Abstract: A communication system is provided, including a plurality of terminal devices and a root certification authority. Each of the plurality of terminal devices includes a certification authority key generation unit, a certification authority public key certificate acquisition unit that acquires a certification authority public key certificate, a certification authority key storage unit, a transmission unit, and a verification unit that verifies the certification authority public key certificate with a root certification authority public key certificate, and verifies a user in a case where the verification succeeds. The root certification authority includes a root certification authority key storage unit, a communication unit, and a certification authority public key certificate generation unit that generates the certification authority public key certificate by encrypting the certification authority public key with the root certification authority secret key.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based infringement evidence storage are provided. One of the methods include: obtaining a request for collecting evidence of infringement by an online resource, wherein the request comprises an address of the online resource; obtaining the evidence of infringement from the address of the online resource; storing verification information of the evidence of infringement on a blockchain; and storing the evidence of infringement in a cloud storage space.

Abstract: An apparatus and method for supporting bidirectional communication using unidirectional communication.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for identifying false positives in malicious domain data using network traffic data logs. Example methods may include determining a first domain name identifier in a set of domain name identifiers classified as malicious, determining a first IP address associated with the first domain name identifier, and determining first virtual private cloud (VPC) flow log data that corresponds to historical network traffic associated with the first IP address. Certain methods may include determining second VPC flow log data that corresponds to historical network traffic associated with a second IP address that is classified as non-malicious, determining, using the first VPC flow log data and the second VPC flow log data, that the first VPC flow log data is non-malicious, and determining that the first domain name identifier is to be classified as non-malicious.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for securely performing cryptographic operations. One of the methods includes receiving biometric information associated with a user and a request to perform one or more cryptographic operations based on one or more cryptographic keys stored in a memory of an identity cryptographic chip (ICC); comparing the biometric information associated with the user with biometric information pre-stored in the memory of the ICC as pre-stored biometric information; and in response to determining that the biometric information matches the pre-stored biometric information, authorizing the one or more cryptographic operations to be performed.

Abstract: A mechanism for flexibly securing data is discussed. A data entry device analyzes data from a user with respect to a security industry whitelist and an originator list and an analysis result controls a masking level of the data. The security industry whitelist references types of data that is not subject to industry-defined encryption standards. The originator list references data originators that produce data requiring non-standard handling. The data from the user is transmitted to and further examined for non-compliance with a pre-defined criteria at a computing device.

Abstract: Multiple, separately administrated computer systems storing slices of the cipher text of a Personally Identifiable Information (PII) data item that is represented by a token. The token is used as a substitute of the data item. The data item is encrypted using a public key. To recover the data item, a complete set of the slices is retrieved from the separate computer systems and decrypted using the private key corresponding to the public key. Instances and circumstances of the usages of the data item can be recorded under the token in a blockchain ledger in connection with the retrieval and/or decryption of the cipher text. A data item owner may use the data item and the public key to recreate the cipher text, retrieve the token stored with the cipher text in the separate computer systems, and then query the ledger for a usage history of the data item.

Abstract: An approach is provided for securing data. A concept associated with a domain is identified as a concept of data in a first call. The identified concept is associated to policies. Based on (i) a determination that attribute names of the data in a second call match a second concept associated with the domain and (ii) a match between a pattern and field values of the data, the second concept is identified as the previously identified concept associated with the first call and an inference score is determined. Based on the inference score exceeding a threshold and the second concept being associated with the policies, the second call is blocked, thereby securing the data according to the policies, before a completion of a transaction that includes the second call, and without requiring a validation of the second concept by a human administrator.

Abstract: Disclosed is a mobile terminal having a security function. The mobile terminal having a security function according to the present invention comprises: a case unit having a keypad for inputting data; a substrate unit, disposed inside the case unit, having a data input switch part operated by a keypad; and a tamper-resistant unit, disposed between a keypad and the data input switch part, having a tamper-proof conductive track part electrically connected to the substrate unit, wherein the tamper-proof unit includes a switch shielding part for shielding the data input switch part, and a connecting part for connection, connected to the switch shielding part and electrically connected to the substrate unit.

Abstract: A computer-implemented method for information protection comprises: determining one or more data inputs and one or more data outputs for a transaction, wherein the data inputs are associated with input data types respectively, and the data outputs are associated with output data types respectively; encrypting the input data types and the output data types; committing each of the encrypted input data types and the encrypted output data types with a commitment scheme to obtain corresponding commitment values; obtaining at least a parameter R based at least on the commitment values; and submitting the transaction to one or more nodes in a blockchain network with disclosure of the parameter R and without disclosure of the input data types and output data types for the nodes to verify consistency between the input data types and the output data types.

Abstract: Provided is a method for blockchain-based recordkeeping and implementable by a terminal device. The method comprises: obtaining target data; computing a data digest of the target data, and extracting a key segment from the target data; signing, in a secure operation environment included in the terminal device, the data digest and/or the key segment based on a private key associated with the terminal device to generate a signature; and submitting to a blockchain the data digest, the key segment, and the signature, for one or more nodes in the blockchain to verify the signature based on a public key corresponding to the private key, and to record the data digest and the key segment in the blockchain in response to the signature being verified to be valid.

Abstract: A communication session may be broken up into many smaller packet bundles over many tunnels and over different routes in order to obfuscate the entire data stream. Apparatuses may dynamically build hop-by-hop tunnels in a backbone telecommunications network, segment data into packet bundles at the customer edge, or break up data traffic of a communication session along multiple routing or switching paths in order to obfuscate the data traffic of the communication session.

Abstract: A computer-implemented method includes producing information that characterizes a group of individuals from a set of private data representing characteristics of the individuals. The identity of the individuals is unattainable from the produced information. The method also includes providing the produced information to report the characteristics of the group.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based infringement evidence storage are provided. One of the methods include: obtaining a request for collecting evidence of infringement by an online resource, wherein the request comprises an address of the online resource; obtaining the evidence of infringement from the address of the online resource; storing verification information of the evidence of infringement on a blockchain; and storing the evidence of infringement in a cloud storage space.

Abstract: Secure network communications are described. In one aspect, a secure network can include a passbuilder that provides policy information related to performance characteristics of the secure network. A sender can receive the policy information and transmit packets to a receiver if the policy information is complied with by the potential packet transmission.

Abstract: A user can share (show) multimedia information while simultaneously communicating (telling) with one or more other users over a network. Multimedia information is received from at least one source. The multimedia information may be manually and/or automatically annotated and shared with other users. The multimedia information may be displayed in an integrated live view simultaneously with other modes of communication, such as video, voice, or text. A simultaneous sharing communication interface provides an immersive experience that lets a user communicate via text, voice, video, sounds, music, or the like, with one or more other users while also simultaneously sharing media such as photos, videos, movies, images, graphics, illustrations, animations, presentations, narratives, music, sounds, applications, files, and the like. The simultaneous sharing interface enables a user to experience a higher level of intimacy in their communication with others over a network.

Abstract: A user may view a device with augmented reality glasses which may have a camera that views and collects data on the screen of the user device. When the user desires to access an account for which multifactor authentication is required, a one-time password may be sent to the user. The glasses may recognize the one-time password and determine if the one-time password originated from the user device. If the glasses verify that the one-time password originated from the user based on context of the user device display or the geographic locations of the devices, then the glasses will send the password to the service associated with the one-time password. The glasses may send the password back to the user device, send it to an intermediate server, or send it directly to the server associated with the service that provided the one-time password.

Abstract: A transcoding service is described that is capable of transcoding or otherwise processing content, such as video, audio or multimedia content, by utilizing one or more pipelines. A pipeline can enable a user to submit transcoding jobs (or other processing jobs) into an available pipeline, where a transcoding service (or other such service) assigns one or more computing resources to process the jobs received to each pipeline. The transcoding service and the pipelines can be provided by at least one service provider (e.g., a cloud computing provider) or other such entity to a plurality of customers. A service provider can also provide the computing resources (e.g., servers, virtual machines, etc.) used to process the transcoding jobs from the pipelines.

Abstract: Disclosed herein are system, method, and computer program product embodiments for storing files in a storage location that is associated with an image object that is displayed in a real-time view on a mobile device. Examples of an image object include physical objects and augmented objects. Display of the real-time view includes the image object as well as interfaces for interacting with the image object including creating a storage location associated with the image object. Moreover, security features may be based on using information associated with the image object to securely store the file, either locally on the mobile device or over a network (e.g., at a cloud-based location) using the mobile device.

Abstract: Embodiments of the invention include techniques for implementing a network security framework for wireless aircraft communication, where the techniques include receiving a key index sequence over a first communication link, and transmitting a subset of the key index to one or more nodes. The techniques also include generating a random encryption key based at least in part on the subset of the key index sequence, encrypting data using the random encryption key, and transmitting the encrypted data over a second communication link.