Abstract: A system includes an environment-aware storage drive comprising one or more storage medium with a location-based service wherein the environment-aware storage drive generates a signal containing information about a location of the storage drive relative to a geo-fenced area and updates a ledger unit of an event happening to the storage drive based on the signal, wherein the event is related to the current environment of the storage drive. The ledger unit keeps track of a number of events and/or data received from the environment-aware storage drive. A policy unit determines an expandable set of security policies for the storage drive triggered by the event and/or data, wherein the security policies specify access restrictions to the environment-aware storage drive based on its current environment. The policy unit transmits and enforces the set of security policies on the environment-aware storage drive to prevent data from being theft from the storage drive.

Abstract: Computer-implemented method and system of generating an authentication seal. The method includes receiving, at a memory of an authentication agent server computing device, a data record submittal from a client agent having an associated client signing key and a client verification key, the data record submittal including at least an identifier (R-ID) and at least one of a data record and a record hash (R-HSH) of the data record, the R-ID being uniquely associated with the data record; associating, using the one or more processors, the at least one of the data record, the R-ID, the R-HSH and a client signature with a unique identifier (B-ID) of a location within an immutable storage medium, the client signature based on at least one of the client signing key and the client verification key; and generating, using the one or more processors, an authentication seal based at least in part upon the at least one of the data record and the R-ID, the R-HSH and the B-ID.

Abstract: Systems and methods for detecting replay attacks on a biometric-based authentication system are disclosed herein. In some embodiments, the method includes generating a command set causing a fingerprint sensor to sequentially conduct a scan of pixels in the fingerprint sensor, wherein the command set includes one or more replay attack detection commands causing the fingerprint sensor to capture replay attack detection data, sending the commands to the fingerprint sensor, receiving fingerprint data, and evaluating the fingerprint data for the replay attack detection data. In some embodiments, the one or more replay attack detection commands include repeating the scan of a selected row of pixels, providing insufficient bias to a selected row of pixels, and/or providing too much bias to a selected row of pixels. In some embodiments, the replay attack detection commands are randomly generated for each scan. Various other aspects of the technology are described herein.

Abstract: A method of score generation from validated secured data includes storing, in a requestor-linked data store, at least an encrypted data record from a requestor, the requestor-linked data store including a local database and a multi-nodal secure datastore, receiving a data access request including a unique key associated with a requestor, locating, in the requestor-linked data store, at least an encrypted data record as a function of the data access request, determining that the requestor is authorized to access the at least an encrypted data record, as a function of the unique key, decrypting the at least an encrypted data record based on the determination that the requestor is authorized to access the data record, calculating a talent and risk calculation score.

Abstract: An example operation may include one or more of determining, by a file redaction device, redacted segments of a source file, receiving, by a signature update device, the redacted source file segments, a stored trapdoor key, and stored auxiliary data segments, determining modified auxiliary data from the redacted source file segments, the trapdoor key and the auxiliary data segments, executing chaincode to obtain a modified auxiliary data signature and identifiers of the redacted source file segments, and storing the modified auxiliary data signature and identifiers of the redacted source file segments to a shared ledger of a blockchain network. Each stored auxiliary data segment including a random string of data corresponding to a segment of the source file.

Abstract: Systems and methods are provided for determining an access request provided by an application that seeks to interact with one or more backend systems through a computing system. One or more predefined restrictions can be enforced on the application, the computing system, or the one or more backend systems.

Abstract: An object is to provide a surveying instrument and system to manage instrument setting and usage data for each personal user. The surveying instrument includes a personal authentication sensor, a control unit, and a storage unit. A personal information registration unit of the control unit acquires personal authentication information from the sensor and stores the personal authentication information in a personal identification information database of the storage unit in association with user information. A personal authentication execution unit of the control unit identifies a user based on whether authentication data acquired by the sensor matches personal authentication information stored in the personal identification information database. A personal setting application unit of the control unit refers to a personal setting information database in the storage unit, and when finding instrument setting saved by the authenticated user, applies the instrument setting and starts the surveying instrument.

Abstract: A system and method enabling an entity to prove its identity and provide authentic documents/data/information therein at any time required based upon data retrieved from an independent cryptographically verifiable source (ICVS) through a secured channel is disclosed. The system enables a virtual and secure browser on a user computing device allowing a user to login and retrieve authentic information pertaining to the user from the ICVS in a verifiable and untamperable manner. The retrieved information is bounded with origination information of the ICVS and the bounded information is provided to relying entities as authentic information for verification. Also, cryptographic value of the authentic information can be stored in an immutable storage such as blockchain, so that the cryptographic value is used by the relying-party to validate integrity of the authentic information.

Abstract: A method is disclosed. The method includes receiving, by a server computer from a resource provider computer, interaction data comprising a user identifier, a resource provider identifier, and a resource identifier. The interaction data is associated with an interaction between a resource provider and a user. The server computer can then determine a set of attribute types specifically associated with the resource provider identifier and the resource identifier. The server can then determine a set of user attributes associated with the set of attribute types using the user identifier. The server computer can then execute a query comprising one or more questions on the set of user attributes to determine if the one or more questions are satisfied. Next, if the one or more questions are satisfied, then the server computer can perform additional processing associated with the interaction.

Abstract: A technology is presented for controlling the distribution of a data item. A data set is stored at a data storage (16) and comprises a first file identifier and a first encrypted data item generated by an encryption using a first public key. A blockchain comprises the first file identifier paired with a first recipient identifier identifying one or more allowed first recipients, each having the first recipient identifier and a first private key matching the first public key. The method is performed by a second terminal (12) being an allowed first recipient and the method comprises: identifying (102) the first file identifier in the blockchain using the first recipient identifier, sending (106) a request containing the first file identifier to the data storage (16) for downloading of the first encrypted data item, receiving (116) the first encrypted data item from the data storage (16), and decrypting (118) the first encrypted data item using the first private key.

Abstract: A method for providing a locked electronic item includes receiving a selection of an electronic lock and the electronic item from a first computing device associated with a sender. The electronic lock includes a lock clue and a lock solution. The method includes determining an answer input field configuration that includes a number of input boxes and spaces that may be arranged to correspond to the lock solution. The method includes transmitting the lock clue and the input field configuration to a second computing device associated with a recipient for display by the second computing device and receiving an attempted lock solution from the second computing device. The method further includes transmitting the electronic item to the second computing device for display or use by the second computing device in response to determining that the attempted lock solution matches the lock solution.

Abstract: Nodes determine a first measure of difficulty for a first branch of a split blockchain and a second measure of difficulty for a second branch of the split blockchain. The first measure of difficulty is based on a measure of block generation frequency of each node that mined for the split blockchain during a window that comprises blocks of the first branch. The second measure of difficulty is based on a measure of block generation frequency of each node that mined for the split blockchain during a window that comprises blocks of the second branch. One of the first branch and the second branch is identified as a legitimate branch based on a comparison of the first measure of difficulty and the second measure of difficulty.

Abstract: A device is configured to perform a method that detects a trigger marker for an action corresponding to a segment of a multimedia signal. A fingerprint is generated based on the segment of the multimedia signal at a trigger time point. The generated fingerprint is stored in a database and communicated to the device. During playback of the multimedia signal, fingerprints of segments of the multimedia signal are generated and matched against fingerprints in the database. When a match is found, one or more associated actions for the segment are retrieved by the device. The trigger time point may be determined as a time point near or at the segment of the multimedia signal with the matched fingerprint. In this way, trigger markers for actions may be enabled without modifying the multimedia signal.

Abstract: Systems and methods are provided for sharing maps in a collaborative environment using classification-based access control. The generation of and dissemination of maps and/or data within such maps can be governed by classification-based access control, where a user's classification level can determine whether or not maps and/or data within those maps can be seen. In scenarios whether a plurality of users wishes to collaborate on the same map, the systems and methods provided herein generate multiple versions or views of the same map in accordance with different classification levels. In this way, users with different classification levels can nevertheless see the same map and engage in collaborations regarding the same map, while maintaining control of sensitive data.

Abstract: A device receives a first data item. The device stores the first data item in non-volatile memory. The device subsequently receives a second data item, where the second data item was previously generated from the first data item and a cryptographic key. The device performs a function such as, for example, an exclusive-or operation on the first data item and the second data item to generate the cryptographic key. The device uses the generated cryptographic key to encrypt data which may be transmitted over a wireless interface.

Abstract: Examples disclosed herein relate to receiving a record of a data transaction between two participants, creating a ledger entry associated with the record of the data transaction, appending the ledger entry to a subset of a plurality of partial ledgers associated with a blockchain, and updating a table of contents associated with each of the plurality of partial ledgers associated with the blockchain.

Abstract: A computer-implemented certificate verification method includes: obtaining, by a certificate verification module, at least two images of a certificate, in which the at least two images are acquired under different acquisition conditions; obtaining, from the at least two images, at least two target images that correspond to respective images of the at least two images and that each include an image of a light-reflective coating of the certificate; and determining, based on the at least two target images, a probability that the certificate is an original.

Abstract: A method, system and computer-usable medium for performing a security analysis operation within a security environment, comprising: monitoring electronically-observable user behavior about a particular entity; maintaining a state about the particular entity, the state representing a context of a particular event; converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior; generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior; and, analyzing the event using the state of the entity and the user behavior profile.

Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.

Abstract: The present disclosure includes a feedback framework that receives feedback for a component of an information technology platform. The component includes the feedback framework, the information technology platform, a software application, a web browser, a client device, a client instance, or a virtual server. The feedback framework obtains context information associated with the feedback. The context information includes a system log, a screenshot, a web address of a web browser of the client device, version information, and/or the like. The feedback framework also determines an identity of the component by executing a handler. The feedback framework then determines a notification to send based on the identity of the component, and sends the notification with the feedback and the context information.