Abstract: Systems and methods for combining input data and machine learning models that remain secret to each entity are described. This disclosure can allow groups of entities to compute predictions based on datasets that are larger and more detailed collectively than individually, without revealing their data to other parties. This is of particular use in artificial intelligence (AI) tasks in domains which deal with sensitive data, such as medical, financial, or cybersecurity.

Abstract: A method for processing electronic documents comprises an iteration including: (i) applying, by a computer device, a first statistical test process to a first subset of the documents, the first statistical test process estimating whether or not content of the documents of the first subset comply with a predefined criterion; (ii) in response to a result of the first statistical test process, estimating, by the computer device, that the documents of the first subset do not comply with the criterion, selecting, by the computer device, a part of the documents of the first subset, and moving, by the computer device, the part of the documents to a second subset of the documents; and (iii) applying, by the computer device, a second statistical test process to the second subset of the documents, the second statistical test process calculating at least one statistical metric related to the documents of the second subset.

Abstract: An improved Narrowband Internet of Things device (UE) supporting resource sharing for integrated Subscriber Identity Modules (iSIM) is provided. The cost per UE is reduced by reducing the chip area and energy consumption of an integrated UICC chip therein since identical components of the modem and the iSIM are designed as shared components, whereas a hardware arbiter manages an access to THE shared components by the modem or the iSIM and prevents information leaking.

Abstract: A method for anonymizing movement data of road users equipped with a position detection device involves collecting movement data in the form of individual time- and position-related data records and transmitting the collected movement data to a backend server. At least some data records are transmitted indirectly via at least one other vehicle, or the position or time reference in at least some data records is made noisy prior to the transmission.

Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.

Abstract: Systems and methods for generating network mappings of self-executing program characteristics. For example, the system may receive a first user request to generate a mapping of a first network, wherein the mapping indicates self-executing program characteristics corresponding to each self-executing program of a first plurality of self-executing programs. In response to the first user request, the system may query the first plurality of self-executing programs to generate the mapping by identifying each self-executing program in the first plurality of self-executing programs, determining respective relationships between each self-executing program in the first plurality of self-executing programs and other self-executing programs in the first plurality of self-executing programs, and determining respective self-executing program characteristics for each self-executing program in the first plurality of self-executing programs. The system may store the mapping.

Abstract: This application relates to devices and a method to establish a secure wireless link for communication between a first and a second device over a wireless physical channel, wherein a paring protocol requires sending over the wireless channel identifying information by the first device, identifying information being data suitable for identifying the device sending the identifying information or a user thereof wherein the first device encrypts and transmits the identifying information by using a public key information of the second device and random information, the second device receives the encrypted identifying information and using private key information associated with the public key information it extracts the identifying information. The devices use a secret uniquely related to the identifying information to derive a session key and then use the session key to establish the secure wireless link.

Abstract: Methods and systems for monitoring a risk of re-identification for a dataset de-identified from a source database containing information identifiable to individuals are described. A first aspect of the disclosure relates to a method comprising: providing a graphical user interface (GUI) configured to receive as input the dataset and updates to said dataset; providing as input to the GUI the dataset; estimating a risk of re-identification for the dataset or a subset of the database; providing as input to the GUI the updates to said dataset; regularly monitoring whether the risk of re-identification for at least one of the updated dataset, the subset of the database and the updates is below a predetermined dataset risk threshold; and if the risk of re-identification has reached or exceeded the predetermined dataset risk threshold, notifying the user.

Abstract: In a method for operating a node in a blockchain network, a node in the network automatically determines whether a new block has been committed to a blockchain in the network. In response to determining that the new block has been committed, the node automatically uses a block identifier for the new block to generate a prestochanistic timing value. Also, the node automatically uses the prestochanistic timing value to determine whether to trigger a contingent operation. For instance, the node may automatically use a function that is both prestochastic and deterministic to determine a current expiration value for the node, and the node may use the current expiration value to determine whether registration for the node should be renewed. The node may automatically send a re-registration request to the blockchain network in response to a determination that registration for the node should be renewed. Other embodiments are described and claimed.

Abstract: Detecting and restricting floods of unwanted messages is implemented by cluster analysis over time intervals. Application of streaming machine learning clustering algorithms enables finding clusters of messages (P2P text messages, WHATSAPP, tweets) sharing the same content. Such clusters may be analyzed for finding out offensive messages, unwanted or spam messages, and rumors and take corrective actions as needed. The solution enables visualization of data and/or messages and identification of clusters as the solution works on the data and aggregates data into clusters over time intervals. Corrective actions may be applied on selected clusters based on visualized data clusters or by automated application of defined rules.

Abstract: Provided are embodiments that include a system configured to generate executable code with protection barrier instructions. The system includes a storage medium, the storage medium being coupled to a processor. The processor is configured to analyze code, mark one or more potentially unsafe instructions in the code, and identify one or more unsafe instructions from the marked one or more potentially unsafe instructions in the code. The processor is also configured to insert a protection barrier instruction into the code based at least in part on identifying the one or more unsafe instructions, and translate the code, responsive to inserting the protection barrier instruction. Also provided are embodiments for a computer-implemented method and a computer program product for generating executable code with protection barrier instructions.

Abstract: A new cybersecurity incident is registered at a security incident response platform. At a playbook generation system, details are received of the new cybersecurity incident from the security incident response platform. At least some of the details correspond to a set of features of the new cybersecurity incident. A set or subset of nearest neighbors of the new cybersecurity incident is localized in a feature space. The nearest neighbors of the new cybersecurity incident are other cybersecurity incidents having a distance from the new cybersecurity incident within the feature space that is defined by differences in features of the nearest neighbors with respect to the set of features of the new cybersecurity incident. A custom playbook is created for responding to the new cybersecurity incident having prescriptive procedures based on occurrences of prescriptive procedures previously employed in response to the nearest neighbor cybersecurity incidents.

Abstract: A distributed data storage system can have an attestation module that is connected to the data storage device to disconnect the device from a distributed data storage network or prevent the data storage device from being initialized into the distributed data storage network. A first security evaluation of the data storage device can be conducted with the attestation module to verify an authenticity of the data storage device. The attestation module may then disconnect the network controller from the distributed data storage network and verify an authenticity of the network controller to allow the network controller and data storage device to service a data access request from a host of the distributed data storage network.

Abstract: An operation of a facial recognition authentication process may fail to authenticate a user even if the user is an authorized user of the device. In such cases, the facial recognition authentication process may automatically re-initiate to provide another attempt to authenticate the user using additional captured images. For the new attempt (e.g., the retry) to authenticate the user, one or more criteria for the images used in the facial recognition authentication process may be adjusted. For example, criteria for distance between the camera and the user's face and/or occlusion of the user's face in the images may be adjusted before the new attempt to authenticate the user. Adjustment of these criteria may increase the likelihood that the authorized user will be successfully authenticated in the new attempt.

Abstract: An authentication system may receive a request signature corresponding to a user request to view secure user information on a user device and generate a server-side signature matching the request signature to authenticate the user device to receive the secure user information without authenticating the user. The request signature may include a device identifier corresponding to the device, a token code generated by the authentication system and stored by the user device, a timestamp corresponding to the transmission time of the request signature, and a version of the device identifier, the token code, and the timestamp encrypted using a signature key provided to the user device by the authentication system. The authentication system may generate the server-side signature using the timestamp and stored copies of the device identifier, the token code, and the signature key.

Abstract: Provided is a process for authentication of a user on a mobile device. The user of the mobile device may authenticate with the mobile device, and credentials may be conveyed to a server via a relying device. The mobile device may directly communicate credentials to the relying device. In some examples, the user of the mobile device may authenticate using the mobile device without inputting credentials on the relying device. Credentials conveyed to the server by the relying device and authenticated by the server may permit user access to the relying device or access to an online resource from the relying device.

Abstract: In a communication system, a first mediation apparatus includes a first control device. The first control device stores in a memory a correlation database correlating a mediation apparatus ID of the second mediation apparatus with a first device ID of a device. The first controller requests a management server to register the first device ID, and receives a first command from the management server. The first controller transmits a second command to the second mediation apparatus through the firewall by using a series of procedures. The second command includes second instruction information based on the second command. The first controller transmits a first response to the management server. The second mediation apparatus includes a second control device to initiate the series of procedures and transmits a third command based on the second command to the device, and transmits a second response as to the first mediation apparatus through the firewall.

Abstract: Techniques for automated system requirements analysis are disclosed. A system requirements analysis (SRA) service generates a system model that includes system requirements, at least by performing natural-language processing on a natural-language representation of the system requirements. Based at least on the system model, the SRA service performs an analysis of the system requirements against codified system requirements rules. The SRA service determines, based at least on the analysis of the system requirements against the codified system requirements rules, that the system requirements include a violation of a system requirements rule. The SRA service generates a report that identifies at least (a) the violation of the system requirements rule and (b) a suggested action to remediate the violation of the system requirements rule.

Abstract: A gateway of a vehicle is connected to a telematics control unit (TCU) and a plurality of electronic control units (ECUs). The gateway is programmed to receive a command from the TCU, the command specifying an electronic serial number (ESN) of a target ECU of the ECUs, and forward the command to the target ECU responsive to confirmation that the ESN of the target ECU is included in the web of trust.

Abstract: In some examples, a system receives information traffic communicated over a network by or with a system under test (SUT), and analyzes the information traffic to identify a potential attack point in the SUT and a technology used by the SUT. The system determines a collection of penetration tests for testing a stack comprising a plurality of layers associated with the SUT based on the identified potential attack point and the identified technology, and further based on a dynamic knowledge base that includes information relating to vulnerabilities and threats.