Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

Abstract: Systems and methods for improved detection of fraud, waste, and abuse are provided, based on the analysis of enriched relationships and aggregated metrics thereof. An enriched relationship record associates patient and provider information to provide an enhanced view of patient data, provider data, and interaction data for a given entity. Aggregated metrics provide an enhanced view of a particular entity's activities based on the entity's interactions with other entities and data and metadata from the related entities' enriched relationship records. The enriched relationship records and aggregated metrics may be used to audit the entity and produce a report indicative of suspicion levels for the entity engaging in fraud, waste, or abuse.

Abstract: Techniques are described for generating response recommendation information that describes one or more response profiles, each including one or more actions that may be performed to respond to a security risk present in a deployed software module. The response recommendation information may quantify, for each response profile, a cost and a benefit due to the performance of the action(s) included in the response profile. The cost may include lost revenues or other value lost due to the action(s). The benefit may include a mitigation of the security risk.

Abstract: A data security system, and a method of operation thereof, includes a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; and a storage subsystem connected to the authentication subsystem.

Abstract: Described is a process for secure and privacy-preserving data retrieval operations in a network having a plurality of nodes. The process includes receiving a query at a querying node. The query is encrypted to generate an encrypted metadata query record. The encrypted metadata query record is transmitted to each queried node that is to be searched for data. A secure pattern matching protocol is used to search a database of metadata records to match a query answer to the metadata query record. The query answer is then encrypted. A query policy is verified for the querying node, with the encrypted answer being further encrypted based on the query policy. The further encrypted answer is transmitted to the querying node, which removes the outer layer of encryption, resulting in the original encrypted answer. The original encrypted answer is then decrypted to recover the query answer.

Abstract: A server apparatus receives unique information, encrypted information and user information from an information processing apparatus via a network interface, the unique information being information which is uniquely assigned to an image processing apparatus, the encrypted information being information into which the unique information is encrypted using a first key, and the user information being information related to a user of the image processing apparatus; decrypts the received encrypted information using a second key corresponding to the first key so as to obtain decrypted information; determines whether the decrypted information and the received unique information represent same information; and stores, in the memory, the received user information and the received unique information in association in a case where it is determined that the decrypted information and the received unique information represent the same information.

Abstract: Computerized embodiments are disclosed for keeping personally identifying information within a protected domain environment when interacting with a computerized service environment. In one embodiment, user interface commands are received from a remote computerized system of the protected domain environment at the computerized service environment via computerized network communications. A data residency protection component is generated within the computerized service environment in response to the user interface commands. The data residency protection component is configured to act as a proxy for the computerized service environment, when executed in the protected domain environment by the remote computerized system, to isolate personally identifying information from visibility or storage outside of the protected domain environment.

Abstract: Disclosed are systems and methods for selecting means for intercepting network transmissions. An exemplary method includes determining one or more rules associated with transmission of data by a device; determining one or more network transmission intercepting means that satisfy the one or more determined rules; selecting a network transmission intercepting means based on the determined one or more network transmission intercepting means; and causing transmissions by the device to be processed by the selected network transmission intercepting means.

Abstract: In many computing scenarios, an individual may choose to interact with a service in a variety of roles, and may therefore create a set of accounts respectively representing the service. However, the use of multiple accounts by the same individual may introduce considerable administrative complications (e.g., failing to update all accounts with new information results in stale and/or conflicting account information), and may reduce the efficiency and/or scalability of the service. Presented herein are techniques for enabling individuals to interact with services through various roles. Such techniques involve evaluating the individual's role determinants to identify and automatically select the individual's current role; selecting a current role profile, as a subset of the details of the individual profile that are associated with the current role, and excluding details that are not associated with the current role; and performing the service according to the current role profile of the individual.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include assigning, to multiple users, respective sets of original roles for accessing data stored on a computer system, and performing, in response to requests from the users, multiple operations on the data. While performing the multiple operations on the data, a transaction log is generated that includes a plurality of entries, each of the entries storing attributes of a given operation. Based on the entries in the log file, a respective set of learned roles for respective users is identified, and the respective sets of the learned roles are assigned to the respective users.

Abstract: A blockchain may store transactions which should were not intended to be recorded due to inappropriate content or unwanted subject matter submitted by malicious users. A method may also include one or more of identifying a blockchain transaction, processing content of the blockchain transaction to identify prohibited content, and determining whether to approve or disapprove the blockchain transaction based on the content of the blockchain transaction.

Abstract: A method for identifying similarity between query samples and stored samples in an efficiently maintained reference library may include receiving a binary query sample and processing the binary query sample via operations including producing a query sample fingerprint from the binary query sample, scoring the query sample fingerprint with each previously stored fingerprint in the reference library to produce a matching score, and for each previously stored fingerprint for which the matching score meets or exceeds a predetermined threshold, reporting a corresponding reference sample unique identifier associated with the previously stored fingerprint and the matching score. Each previously stored fingerprint in the reference library has been determined, prior to storage, as not being duplicative of another fingerprint in the reference library.

Abstract: An automated process is disclosed for improving the functionality of computer systems and electronic commerce in user identity-proofing. Steps include verifying that a user who is electronically seeking identity proofing is on an electronic directory of persons eligible for such identity proofing; creating an attest list for the user that includes associates who can vouch for his or her identity; collecting a video or other data from the user; sending the video or data to the associates and asking them for a confirmation or a disavowal of the identity of the user; deriving a biometric from the video or data upon receiving the confirmation; and saving the biometric as an identify-proofed biometric.

Abstract: In general, apparatuses, methods and computer program products for phalangeal authentication of a user are disclosed. A phalangeal authentication device is provided that is configured for capture, customization and transformation of one or more phalangeal credentials of a user. The phalangeal authentication credentials of the user are captured using phalangeal credential sensor devices. The captured phalangeal credentials are analyzed to determine an associated user activity. The user activity is initiated, automatically, in response to the successful validation of the phalangeal credentials.

Abstract: Implementations of the present disclosure involve a system and/or method for identifying and mitigating malicious network threats. Network data associated is retrieved from various sources across a network and analyzed to identify a malicious network threat. When a threat is found, the system performs a mitigating action to neutralize the malicious network threat.

Abstract: The present disclosure describes systems and methods for authenticating a called party during the initialization stage of establishing a secure telecommunication channel to provide assurances to the initiator that they are communicating with whom they intended. A first user issues a challenge that includes a nonce to one or more second user devices. The second user's secure collaboration application receives the challenge, signs the nonce included in the challenge, and sends the response with the signed nonce to the first user. The first user receives the response and determines whether the signature of the first nonce is valid. If the signature is not valid, the first user's secure collaboration application terminates the secure telecommunication. However, if the signature received in the response is valid, the first user's secure collaboration application begins exchanging encrypted telecommunication data with the second user over a secure telecommunication channel.

Abstract: A security verification apparatus using biometric information and a security verification method are described. The security verification apparatus includes a sensor configured to acquire images of biometric information of a user, and scramble the images of the biometric information by using a received key matrix. The security verification apparatus further includes an information processor configured to generate the key matrix by using a random key, transmit the key matrix to the sensor, decode data of the scrambled images received from the sensor by using the key matrix, and verify the user.

Abstract: A method for provisioning a secure container for running an application includes routing traffic between the application and a secure container service over a virtual private network, and restricting the flow of traffic to or from the application other than traffic to or from the secure container service. The method further includes providing limited name resolution for the secure container with a customized domain name system server, establishing network proxy services to filter and route approved inbound traffic to the application, and establishing outbound network proxy services to filter and route approved outbound traffic from the application.

Abstract: A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.

Abstract: A method and apparatus for issuing an incident-issued credential for an incident area network. One embodiment provides an identity server including an electronic processor configured to receive an agency-issued credential and retrieve a first set of attributes from the agency-issued credential. The electronic processor is also configured to map the first set of attributes to a scope of a service available through an incident area network. The electronic processor is further configured to generate the incident-issued credential for the incident area network including the scope and issue the incident-issued credential to a user device.