Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing data management. One of the methods includes: obtaining authentication information of a login user; generating a digital abstract of the authentication information of the login user; and authenticating the login user based on a comparison between the digital abstract of the authentication information of the login user and one or more digital abstracts stored on a blockchain.

Abstract: A microelectronic device that includes a sensor die, compute fabric dies, and storage component dies. Each compute fabric die has processing circuit components and data storage circuit components. A circuit component is selected and identifying information is generated by changing biasing and control parameters of the selected circuit component.

Abstract: A method for determining an encoding used for a sequence of bytes may be provided. The method comprises providing a set of candidate code pages and transforming them into different groups of sequences of bytes, wherein each group of sequences of bytes corresponds to one of the candidate code pages. Thereby each code point is transformed by applying a transformation from one of the candidate code pages to a reference code point value relating to a reference encoding for each code point. The method comprises further separating each of the transformed sequences of bytes into groups of tokens, wherein each group of tokens relates to one candidate code page, and providing an index relating to a text corpus. Furthermore, the method comprises selecting a code page from the set of candidate code pages at least partially based on how many tokens are found in the index.

Abstract: Systems and methods for point-to-point encryption compliance are disclosed. In one embodiment, in a point of interaction device comprising at least one computer processor, a method for point-to-point encryption compliance may include: (1) receiving card data from a card reading device; (2) determining an error with the card data; (3) generating substitute data by replacing at least a portion of the card data with substitute data; and (4) communicating the substitute data to a payment server. The card data may be received from a magnetic stripe reader, from an EMV card reader, or from a contactless card reader. The error may include comprises the card data not being compliant with ISO-7813.

Abstract: A computing device can include a comparator coupled to an I/O pin of the computing device; a storage unit coupled to the comparator; and a counter coupled to receive an output of the comparator, an output of the counter being coupled to a computation engine to provide a limit-exceeded signal to the computation engine, wherein the counter comprises a volatile counter and a nonvolatile storage, wherein the nonvolatile storage stores a bit for each top volatile count number of events identified by the volatile counter. The computing device can further include a backup power source coupled to the volatile counter; and readout circuitry and control logic coupled to the volatile counter and to the nonvolatile storage, the readout circuitry and control logic being configured to control operations of the volatile counter during an error event and determine a total number of events. The computing device can be a smart card.

Abstract: Devices, systems, and methods of detecting user identity, authenticating a user to a computerized service or to an electronic device, differentiating between users of a computerized service, and detecting possible attackers or possible fraudulent transactions. A method includes: generating a user authentication session that requires a user to enter a secret by performing a task; monitoring the user interactions during task performance; extracting a user-specific behavioral characteristic, and utilizing it as a factor in user authentication. The task requires the user to perform on-screen operations via a touch-screen or touchpad or mouse or other input unit of the electronic device, or to move in space or tilt in space the entirety of the electronic device in a way that causes inputting of the secret data-item.

Abstract: Predictive entity resolution uses a set of identity models to resolve an attribute to one or more associated entities, possibly with respective probabilities, at a particular time. The predictive entity resolution generates the sets of identity models from evidence events received from evidence sources. Each evidence event has at least one attribute and an associated time stamp.

Abstract: Implementations of the present disclosure include receiving a record corresponding to a private transaction recorded in two or more private state databases of entities participating in the private transaction within a distributed ledger system (DLS), generating a data representation based on the record, transmitting the data representation for public consensus processing within the DLS, and recording within a public ledger of the DLS, and providing a public record for recording in the DLS, the public record being recorded in a public state database of each of entity participating in the DLS.

Abstract: An access classification device includes: a processor configured to: construct a plurality of trees in each of which at least a first destination and a second destination are set as nodes, content information corresponding to the nodes is added to the nodes, and an instruction to transfer an access from the first destination to the second destination is set as an edge; associate nodes of the plurality of trees with each other for the plurality of trees constructed, based on similarity between local structures of the trees; calculate similarity between the nodes associated with each other in the plurality of trees, based on the content information added to the nodes, and calculate similarity between the plurality of trees using the calculated similarity between the nodes associated with each other; and classify the access into a set with similar features, based on the similarity calculated.

Abstract: A data provision system includes a data provision device and a data security device installed in a vehicle. The data provision device includes a vehicle interface configured to transmit data to and receive data from the vehicle; and an cryptographic processing unit configured to generate an electronic signature of application data to be applied to an in-vehicle computer installed in the vehicle by using a secret key of the data provision device, wherein application data with the electronic signature, which is obtained by attaching the electronic signature to the application data, is transmitted to the vehicle through the vehicle interface. The data security device includes an interface unit configured to transmit data to and receive data from a device outside the data security device; and an cryptographic processing unit configured to verify the electronic signature of the application data with the electronic signature received from the data provision device.

Abstract: There is provided a network appliance, methods and systems which intercept web and email traffic, extract executables, compare the executables with a policy and wrap the executables. Then, the wrapped executables are delivered to a client system in a manner to protect the network and end point devices, where the wrapped executables are run in a sandbox with all file system, registry accesses, communication and traffic isolated. Systems, networks, and methods for the prevention of phishing are also provided.

Abstract: A system, method and elliptic curve cryptography scheme having a fault injection attack resistant protocol. The cryptographic scheme has a first arithmetic operation having at least one of a single input bit, a single output bit, or a single output bit-string that is vulnerable to a fault injection attack. The protocol includes: performing a first arithmetic operation to determine a first output; performing a second arithmetic operation to determine a second output, the second arithmetic operation being a variant of the first arithmetic operation; and comparing the first output and the second output, and if the comparison is incompatible, outputting an invalidity condition, otherwise, outputting the first output.

Abstract: An information processing apparatus performs control to make a transition to a power-saving state, confirms whether a program stored in the information processing apparatus is authentic, in association with the transition to the power-saving state, and stores the program confirmed to be authentic in a volatile memory during the power-saving state.

Abstract: A security system within a digital network receives a request to access a feature of the digital network from a remote computing device. The security system obtains obtains characteristic data corresponding to the remote computing device and generates a security score corresponding to the remote computing device based at least in part on the characteristic data. The security system compares the security score to an access threshold, allowing the remote computing device to access to the feature of the digital network if the security score exceeds the access threshold.

Abstract: A method and apparatus for facilitating communication between a client and a proxy server. A message is received from a client at a gateway. The message includes a uniform resource identifier that references an interface associated with a resource. The gateway transforms the uniform resource identifier into a context resource identifier that also references the interface. The gateway performs an initial authorization check for the client and a user of the client with respect to the interface. The gateway inserts the context resource identifier into the message to form a modified message in response to a successful initial authorization check. The gateway sends the modified message to the proxy server.

Abstract: A technique for connecting a user device to a service. The device sends a request to connect to the service, a user identifier of the device from a trusted entity being associated with the request. The trusted entity sends a reply to the request back to the device. This reply includes data about a uniform resource locator associated with the service and a single-use code and is sent to a contact address associated with the user identifier from the trusted entity. The device then sends a request to access a page of the service, the address of which corresponds to the data, the received single-use code being associated with the access request. Connection to the service is authorized for the service identifier associated with the user identifier from the trusted entity, when a single-use code received from a server implementing the service, in combination with a service identifier request, is valid.

Abstract: A malicious communication log detection device compresses first character strings representing characteristics of a communication log that is known to be malicious or benign, and second character strings obtained by coupling the first character strings with a character string representing a characteristic of a target communication log. The malicious communication log detection device calculates a score for determining whether the target communication log is malicious or benign based on a data size of the compressed first character strings and a data size of the compressed second character strings. The malicious communication log detection device determines whether the target communication log is malicious or benign based on the calculated score and a predetermined parameter.

Abstract: Current systems for data authentication, such as in the course of financial transactions to comply with anti-money laundering and know-your-customer legislation, are burdensome and inefficient for banks and their clients. A platform of some embodiments provides a system for utilizing distributed ledger technologies, such as a blockchain data structure residing on a distributed ledger. A client may use this blockchain data structure to register the client's personal information in a data object that then may be routed to specific identified trusted individuals who verify that the information in the data object is correct. Once verification is complete, the client or other trusted individuals may use the data object as necessary to register the client for various programs or services, such as additional bank services.

Abstract: A method for controlling exposure of sensitive data though a logging system is provided. The method comprises: upon receiving a request by the request handler, determining sensitive data as part of the request by applying a rule, converting the data into a transformed format, and registering the data together with a related data field label with a log handler. Then, upon receiving by the log handler a log entry, converting each expression of the log entry into the transformed format, and comparing each transformed expression with each of the sensitive data in the transformed format. Upon determining a match of one of the transformed expressions with one of the sensitive data in the transformed format, the method comprises issuing an alert indicating that the log entry comprises sensitive data.

Abstract: A method and system of identifying a computing device vulnerability is provided. Social media communication is monitored. Social media threads that are related to a vulnerability, based on the monitored social media communication, are identified, filtered, and categorized into one or more predetermined categories of computing device vulnerabilities. Upon determining that a number of social media posts related to the vulnerability is above a first predetermined threshold, one or more dependable social media threads in a same one or more categories as the vulnerability are searched. One or more possible root causes of the vulnerability are determined from the searched dependable social media threads. A validity score for each of the one or more possible root causes is assigned. A possible root cause from that has a highest validity score that is above a second predetermined threshold is selected to be the root cause of the vulnerability.