an authentication protocol.

Abstract: In one or more embodiments, an encryption key of a device may be split into multiple segments. One of the segments may be retained by an owner of the device, and some of the segments may be distributed to multiple entities. For example, one of the segments may be provided to a service provider, and one of the segments may be provided to an escrow agent. The escrow agent may process its segment, provide information based on its segment to a public ledger, and destroy its segment. A proxy agent may retrieve, from the public ledger, the information based on the segment provided to the escrow agent and obtain compensation. When the proxy agent obtains the compensation, the public ledger exhibits information utilizable to obtain the segment provided to the escrow agent. With the segments provided to the escrow agent and the service provider, the encryption key may be obtained.

Abstract: Various embodiments include systems and methods of determining whether media access control (MAC) address spoofing is present in a network by a wireless communication device. A processor of the wireless communication device may determine an anticipated coherence interval based on a beacon frame received from an access point. The processor may schedule an active scan request and may determine whether a response frame corresponding to the scheduled active request is received within the anticipated coherence interval. The processor may calculate a first correlation coefficient in response to the response frame being received within the anticipated coherence interval and may determine that MAC address spoofing is not present in the network when the first correlation coefficient is greater than a first predetermined threshold.

Abstract: A computer-implemented method of encrypting information on a virtual ledger, the method including receiving the information from a first party and a second party, encrypting a portion of the information received from at least one of the first party and the second party, publishing the encrypted portion on the virtual ledger, and providing a decryption key based upon the published encrypted portion to the first party and the second party.

Abstract: Described herein are systems, methods, and software to enhance secure communications between computing systems. In one implementation, a private domain name system (DNS) receives a DNS lookup request from a computing system of a plurality of computing systems associated with a private communication group, and forwards the DNS lookup request to a public DNS. The private DNS further receives a public address associated with the DNS lookup request from the public DNS, translates the public address to a private address, and transfers the private address to the requesting computing system.

Abstract: A system and method for providing or exchanging healthcare information (e.g., medical information) to authorized users in a secure manner. The method is implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions operable to: assign identification information to a plurality of users and a plurality of items; associate the identification information of a user of the plurality of users with one or more items of the plurality of items; set-up security policies including predetermined locations, within predetermined stages within a sequence and during predetermined times; and provide the user access to the one or more items when there is a matching between the identification information of the user and the one or more items, and all of the security policies associated with the user and the one or more of the plurality of items are met.

Abstract: In one embodiment, a device in a network receives information regarding a network anomaly detected by an anomaly detector deployed in the network. The device identifies the detected network anomaly as a false positive based on the information regarding the network anomaly. The device generates an output filter for the anomaly detector, in response to identifying the detected network anomaly as a false positive. The output filter is configured to filter an output of the anomaly detector associated with the false positive. The device causes the generated output filter to be installed at the anomaly detector.

Abstract: The disclosed embodiments include computerized methods and systems that facilitate two-factor authentication of a user based on a user-defined image and information identifying portions of the image sequentially selected by the user. In one aspect, a communications device presents a first digital image of a first user on a touchscreen display. The communications device may receive, from the first user, information identifying portions of the first digital image selected in accordance with a candidate authentication sequence established by the first user. The selected first image portions may, for example, be associated with corresponding facial features of the first user. The communications device may determine whether the candidate authentication sequence matches a reference authentication sequence associated with the first digital image, and may authenticate an identity of the first user, when the first selection sequence is determined to match the second selection sequence.

Abstract: An information handling system includes a processor that executes instructions for a content sharing system that has mixed operating system capabilities. The processor detects pre-paired wireless connectivity for at least one of a plurality of remotely connected computing devices and implements a role-based policy to partially limit content sharing system operation, the operation is based on a role classification. The processor also auto-initiates navigation accessibility within authorized remotely connected computing devices via the content sharing system.