Abstract: Various embodiments include a secure access system that provides secure group-based access to sets of digital assets. The system may allow a user to upload digital assets to the system for secure access by other users, and may allow a user to remove digital assets from the system as well. The assets may be associated with a family, and may be stored as a “family album”. The system may issue a secure credential to family members for accessing the family album. A family member may invite another family or individual to view the family album. On acceptance of the invitation, the system may automatically forward the secure credential to the invited family or individual. The invited family or individual may use the secure credential to access the family album with no further action required by the invited family or individual.

Abstract: Systems, apparatuses, and methods include technology including a headless medical device for performing implementing a medical resource or function in context with a configuration device and an optional host device for locking or unlocking a lock status of the headless medical device respective to action requests relating to the medical resource or function.

Abstract: The present disclosure includes systems and methods for quorum-based data processing, in which quorum portions are distributed to candidate participants in determined proportions that control groups of required participants. In exemplary embodiments, a server generates a plurality of quorum portions from original data, wherein the original data includes secret information for data processing within a secured computing environment, and wherein at least a predetermined minimum number of the quorum portions are required to reconstruct the original data. Sets of quorum portions are determined from said plurality of quorum portions, wherein each set includes a respective proportion of the plurality of quorum portions, and at least one set includes a larger proportion of the quorum portions. Each set of quorum portions is distributed to a respective one of a plurality of computing devices associated with respective participants over a data network within a secured computing environment.

Abstract: The disclosure relates to a method for enabling the secure functions of a chipset (1) and especially the encryption of the content of the secure memory (7) when the device goes into low power mode. The content of the secure memory (7) may be encrypted and stored in an external memory (20) during low power mode of the chipset (1).

Abstract: Methods for detection of web application anomalies include receiving, by processors of a web server, web application logs and database logs. A machine learning algorithm is executed by the processors to segment the web application logs and the database logs into clusters based on probability density modeling, such that a variance of features within each cluster is less than a threshold variance. Each cluster corresponds to authorized access of backend databases or unauthorized access of the backend databases. The processors compare each cluster to baseline clusters corresponding to the authorized access of the backend databases. The processors determine that a particular cluster corresponds to the unauthorized access of the backend databases based on the comparison. Responsive to determining that the particular cluster corresponds to the unauthorized access of the backend databases, a display device of the web server generates a graphical user interface representing the particular cluster.

Abstract: The present invention relates, in general, to computing engineering and, more particularly, to a method and system for anonymously identifying a user as a member of a group of users. The authors provide the improved anonymous identification witness hiding protocol intended to verify membership in a local community of registered participants based on one-way accumulators developed using quasi-commutative one-way elliptic curve functions. The identification protocol according to the present invention provides the required level of cryptographic security with low operational efforts and resource consumption.

Abstract: Certain aspects of the present disclosure provide techniques for reporting transactions in a blockchain. The method generally includes instantiating a plurality of worker processes for processing blocks from a blockchain in parallel, Each worker process is generally associated with an offset into a buffer of blocks from the blockchain to be reported to one or more computing resources. A subject block to be reported to the one or more computing resources is selected from the buffer. The subject block is generally a block inserted into the buffer by a worker process. The subject block is validated based on a block number associated with the subject block and a block number of a next block to be reported Based on validating the subject block, the subject block is reported to the one or more computing resources, and the subject block, is marked in the buffer as a reported block.

Abstract: Secure patching of an operating system of the integrated circuit chip. A patch server encrypts a patch to the operating system of the integrated circuit chip and transmits the encrypted patch to an issuing-authority server. The issuing-authority server appends the encrypted patch into a digital certificate in an extension to the digital certificate and transmits the digital certificate including the encrypted patch to a terminal. The terminal transmits the digital certificate the integrated circuit chip. The integrated circuit chip recovers the extension to the second digital certificate and decrypts the extension using a decryption key of the manufacturer of the integrated circuit chip thereby recovering the patch to the operating system of the integrated circuit chip and installs the patch into the operating system of the integrated circuit chip.

Abstract: Systems, devices, and methods for generating a unique fingerprint are described herein. For example, an example integrated circuit (IC) chip includes a physically unclonable function (PUF) and an auxiliary circuit. The PUF is a hybrid Boolean network. Additionally, the auxiliary circuit is configured to receive a transient response enable signal.

Abstract: Devices, systems, and methods of detecting a vishing attack, in which an attacker provides to a victim step-by-step over-the-phone instructions that command the victim to log-in to his bank account and to perform a dictated banking transaction. The system monitors transactions, online operations, user interactions, gestures performed via input units, speed and timing of data entry, and user engagement with User Interface elements. The system detects that the operations performed by the victim, follow a pre-defined playbook of a vishing attack.

Abstract: Systems and methods provide a deployable cloud-agnostic redaction container for performing optical character recognition and redacting information from a document using a cloud-based, guided redaction framework. An example method for document redaction includes receiving a plurality of documents and extracting pages from the plurality of documents. The method then determines, based on a load balancing criterion, a processing order for the pages extracted from the plurality of documents, and performs, based on the processing order, an optical character recognition process and a redaction process on the pages to generate redacted pages. The redacted pages are provided for transmission or storage to a cloud data management platform.

Abstract: One example method includes performing a data management transaction, such as a data read operation, a data write operation, or a data delete operation, generating transaction metadata relating to the data management transaction, transmitting the transaction metadata to a blockchain network, and receiving, from the blockchain network, confirmation that the transaction metadata has been stored in a distributed ledger associated with the blockchain network.

Abstract: Methods and systems are provided for mutual authentication between an agent, such as a user (142), and a service host system (128), such as a service provider system, via an insecure and/or untrusted communications network (140). In exemplary embodiments, an initial enrolment sequence (300, 400) is mediated by an authentication server (102) to establish an association between the service host system (128) having an identifier (SPID), an agent (142) that is assigned an identifier (UID) known to the service provider, and a client device (116) having a device identifier (DevID), which is used to access the service, along with a set of credentials comprising cryptographic signatures generated by the service host system (128) and client device (116) using corresponding private keys.

Abstract: Systems and methods for verifying proofs generated from shared data without revealing the shared data are provided. In one aspect, a method comprises receiving, from a first node, a first proof generated from a first private key associated with the first node and data shared between the first node and a second node; receiving, from the second node, a second proof generated from a second private key associated with the second node and the shared data; verifying, without revealing the shared data, the first proof and the second proof were both generated from the shared data with a first public key mathematically related to the first private key, and a second public key mathematically related to the second private key; and preforming an action based on the verification of the first proof and the second proof both being generated from the shared data.

Abstract: A data processing system including storage. The data processing system also includes at least one processor to generate output data using at least a portion of a first neural network layer and generate a key associated with at least the portion of the first neural network layer. The at least one processor is further operable to obtain the key from the storage and obtain a version of the output data for input into a second neural network layer. Using the key, the at least one processor is further operable to determine whether the version of the output data differs from the output data.

Abstract: A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.

Abstract: One-to-many cryptographic systems and methods are disclosed, and a network employing the same, including numerous industry applications. The embodiments of the present invention can generate and regenerate the same symmetric key from a random token. The one-to-many cryptographic systems and methods include a central location and a cryptographic module being in communication with each other. The cryptographic module is configured to encrypt and/or decrypt data received a remote location and output encrypted and/or decrypted data. The cryptographic module includes a key generator configured to use two or more inputs to reproducibly generate the symmetric key and a cryptographic engine configured to use the symmetric key for encrypting and decrypting data. Corresponding methods, and network employing the same, are also provided.

Abstract: A method for obtaining a cluster feature code includes: determining a plurality of key nodes from respective nodes in a cluster; obtaining plaintexts of feature codes of the respective key nodes; according to the plaintexts of the feature codes of the respective key nodes, obtaining ciphertexts of the feature codes of the respective key nodes, by utilizing a first-level public key; calculating a check code according to the ciphertexts of the feature codes of the respective key nodes; and according to the check code, obtaining the cluster feature code, by utilizing a second-level public key. By means of the present application, the scope of influence on the entire system when system nodes change is reduced.

Abstract: Systems, computer program products, and methods are described herein for dynamic exposure monitoring. The present invention is configured to determine a resource associated with a network environment, wherein the resource is associated with an exposure portfolio; determine one or more monitoring requirements associated with the resource, wherein the one or more monitoring requirements are determined based on the exposure portfolio; implement a first subset of one or more resource monitoring tools based on at least the one or more monitoring requirements of the resource; determine a change in the exposure portfolio of the resource; determine a change in the one or more monitoring requirements based on at least the change in the exposure portfolio of the resource; trigger a dynamic modification to the one or more resource monitoring tools; and implement the second subset of the one or more resource monitoring tools on the resource.

Abstract: Disclosed herein is a system for enabling a default label to be configured for a network location created to store files. The default label can be assigned at a time when the files are uploaded to the network location. An owner of the network location can define the default label to be assigned to the files. Whenever an unlabeled file is uploaded to the network location, the unlabeled file automatically inherits the default label. Furthermore, the system is configured to consider an order of label priority when determining whether to assign a default label to a previously labeled file to be uploaded to the network location. The system is configured to upgrade a file with a preassigned label of lower priority to the default label, while permitting another file to be stored without a label change if the preassigned label is of higher priority compared to the default label.