Abstract: In order to efficiently perform security inspection, an inspection support apparatus includes a reception processing section configured to receive information related to a plurality of activity histories for security inspections performed by a plurality of inspection apparatuses, a specifying section configured to specify a conforming activity history meeting a predetermined correlation condition, from the plurality of activity histories, and a generating section configured to generate information related to the conforming activity history.

Abstract: A method for inter-hospital identity authentication and electronic medical record transfer of patients is provided. Based on a blockchain technology, a patient achieves secure and efficient inter-hospital transfer authentication, and a new hospital accesses an electronic medical record with authorization of the patient, thus achieving reliable electronic medical record access controls. In each hospital, the patient, a medical server, and a doctor achieve efficient tripartite authentication and negotiation of session keys, and communicate based on the session keys. By introducing an elliptic curve to encrypt key parameters in an authentication process, a security of the entire authentication process is improved, and a computational pressure on a wireless device is reduced. In the authentication and the electronic medical record, the patient uses dynamic anonymity policies to protect privacy.

Abstract: A request to search a database field in a database table for a query value may be received. The query value may be hashed with a designated hash function and a designated hash key to produce a designated keyed-hash value. A row in the database table may be identified based on the designated keyed-hash value. The identified row may include a keyed-hash field value that matches the designated keyed-hash value. The identified row may include an encrypted field value generated by encrypting an unencrypted field value matching the query value. One or more data values associated with the identified row may be transmitted in response to the request.

Abstract: A computer processing device for data processing is disclosed. The device is configured to determine a trust level associated with a data requestor, determine a data category associated with one or more data elements wherein each data category has an associated ranking, construct a set of data elements for the data requestor from the one or more data elements based on the determined ranking associated with each data category and the determined trust level associated with the data requestor.

Abstract: Methods, systems, and apparatus, including a method for preventing fraud. In some aspects, a method includes: receiving, from multiple client devices, a measurement data element that includes a respective group member key and a group identifier for a given conversion as a result of displaying a digital component. Each client device uses a threshold encryption scheme to generate, based at least on network data that includes one or more of impression data or conversion data for the conversion, a group key that defines a secret for encrypting the network data and generate, based on data related to the application, the respective group member key that includes a respective share of the secret. In response to determining that at least the threshold number of measurement data elements having the same group identifier have been received, the network data is decrypted using the group member keys in the received measurement data elements.

Abstract: A method for extending connectivity from a core network to remote mobile networks includes: installing a security gateway between the core network and wireless broadband base stations located at a periphery of the core network; creating a virtual layer 2 (data link) overlay network interconnecting the broadband base stations; activating a local layer 3 (network) protocol between the security gateway and the core network; activating a sensor protocol between the security gateway and each remote mobile network, the sensor protocol being configured to use broadband communication through the broadband base stations when at least one broadband base station is in range of the remote mobile network, and otherwise use satellite communication; and providing each remote mobile network with a remote layer 3 protocol that uses the broadband communication until disconnected from the broadband base stations, and then uses the satellite communication until reconnected to one of the broadband base stations.

Abstract: A deduplication system (100) includes encryption apparatuses (400), a conversion key generation apparatus (500), a tag conversion apparatus (600), and a match determination apparatus (700). The encryption apparatuses (400) each generate encryption tag (ETag) using an encryption key (ek) and plaintext (M). The conversion key generation apparatus (500) generates a conversion key (ck) using the encryption key (ek) and a conversion key generation key (tk). The tag conversion apparatus (600) converts an encryption tag (ETag) for which the same plaintext (M) has been used into an encryption tag (T) that takes the same value regardless of a value of the encryption key (ek) used for the encryption tag (ETag) by applying the conversion key (ck) to the encryption tag (ETag). The match determination apparatus (700) determines whether the values of two encryption tags (T) match.

Abstract: Aspects of the subject disclosure may include, for example, obtaining, from a user device, a master-slave agreement and a first network configuration for a federated blockchain network, transmitting to a cloud service provider (CSP) node the first network configuration, generating first credentials, and transmitting the first credentials to the CSP node. The CSP node configures a first group of blockchain nodes according to the first network configuration and the first credentials. Further embodiments include transmitting the first credentials to a public server that sends it to a public blockchain node and an indication to generate a portion of the federated blockchain network. The public blockchain node configures a second group of blockchain nodes according to a second network configuration based on a public blockchain smart contract. The federated blockchain network comprises the first group of blockchain nodes and the second group of blockchain nodes. Other embodiments are disclosed.

Abstract: Methods and apparatuses for data communication and cybersecurity are provided to handle the PKI over constrained devices with application over PAN/LP-WAN and other similar devices and networks. This significantly improves the security capabilities of such devices in terms of identity verification, encrypted communication, and device life-cycle management. The apparatus may authenticate a party of a data communication session using a micro certificate within a micro public key infrastructure that provides transport or application layer security. The micro public key infrastructure may be the combination of communication protocol, micro certificates, and a management platform. The apparatus may establish the data communication session using the micro certificate. The apparatus may perform secured data communication over the data communication session.

Abstract: Provided is a method for providing Registration Data Access Protocol (“RDAP”) responses. The method includes obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user; providing, by the RDAP client, the RDAP query and a cryptographic credential to a RDAP server, wherein the RDAP server communicates with one or more thick RDAP servers to provide respective thick RDAP answers to the RDAP query, wherein at least one the respective thick RDAP answers are encrypted using a symmetric or asymmetric cryptographic key associated with the cryptographic credential of the RDAP client; obtaining a consolidated thick RDAP answer to the RDAP query from the RDAP server; decrypting the consolidated thick RDAP answer using a symmetric or asymmetric cryptographic key associated with the cryptographic credential; and providing the thick RDAP answer that is decrypted to the user.

Abstract: Disclosed are systems and methods that provide a framework that enables user to delegate other users as operators of their securely held account credentials via services backed by OAuth protocols. The disclosed framework provides functionality for users to be delegated access to other users' account credentials, information and resources for the performance of specific electronic transactions. The framework operates by connecting two OAuth registered users so that one user can perform an electronic transaction using another user's securely held credentials upon approval by the other user. This ensures that each electronic transaction is securely held and performed, and operated under the control of the delegator despite performance of the transaction by the delegatee involving the delegator's account information.

Abstract: A network environment scanning engine may monitor electronic communications received via an external computing network and by an enterprise computing system. The network environment scanning engine after receipt of an electronic message, analyze the electronic message to identify, by a network environment scanning engine using a machine learning algorithm, executable code for execution by a processor of computing device addressed as a recipient of the message. The network environment scanning engine further analyzes, using a machine-learning based algorithm in a virtual security environment, the executable code to identify whether the executable code comprises one or more environment variables.

Abstract: Apparatuses, methods, systems, and program products are disclosed for early data breach detection. An apparatus includes a data module configured to receive user data from a darknet. User data may include user credential information that has been misappropriated. An apparatus includes a match module configured to determine whether user credential information matches a user's credentials for a user's one or more online accounts. An apparatus includes an action module configured to trigger a security action related to a user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that user credential data matches the user's credentials at the user's one or more online accounts.

Abstract: Apparatuses (e.g., systems and devices) and methods for remotely accessing a local (e.g., home, office, etc.) network of devices connected to a local router.

Abstract: A device implementing a system to associate a user account with a content output device includes at least one processor configured to receive an invitation to access content associated with a first user account on another device associated with a second user account, the other device being connected to a local area network. The at least one processor is further configured to send, to a server, a request for authorization to access the content associated with the first user account on the other device associated with the second user account, the request comprising information included with the invitation, and to receive, from the server, the authorization to access the content. The at least one processor is further configured to access, based at least in part on the authorization, the content associated with the first user account on the other device associated with the second user account.

Abstract: Systems, methods, and devices authenticate processor instructions stored by a read-only memory (ROM). In one example, a ROM stores a block of register words. The block of register words includes a first register word specifying an authentication tag and one or more register words that each specify an instruction. A security controller identifies the first register word as specifying the authentication tag and performs authentication of the authentication tag. Upon successfully authenticating the authentication tag, the security controller forwards the register words that each specify instructions to a processor for execution. Upon unsuccessfully authenticating the authentication tag, the security controller blocks the register words that each specify instructions from execution by the processor.

Abstract: To write forgettable data to a blockchain, the forgettable data is transmitted to a server, from which encrypted data corresponding to the forgettable data are received. A hash of the forgettable data is generated. A data block including the encrypted data and control data including the hash is added to the blockchain.

Abstract: An example operation may include one or more of encrypting a private key with an encryption key, generating a plurality of keys based on the encryption key and converting the plurality of keys into a plurality of key shares based on a secret input value, storing the encrypted private key on a blockchain, and distributing the plurality of key shares to a plurality of blockchain peers of the blockchain, where the distributing comprises transmitting a different key share from among the plurality of key shares to each blockchain peer among the plurality of blockchain peers.

Abstract: Systems and methods relating to the replacement or removal of sensitive data in images of documents. An initial image of a document with sensitive data is received at an execution module and changes are made based on the execution module's training. The changes include replacing or effectively removing the sensitive data from the image of the document. The resulting sanitized image is then sent to a user for validation of the changes. The feedback from the user is then used in training the execution module to refine its behaviour when applying changes to other initial images of documents. To train the execution module, training data sets of document images with sensitive data manually tagged by users are used. The execution module thus learns to identify sensitive data and its submodules replace that sensitive data with suitable replacement data. The feedback from the user works to improve the resulting sanitized images from the execution module.

Abstract: Methods, machine readable media and systems for evaluating, through one or more simulations, the leakage of sensitive data in an integrated circuit, such as cryptographic data or keys, are described. The embodiments can use machine learning models, such as one or more neural networks to generate one or more leakage related scores for each portion in a set of portions of the cryptographic data. In one embodiment, leakage data associated the first set of POIs with one or more neural networks is processed by the one or more neural networks to identify the POIs that leak the most and determine one or more scores for each portion in the set of portions of the cryptographic data.