Abstract: A device determines that a data breach of an application has been reported and determines that an individual has an account with the application based on identifying an association between an application identifier and a username the individual uses to access the application. The device receives, from a user device associated with the individual, password information used to access the application. The device uses the password information and usernames for a group of applications with which the individual has accounts to perform a login procedure for the group of applications to determine that login information for one or more of the applications includes the password information used to access the application affected by the data breach. The device provides, to the user device or another device, a recommendation to change the password information used to access the application and the one or more applications.

Abstract: Methods, systems, and computer programs encoded on computer storage medium, for verifying, by a mask ROM of a CPU of a first computing device and with fused keys included by the CPU, a boot loader that is included by a flash memory of the first computing device, in response to verifying the boot loader, verifying, by the boot loader and with boot loader keys included by the flash memory, a kernel included by the a memory device of the first computing device, in response to verifying the kernel, decrypting, by the kernel using a hidden root key (HRK) included by the CPU of the first computing device, a device unique certification (DUC) included by the flash memory, in response to decrypting the DUC, generating, by the first computing device, a proof-of-possession of the DUC.

Abstract: It is an object to provide a computer system, a license management method, and a program capable of effectively using owned licenses and improving the convenience. A computer system that manages licenses of an application acquires a number of owned licenses, calculates a number of unused licenses which are not currently used, determines a number of rentable licenses from the calculated number of unused licenses, and provides the determined rentable licenses. Further, the computer system stores the number of rentable licenses and a rental period of the rentable licenses in association with each other, and provides the rentable licenses during the rental period. Furthermore, the computer system provides a minimum number of licenses among numbers of rentable licenses in the rental period.

Abstract: A method for use in a hybrid network ecosystem comprising an enterprise network and a reconciliation network, the method comprising generating, by at least one first computing node in the enterprise network or the reconciliation network, a first digital facilitator, wherein the first digital facilitator enables a first device to use a private key to access data associated with a distributed ledger operation. The method also comprises transmitting, via the reconciliation network, the data from the first computing device to a second computing device, wherein the first computing device and the second computing device are connected via the reconciliation network.

Abstract: A secure multi-party computation implements real number arithmetic using modular integer representation on the backend. As part of the implementation, a secret shared value jointly stored by multiple parties in a first modular representation is cast into a second modular representation having a larger most significant bit. The parties use a secret shared masking value in the first representation, the range of which is divided into two halves, to mask and reveal a sum of the secret shared value and the secret shared masking value. The parties use a secret shared bit that identifies the half of the range that contains the masking value, along with the sum to collaboratively construct a set of secret shares representing the secret shared value in the second modular format. In contrast with previous work, the disclosed solution eliminates a non-zero probability of error without sacrificing efficiency or security.

Abstract: A device may obtain information identifying a base application. The device may extract a set of sub-application artifacts associated with the base application based on structural information associated with the base application. The device may define a set of metadata attributes associated with the set of sub-application artifacts associated with the base application. The device may generate a set of hash tuples for the set of metadata attributes associated with the set of sub-application artifacts associated with the base application. The device may generate a base composite identity of the base application based on the set of hash tuples. The device may store the base composite identity in a blockchain and in connection with storage of the base application in the blockchain to enable subsequent identification and verification of the base application.

Abstract: A wireless node for use in a network of wireless nodes, for performing a localization to determine a location of a mobile device based on respective beacon signals transmitted wirelessly between the mobile device and each of a plurality of the wireless nodes. The first wireless node is configured to: wirelessly transmit or receive the respective beacon signal for use in determining the location of the mobile device; and wirelessly transmit information vouching for one or more others of the wireless nodes as being trusted for use in the localization. This information is transmitted to a device performing the localization (e.g. the mobile device), for use in identifying one or more rogue versions of said wireless nodes.

Abstract: Medical devices, systems, and methods related thereto having hierarchical restrictive access schemes are provided. Such medical devices, systems, and methods may include an in vitro analyte monitoring device, an in vivo analyte monitoring device, and/or a drug infusion device having, among other features, hierarchical permission schemes allowing individual access levels thereto.

Abstract: A cryptographic ASIC and method for autonomously storing a unique internal identifier into a one-time programmable memory in isolation by a foundry. The identifier may be determined by calculating a transformed hash of a predetermined input, and may serve as a cryptographically defined and verifiable CpuID for a particular ASIC instance. The CpuID may be derived from an input based on a manufacture date, a wafer lot number, a wafer number, row and column coordinates for a die on a wafer, or other foundry-defined data. The CpuID enables a given ASIC instance to be securely and remotely identified across an untrusted network, and to serve as a specified processor that originates an information stream or a message. The ASIC need not always perform high-speed calculations and so may be relatively simple and inexpensive, and in one embodiment serves as a secure data administrator that manages subscriptions and software updates.

Abstract: A blockchain may store transactions which should were not intended to be recorded due to inappropriate content or unwanted subject matter submitted by malicious users. A method may also include one or more of identifying a blockchain transaction, processing content of the blockchain transaction to identify prohibited content, and determining whether to approve or disapprove the blockchain transaction based on the content of the blockchain transaction.

Abstract: A method includes: receiving a request regarding access by a first computing device (e.g., a mobile device of a user) to a service; in response to the request, performing, by a second computing device (e.g., a device risk evaluation server, or a server of an identity provider), an evaluation that includes creating a fingerprint of the first computing device; and determining, by the second computing device, whether the fingerprint matches a fingerprint of one or more other computing devices. The second computing devices determines whether to authorize access to the service based on the evaluation.

Abstract: Disclosed are a method and system of storing a record of a copyright event in a blockchain through an agent. Devices of some work service providers operating work-related services can serve as member nodes to form a consortium blockchain network. Each work service provider broadcasts copyright events generated based on its work-related services to the consortium blockchain network, so all the work service providers perform blockchain-based distributed storage. In addition, the plurality of member nodes include at least one agenting member node; each agenting member node has a right to agent copyright event record storage for a non-member node corresponding to the agenting member node.

Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.

Abstract: A method for detecting a fraud attempt in a communication session may include receiving, via at least one processor, a set of data associated with a communication session between a representative of an organization and a user, tagging, via the at least one processor, one or more items of the set of data as one or more tagged data items, applying, via the at least one processor, a fraud detecting algorithm to the one or more tagged data items to determine a percent likelihood of the user attempting to defraud the representative, generating, via the at least one processor, a visualization based on the percent likelihood, and displaying, via the at least one processor, the visualization via an electronic display during the communication session.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a system and method for detecting malware using multi-stage file-typing and, optionally pre-processing, with fall-through options.

Abstract: A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.

Abstract: Methods, systems, and computer programs are presented for a self-encrypting device (SED) incorporated into a host system. In one example, the host system includes a memory, a processor, a data channel in communication with the memory and the processor, and the SED. The SED comprises an authentication subsystem, a storage subsystem that stores encrypted data that is encrypted with an encryption key provided by the authentication subsystem, a radio frequency (RF) transceiver, and a data interface in electrical contact with the data channel. The data interface is locked from sending and receiving data until the SED is unlocked by the authentication subsystem with user-authentication information received via the RF transceiver.

Abstract: Systems, methods, and software can be used to analyze security risks of a set of binary software code based on its functional context. In some aspects, a computer-implemented method comprises: receiving, by a server, a set of binary software code; determining, by the server, a functional context of the set of binary software code; determining, by the server, a security risk assessment of the set of binary software code; retrieving, by the server, a plurality of security risk assessment of other software codes having a same functional context as the functional context of the set of binary software code; comparing, by the server, the security risk assessment of the set of binary software code and the plurality of security risk assessments of other software codes having the same functional context; and generating, by the server, a security notification indicating a result of the comparing.

Abstract: Computerized methods and systems determine an entry point or source of an attack on an endpoint, such as a machine, e.g., a computer, node of a network, system or the like. These computerized methods and systems utilize an attack execution/attack or start root, to build an attack tree, which shows the attack on the end point and the damage caused by the attack, as it propagates through the machine, network, system, or the like.

Abstract: Systems and methods provide for a solution for encryption by dynamically opening multiple channels between the client and the server, where the channels include both secured (e.g., SSL/TLS and etc.) channels and non-secured channels. Non-sensitive information can be over non-secured channels, and sensitive information can be sent via the secured channels. The system can recognize whether the information is sensitive or not via the use of tags on a page or frame that delineate which information is sensitive. For instance, on a form, tags can mark off the areas of the form that may contain sensitive information, such as social security numbers, names, addresses, financial information and other private information. All the data within the tags can be considered sensitive and so be communicated to the server via a secure channel while other data can be transmitted through unsecured channels.