Abstract: Techniques related to vulnerability assessment based on machine inference are disclosed. A vulnerability assessment server may receive, from a client device, a set of metadata corresponding to a program stored on the client device. Further, the vulnerability assessment server may extract a program name from the set of metadata. Still further, the vulnerability assessment server may determine one or more vulnerabilities of the program based on searching for the program name in one or more storage systems that maintain sets of vulnerability data.

Abstract: Techniques are described herein for dialog-based enrollment of individual users for single- and/or multi-modal recognition by an automated assistant, as well as determining how to respond to a particular user's request based on the particular user being enrolled and/or recognized. Rather than requiring operation of a graphical user interface for individual enrollment, dialog-based enrollment enables users to enroll themselves (or others) by way of a human-to-computer dialog with the automated assistant.

Abstract: Techniques are described herein for dialog-based enrollment of individual users for single- and/or multi-modal recognition by an automated assistant, as well as determining how to respond to a particular user's request based on the particular user being enrolled and/or recognized. Rather than requiring operation of a graphical user interface for individual enrollment, dialog-based enrollment enables users to enroll themselves (or others) by way of a human-to-computer dialog with the automated assistant.

Abstract: The present invention relates to a device having a central processing unit, RAM memory and at least two hardware elementary operations, using registers of greater size than the one of the central processing unit, said device being such that construction of at least one part of RAM memory is managed only by the hardware elementary operations, hardware elementary operations themselves and masking of inputs/outputs/intermediary data are monitored by software instructions, said software instructions being able to address different cryptographic functionalities using said hardware elementary operations according to several ways depending on each concerned functionality, said software instructions being further able to address several levels of security in the execution of the different functionalities.

Abstract: This document describes a system and method for a device to communicate efficiently and securely with another device by utilizing two different types of schemes for the generation of data to be transmitted and the handling of received data.

Abstract: A device including an unlocking system includes a sensing device to gather data of a physical movement of a user's body or part as representing an unlocking action. The unlocking system includes a display module, a password setting module, an identifying module, a determining module, and an unlocking module. The display module displays an unlock interface on a display screen which itself can view the user's eyes. The password setting module has a preset unlocking password and the movement can be determined as representing an unlocking action. The correctness of such unlocking action as a password can be determined by the determining module. The unlocking module can unlock all or some functions of the electronic device when the password offered is found correct. Different unlock interfaces can be displayed depending on different geographical locations. An electronic device and a unlocking method are also disclosed.

Abstract: Techniques disclosed herein permit bundled web applications to be extended at runtime. In particular, the functionality of a container application that is a bundled web application may be extended by extensions that are also bundled web applications. To enable such extensibility, the container application registers reusable portion(s) of its code in a global context during a bootstrapping sequence of the container application. Thereafter, extensions that are loaded may access and utilize the registered portion(s) of code, as if those extensions had been bundled together with the rest of the container application. In addition, extensions may be managed using scoping and/or permissions that control access to the extensions based on the container application mode that the extensions can be used with and white lists of users who are allowed to use the extensions, respectively.

Abstract: A VPN box is connected upstream of a field device. The VPN box uses a secret cryptographic key of the field device for authentication when setting up a VPN tunnel and/or when setting up a cryptographically protected communication link.

Abstract: A computer-implemented method includes scanning data maintained on multiple social networks, where, scanning includes identifying a first set of data that is associated with a protected social entity. Scanning data maintained on one or more additional platforms, where, scanning includes identifying a second set of data that is associated with the protected social entity. Scanning data is performed on a continuous basis without user initiation. One or more characteristics of the first set and second set of identified data are determined, and a reference to the identified data, that indicates the characteristic, is generated for each of the one or more characteristics. The one or more generated references of the first set of identified data is compared to the one or more generated references of the second set of identified data. A correlation score is determined based on the comparison, and a threat level indicator is generated based on the determined correlation score.

Abstract: An Autonomous Exchange via Entrusted Ledger (AXEL) blockchain is discussed herein. The AXEL blockchain enables users to perform transactions in a private setting while enabling the transaction records thereof to be verified by other network users without publicly divulging the contents or details of the transaction records. The token identification system and method allows the tokens to carry an immutable identification to prevent negative blockchain occurrences such as double spending. A payment methodology allowing integration of external financial institutions with user owned and managed wallet.

Abstract: An access management system including a server is provided. The server receives, from a client device, a request to log into the server with first information specifying identifying a user that has logged into the client device and second information specifying the client device. The server authenticates the client device using the second information and accesses a service provided by an external apparatus and receive a token for accessing the service. The server associates, in memory, the first information with the received token to enable subsequent access to the service, by the server.

Abstract: A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.

Abstract: Embodiments of the present invention provide systems and techniques for changing cryptographic keys in high-frequency transaction environments to mitigate service disruptions or loss of transactions associated with key maintenance. In various embodiments, a server device can employ a working key encrypted with a first master key to decrypt messages being communicated from a client device, whereby each message is encrypted with a first cryptogram that was generated based on the working key encrypted with the first master key. While the working key encrypted with the first master key is being employed, the server device can generate a notification including a second cryptogram generated based on the working key encrypted with a second master key for transmission to the client device. The transmitted notification can cause the client device to encrypt the messages being communicated with the second cryptogram.

Abstract: A server includes a memory and a message processor. The memory stores a data record that includes a credential stored in association with an access restriction indicator, and further includes a cryptographic key. The processor is configured to receive from a network device an access request that includes the credential and a token. The token includes a first data layer and a second data layer that incorporates the first data layer and is encrypted with the cryptographic key. The processor is configured to determine that, prior to the access request, the credential was stored in the data record in association with the access restriction indicator; recover the first data layer from the token by (i) locating the cryptographic key in the data record, and (ii) decrypting the second encrypted data layer with the cryptographic key. The processor is configured to provide the network device with the first data layer.

Abstract: A method for de-identifying protected health information (PHI) associated with electronic medical records (EMRs) based on a common analysis structure (CAS) is provided. The method may include detecting a system event associated with a system comprising the EMRs. The method may further include in response to detecting the system event, detecting a first CAS associated with the EMRs. The method may further include extracting first CAS data associated with the first CAS, wherein the first CAS data comprises unstructured data associated with the EMRs and normalized annotations based on CAS objects that are associated with the unstructured data. The method may further include obfuscating the unstructured data associated with the first CAS. The method may also include generating a second CAS comprising the obfuscated unstructured data and a copied version of the normalized annotations, wherein the copied version of normalized annotations are correlated with the obfuscated unstructured data.

Abstract: Systems, methods, and computer-readable media for facilitating an authentication processing service are provided.

Abstract: Systems and methods for account access/identity verification based on access to a third party account. In various embodiments, the disclosed system facilitates access to a particular account via verification of the identity of the accessing user through control of a third party account. That is, in one embodiment, the system allows a user to access an account if the user can prove that he/she also has access to another account (e.g., via providing a code to the system that was transmitted to the other account).

Abstract: Apparatus to enforce network policy based on identity authentication at a network endpoint device by offloading the authentication to a network attached authentication devices is disclosed. The authentication device may use Statistical Object Identification to perform the authentication. The present invention greatly reduces the resources needed by the network endpoint device to perform the authentication and eliminates the topological restrictions found in traditional network appliance based approaches.

Abstract: In a blockchain transaction acceleration system, receive a first transaction sent through a first node in a blockchain. At least one second transaction that is a duplicate of the first transaction is received in the blockchain transaction acceleration system, where the at least one second transaction sent by the first node to at least one second node in the blockchain is different from the first node. The blockchain transaction acceleration system executes a first-received transaction among received transactions that include the first transaction and the at least one second transaction. Upon determining, by the blockchain transaction acceleration system, that remaining transactions of the received transactions are identical to the first-received transaction, discarding the remaining transactions.

Abstract: In a blockchain transaction acceleration system, receive a first transaction sent through a first node in a blockchain. At least one second transaction that is a duplicate of the first transaction is received in the blockchain transaction acceleration system, where the at least one second transaction sent by the first node to at least one second node in the blockchain is different from the first node. The blockchain transaction acceleration system executes a first-received transaction among received transactions that include the first transaction and the at least one second transaction. Upon determining, by the blockchain transaction acceleration system, that remaining transactions of the received transactions are identical to the first-received transaction, discarding the remaining transactions.