Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices for use in a tap and walk store are provided. In an example embodiment, the transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key. Disclosed systems allow a user to purchase items utilizing the disclosed transmitting device.

Abstract: The subject matter discloses a method and a system for securely distributing a credential and encryption keys for physical devices. The system comprises a security server and a physical device. the physical device comprises a memory module configured to store a share of the credential, a communication module configured to exchange signals, and a processing module configured to execute calculations upon request received on a wireless manner via the communication module from the security server, the calculations are transmitted to the security server to execute a multi-party computation process. The multi-party computation process outputs two shares of the credential, a first share is stored in the physical device. The physical device does not have access to the credential.

Abstract: Systems and methods as described herein may include creating and monitoring workflows in a blockchain network. A workflow may be implemented by using a smart contract or the steps in the workflow may be recorded in a distributed ledger in a blockchain network. Completion of a workflow step may be verified by identifying a blockchain transaction executed by the workflow step performer assigned to the workflow step. The blockchain transaction is associated with encryption keys of the workflow step performer assigned to the workflow step. The completion of the execution of a workflow may be verified by determining whether the status of the last workflow step is complete, and identifying a blockchain transaction associated with encryption keys of the workflow step performer assigned to the last workflow step.

Abstract: A compliance checker to verify that a device complies with a policy is described. In one embodiment, the compliance checker comprises a compliance checker agent, to initiate the compliance check, in response to receiving the request, and an encryption checker to obtain an original data and a data stored on the storage. The system further comprising a comparator to determine whether known data read from the upper driver is identical to known data read from the lower driver. The compliance checker plug-in in one embodiment verifies the compliance status of the device, based on the data from the comparator.

Abstract: Methods, apparatus, systems, and computer-readable media are provided for interactive assistant modules to safely access and provide restricted content in group contexts. In various implementations, a dialog between a first individual and an interactive assistant module may be determined to be sensorially perceivable by at least a second individual. Restricted content that is to be automatically incorporated into the dialog by the interactive assistant module may be identified. In various implementations, access to the restricted content may be controlled by the first individual. In various implementations, the restricted content may be conditionally incorporated into the dialog in response to a determination that the second individual is authorized to perceive the restricted content.

Abstract: A method, software, and system for an Digital Identity Management (DIM) system is discussed. The system facilitates the creation of a Public Key/Private Key pair based user credentials using the Trusted Execution Environment in mobile phones, and is protected by DIM app with the user's biometrics and/or a PIN code. Identity tokens representing identity attributes of the user are issued by Issuing Parties using Hardware Security Modules and stored in the DIM app on the mobile device.

Abstract: In a computer-implemented method for managing firewall flow records, firewall flow records of a virtual infrastructure including a distributed firewall are received, wherein the firewall flow records are captured according to firewall rules of the distributed firewall, and wherein the firewall flow records each include tuples and at least one field of network traffic data. Responsive to detecting a number of received firewall flow records exceeding a threshold value, it is determined whether the tuples are identical for any of the firewall flow records. Provided the tuples are not identical for any of the firewall flow records, the tuples for the firewall flow records are modified to generate modified firewall flow records. It is determined whether the tuples are identical for any of the modified firewall flow records.

Abstract: A method of providing private information on a display of an electronic device, includes identifying private information for display on the display of the electronic device, identifying attributes for display of the private information, displaying the private information utilizing the attributes identified, and during displaying the private information utilizing the attributes identified, displaying additional information utilizing alternate attributes that differ from the attributes identified for the private information.

Abstract: Duplicate processing of events registered at a root server is avoided. An electronic subscriber identity module (eSIM) server pushes, to a root server, data in the form of notification data portions indicating that commands or events need to be processed by a device. The device includes an embedded universal integrated circuit card (eUICC). The device pulls a notification list from the root server. The notification list includes one or more notification data portions. The device checks a given notification data portion to see if it represents a duplicate before communicating with the eSIM server to perform further processing related to the event. The device bases the check for duplication on an event history and/or on a hash value where the hash value is based on one or more eSIMs installed in the eUICC. The device is able to prioritize notification data portions before processing them.

Abstract: Embodiments of the present invention provide techniques, systems, and methods for remote, agent-less enterprise computer threat data collection, malicious threat analysis, and identification and reporting of potential and real threats present on an enterprise computer system. Specifically, embodiments are directed to a system that securely identifies and maps sensitive information from computers across the enterprise. Secure and sensitive information may be internally encrypted and analyzed for indicators of compromise, threatening behavior, and known vulnerabilities. The remote, agent-less collection, analysis, and identification process can be repeated periodically to detect and map additional sensitive information over time, and may delete itself after completion to avoid detection.

Abstract: The current document describes systems and methods that provide access controls in a system of interconnected services such as an online service platform. In various implementations, the system maintains contextual information associated with tokenized data. In additional implementations, data brokers authorize access to detokenized data by comparing the context of the data to the context of the service requesting the data. In yet additional implementations, the system maintains contextual information associated with requests that are processed within the system. When a request is made to a particular service, the particular service can use the identity of the requester, the context of the request, and the context of the data to determine whether the request is authorized. In some implementations, the integrity of contextual information is protected using a digital signature.

Abstract: A method, computer system, and a computer program product for identifying a phishing attack is provided. The present invention may include receiving an alert of a suspicious URL. The present invention may include making an HTTP request to the suspicious URL. The present invention may include downloading and rendering the suspicious URL content. The present invention may include producing a screenshot of the rendered suspicious URL content. The present invention may include making an HTTP request to a domain landing page. The present invention may include downloading and rendering the domain landing page URL content. The present invention may include producing a screenshot of the rendered domain landing page URL content. The present invention may include generating a score based on comparing the produced first screenshot and the produced second screenshot.

Abstract: In one aspect, a computerized method for assessing and managing information security risks in a computer system includes the step of receiving a customer security assessment. The method includes the step of obtaining a set of already-answered security assessment questions. The method includes the step of applying one or more machine learning methods to generate a strength of one or more similarities scores. The method includes the step of automatically populating one or more direct mappings between the set of already-answered security assessment questions with the other set of questions in a customer security assessment. The method includes the step of setting a baseline score for the one or more direct mappings to already-answered security assessment questions to a set of answered questions in the customer security assessment by using the strength of one or more similarities scores.

Abstract: Current security tools in the marketplace fall into different categories: Security Enforcement Tools which identify and block malicious activity, and Security Vulnerability Testing Tools which scan and identify security threats within an organisation. The disclosure describes Silently (invisible to the user) but as if it is the user, within the User's Context, Executing applications to test whether third party security products and security settings exhibit the correct behaviour. The application can continuously perform a test(s) and expects a security product to behave in a certain way, records the result of the test(s) and reports those results.

Abstract: Systems and methods for joining a device to a fabric using an assisting device include an indication to add a joining device to a fabric. If the joining device supports network-assisted fabric pairing, a first connection is established between a commissioning device and the assisting device. The assisting device also connects to a joining device. Through the assisting device, the commissioning device and the joining device establish a communication channel over which fabric credentials may be sent.

Abstract: An automated firewall-compliant customer support resolution provisioning system includes a customer support system coupled to a customer device. The customer support system receives a first secure request from the customer device that identifies an event in the customer device and, in response, sends a first secure response through a firewall subsystem to the customer device within a first timeout period enforced by the firewall subsystem. The customer support system then determines event resolution information for the event. Subsequent to the first timeout period and based on the first secure response, the customer device sends a second secure request to the customer support system requesting the event resolution and the customer support system sends the event resolution information through the firewall subsystem to the customer device within a second timeout period enforced by the firewall subsystem. The customer device then utilizes the event resolution information to address the event.

Abstract: This disclosure provides a method, performed in a client terminal (50), for enabling an establishment of a second secure session over a communication network. The second secure session is additional to a first secure session. The first secure session is established using a session establishment protocol and a transport security protocol. The method performed in the client terminal (50) comprises obtaining a session identifier of the first secure session; and obtaining a credential identifier, the credential identifier identifying a server terminal (60) of the first secure session. The method performed in the client terminal (50) comprises associating the credential identifier to the session identifier of the first secure session; and storing the session identifier and the credential identifier associated with the session identifier of the first secure session.

Abstract: Sensitive information displayed on a screen is protected against leakage and loss. A section of a bitmap containing sensitive information is defined as a protection region. A protection marker identifying the protection region is embedded into the bitmap. The defined protection region is divided into multiple sub-regions, and a separate sub-region protection marker is embedded in each sub-region of the original protection region. The defining, embedding and dividing are performed before the bitmap is copied to the screen buffer. When content that was displayed on the screen has been captured, for example by screen capturing software, the captured content is parsed. All sub-region protection markers embedded in the captured content are detected, and a real protection region in the captured content is calculated, based on information in the detected sub-region protection markers. The sensitive information in the captured content is erased.

Abstract: An API provides a frontend interface to one or more backend services. Access to an API is controlled by a set of frontend credentials, and access to the one or more backend services is controlled by a set of backend credentials. A credential-translation table maintained within the API links each backend credential to one or more frontend credentials. Links between frontend and backend credentials may be managed by an administrator of the API. The API uses the translation table to translate frontend credentials provided with an API call into backend credentials used to access backend services. The API provides users with the ability to update the backend credentials in the credential-translation table based at least in part on the frontend credentials provided by the user. The API may limit the ability to extract backend credentials to administrative users.

Abstract: A method of providing a distributed scheme for executing a RAM program, without revealing any information regarding the program, the data and the results, according to which the instructions of the program are simulated using SUBLEQ instructions and the execution of the program is divided among a plurality of participating computational resources such as one or more clouds, which do not communicate with each other, while secret sharing all the program's SUBLEQ instructions, to hide their nature of operation and the sequence of operations. Private string matching is secretly performed by comparing strings represented in secret shares, for ensuring the execution of the right instruction sequence. Then arithmetic operations are performed over secret shared bits and branch operations are performed according to the secret shared sign bit of the result.