Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, and provide results of the automated analysis in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria or rules so as to generate a compact, human-readable analysis of the data clusters. The human-readable analyses (also referred to herein as “summaries” or “conclusions”) of the data clusters may be organized into an interactive user interface so as to enable an analyst to quickly navigate among information associated with various data clusters and efficiently evaluate those data clusters in the context of, for example, a fraud investigation. Embodiments of the present disclosure also relate to automated scoring of the clustered data structures.

Abstract: The present description relates to systems and techniques for allowing a third party verifier to verify aspects of secured data, or successful communication thereof. For example, a message or other data may be associated with a shared manifest that describes aspects of some data but does not reveal or expose the data. As a result, the data may be kept private while selective privacy and verification with respect to the data is achieved by the inclusion of only selected aspects of said data in the shared manifest.

Abstract: A system provides cloud-based identity and access management. The system receives a request from a client for a resource, authenticates the request, and accesses a microservice based on the request. The system determines, by the microservice, whether the resource is cached in a near cache or in a remote cache, retrieves the resource from the near cache or from the remote cache when the resource is cached, and calls an administration microservice to obtain the resource when the resource is not cached. The system then provides the resource to the client.

Abstract: Methods are described for constructing a secret key by multiple participants such that any quorum combination of participants can generate a fixed number of key components that can be combined by a recipient to generate the secret key. The methods permit an identical secret key to be generated by a different sized quorum from different participants if required. The keys may be used as private keys for encryption, decryption, digital signatures or authentication tokens and each key is generated from a key index. The circuits used by a quorum of participants for the generation of keys feature nested non-linear devices connected in series with outputs multiplied by stored secret values. Example applications are described including blinded cipher text generation, a multi-signature cryptocurrency system and an encrypted cloud storage system.

Abstract: Protecting the security of an entity by using passcodes is disclosed. A user's passcode device generates a passcode, where sometimes the device is called Alice. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system (called Bob or the second party), which authenticates the passcode by at least generating a passcode from a passcode generator or nonce, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator. In these embodiments, there are asymmetric secrets stored on the passcode device (Alice's device) and by the administrator (Bob's device). This adds more security so that if the backend servers are breached, the adversary cannot generate valid passcodes. In some embodiments, the passcode depends on a nonce or the rounded time.

Abstract: A third party intermediary and a data protection method, system, and non-transitory computer readable medium, include a content request receiving circuit configured to receive a service request from a user, to communicate the service request to a provider, and to receive pre-approved versions of content from the provider, a content matching circuit configured to match a pre-approved version of content of the pre-approved versions of content to the user based on a condition of the user, a user data receiving circuit configured to receive user data to complete the pre-approved version of the content, and a zero-knowledge verifiable computing circuit configured to execute a program using zero-knowledge verifiable computing to remove private content from the pre-approved version of the content to ensure privacy of the condition of the user from the provider.

Abstract: Systems and methods for monitoring data input are disclosed. A dataset entered into a non-password field is received. Based on the dataset meeting one or more criteria for a likely password, a determination as to whether the dataset is inadvertently entered into the non-password field is made. Based on determining that the dataset is inadvertently entered into the non-password field, further processing of the dataset is inhibited.

Abstract: A portable device is provided. The portable device may include a display; an input device; a camera; a processor coupled to the display, the input device, and the camera; and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, to implement a method comprising: receiving authentication data from the input device, determining whether the received authentication data matches authentication data associated with an authorized user, and displaying, on the display, a credential, an item, and data associated with the item.

Abstract: A threat detection system for detecting malware can automatically decide, without manual expert-level interaction, the best set of features on which to train a classifier, which can result in the automatic creation of a signature-less malware detection engine. The system can use a combination of execution graphs, anomaly detection and automatic feature pruning. Execution graphs can provide a much richer structure of runtime execution behavior than conventional flat execution trace files, allowing the capture of interdependencies while preserving attribution (e.g., D happened because of A followed by B followed by C). Performing anomaly detection on this runtime execution behavior can provide higher order knowledge as to what behaviors are anomalous or not among the sample files. During training the system can automatically prune the features on which a classifier is trained based on this higher order knowledge without any manual intervention until a desired level of accuracy is achieved.

Abstract: Provided is a process of securing data in a distributed storage and processing application, the process including: obtaining a cluster of computing nodes, wherein: the cluster stores a plurality of ciphertexts; accessing a transformation key with a first computing node; transforming the ciphertext with the first computing node based on the transformation key into a transformed ciphertext configured to be decrypted with a temporary access key; decrypting the transformed ciphertext with the second computing node based on the temporary access key to obtain plaintext data.

Abstract: Various embodiments are generally directed to techniques to load and run secure enclaves for use by kernel mode applications. An apparatus to provide kernel mode access to a secure enclave includes a kernel mode secure enclave driver to provide user mode support for a kernel mode application and to initialize a secure enclave on behalf of the kernel mode application and a user mode secure enclave manager to process an instruction from the kernel mode application to the secure enclave.

Abstract: Method and system for routing communications traffic between a machine to machine, M2M, device connected to a telecommunications network and having an International Mobile Subscriber Identity, IMSI, and a server, the method comprising assigning an access point name, APN, from a plurality of APNs based on the IMSI of the M2M device. Routing, via the assigned APN, communications traffic between the M2M device and the server, wherein the server is determined based on one or more of: the IMSI, the APN and a characteristic of a communication traffic between the M2M device and the server.

Abstract: An electronic device. The electronic device comprises a memory comprising a confidential information region and a non-confidential information region, a processor, and an application stored in the memory. When executed by the processor, the application determines if a reboot has occurred after a most recent power-off boot, where a reboot takes place without removing power from the processor and memory and, in response to determining that the reboot occurred after the most recent power-off boot, prevents access of applications to the confidential information region in the memory.

Abstract: A method, server, device and computer readable medium for facilitating communication between users permitted to access a messaging server is provided. The messaging server comprises a user database, a processor and memory. The user database is configured to store user information for the users and at least one name directory. The name directory includes a list of users permitted to communicate with each other. The memory has stored thereon instructions which, when executed by the processor, cause the messaging server to transmit the name directory to the users listed therein at predefined times.

Abstract: In some examples, a plurality of multi-dimensional data samples representing respective behaviors of entities in a computing environment are sorted, where the sorting is based on values of dimensions of each respective multi-dimensional data sample. For a given multi-dimensional data sample, a subset of the plurality of multi-dimensional data samples is selected based on the sorting. An anomaly indication is computed for the given multi-dimensional data sample based on applying a function on the multi-dimensional data samples in the subset. It is determined whether the given multi-dimensional data sample represents an anomalous entity in the computing environment based on the computed anomaly indication.

Abstract: A material set, such as an asymmetric keypair, is processed using an associated workflow to prepare the material set for activation and/or use. In one embodiment, a material set is generated and information about the material set is communicated to a workflow manager. Based at least on the information, the workflow manager generates a workflow that when accomplished will allow the material set to be activated and/or used. In another embodiment, a service provider provides a key manager, workflow manager and destination for the key, such as a load balancer that terminates SSL connections. A key can be generated by the key manager, sent through the workflow manager for processing (potentially communicated to third parties such as a certificate authority, if needed) and installed at a destination.

Abstract: A computing module is described herein, wherein the computing module is configured to perform acts including generating a digital signature for a printed circuit board (PCB), wherein the digital signature is based upon a sensor signal generated by a sensor that is electrically coupled to at least one of a trace of the PCB or an electrical component of the PCB. The acts further include determining that the PCB is authentic and is free of tampering based upon the digital signature. The acts additionally include outputting an indication that the PCB is authentic and is free of tampering responsive to determining that the PCB is authentic and is free of tampering.

Abstract: Provided is a process including: encrypting each of a plurality of data encryption keys with a first public cryptographic key to form encrypted data encryption keys; obtaining a second public cryptographic key; generating a transformation key based on the first public-private cryptographic key pair and the second public cryptographic key; and transforming the encrypted data encryption keys with proxy re-encryption based on the transformation key; and obtaining the second private cryptographic key and the transformed encrypted data encryption keys.

Abstract: Provided is a computer system and method that enables delegated access to encrypted information for distributed messaging and queuing frameworks, or in general, to publish/subscribe architectures. In said frameworks and architectures, data is published by data producers and organized in channels or queues, which consumer applications can subscribe to, and that are managed by one or multiple broker entities.

Abstract: Computer processors are configured to verify a unique user identification credential for a requesting user of a first client in response to receiving request for access to a microservice process from the user via the first client; create a client identification token in response to verifying a unique user identification credential for the user, and a session identification token for the request; pass the session identification token to the requesting client mapped to the client identification token; enable requested access by the first client to the requested microservice process in association with the session identification token in a session that is persisted to a session repository identified by the session identification token; and cause the requesting client to replicate the persisted session in association with the session identification token.