Abstract: Preserving privacy related to networked media consumption activity. Privacy zones are defined and associated with privacy standards. Privacy standards include frequency criteria governing the storage of datasets including information associated with networked media consumption activity collected from the privacy zone. Transaction requests are received over a network from a client device at a location by a networked privacy system. The privacy zone associated with the client device is identified. A dataset can be created including information associating the networked media consumption activity. The dataset is processed to comply with the privacy standards. The processed dataset can be stored in a database on a physical storage device at a storage location coupled to the networked privacy system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for registering subscribable states in blockchain are provided. One of the methods includes: obtaining a request for registering a workflow comprising one or more states; generating a blockchain contract comprising the workflow; and deploying the blockchain contract in a blockchain, wherein the deployed blockchain contract is executable to update a current state of the workflow among the one or more states.

Abstract: An auditing system (10) is provided for detecting at least one unauthorized operational activity in at least one website, and includes a processor coupled to at least one database (34) for storing data related to the at least one unauthorized operational activity. The processor is programmed to detect the at least one unauthorized operational activity in the at least one website using a monitoring module (22) configured to monitor the at least one website via a network (16) and provide unauthorized operational status information about the at least one website using a plurality of status messages generated based on the data, and a detection module (24) configured to examine the plurality of status messages and detect an anomaly caused by the at least one unauthorized operational activity.

Abstract: Disclosed are various embodiments for determining authentication assurance based on both user-level and account-level indicators. An authentication request associated with an account is received responsive to an input from a user via a user interface. A user-level measure of authentication assurance corresponding to the user is determined. An account-level measure of authentication assurance corresponding to the account is determined. A composite measure of authentication assurance is then determined from a combination of the user-level measure of authentication assurance and the account-level measure of authentication assurance. A response to the authentication request is generated based at least in part on comparing the composite measure of authentication assurance to a threshold.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain transactions. One of the methods includes: obtaining, by a blockchain node of a consortium blockchain network, a blockchain transaction associated with a service; invoking a smart contract corresponding to the service; determining presentation information based on the smart contract and the service, wherein the presentation information is presented to a user through a client device in response to receiving a query from the client device; recording the presentation information into a blockchain transaction log based on the smart contract; and recording the blockchain transaction and the blockchain transaction log of the blockchain transaction into a blockchain.

Abstract: Proof onions for transactions for smart contracts are stored. Details of the transactions are stored on blockchains separate from the proof onions. The proof onions are evidence structures for the steps taken to create any transaction for the smart contract. The proof onions include a plurality of signatures or other cryptographic proofs. A proof request that is associated with at least a first transaction of the transactions is received. A first proof onion of the proof onions that corresponds to the first transaction is retrieved. A plurality of public keys associated with the first proof onion is obtained. The plurality of public keys is used to validate the first proof onion. In response to the validation of the first proof onion, the proof request is responded to with at least an indication of the validity of the first transaction.

Abstract: Techniques for transferring data from a first domain to a second domain in a cross-domain environment are presented. The techniques can include accepting computer readable data in the first domain for transfer to the second domain, passing the computer readable data to a first machine learning classifier at the first domain trained with at least malware files publicly identified as malicious, passing the computer readable data to a second machine learning classifier at the first domain trained with at least malware files specific to the first domain, and transferring the computer readable data to a destination in the second domain.

Abstract: Provided is an authentication method including receiving an authentication request; obtaining authentication data for authenticating a user from at least one of a plurality of external devices as when the authentication request is received; obtaining an authentication score based on the obtained authentication data and reliability information assigned to a type of the authentication data in advance; and determining whether additional authentication is necessary based on the obtained authentication score.

Abstract: In a computer network that has a plurality of nodes, a measure of trustworthiness for a particular node can be updated by other nodes that monitor the particular node's behavior. This includes collecting trustworthiness reports from the other nodes; updating the particular node's trustworthiness level based on the reports; and causing the particular node to route data in the computer network based on its trustworthiness level. The particular node's role in performing at least one of a set of functions is based on a hierarchy of trustworthiness levels, wherein the functions can include monitoring other nodes; sending alerts when anomalous behavior is detected; transmitting a free-antibody software program to a requesting node; updating defensive programs; participating in consensus-based threat analysis with other nodes; identifying threats; tagging suspicious nodes; and performing countermeasures against identified threats.

Abstract: An identification information providing system includes a sending processor configured to send a predetermined signal including identification information; a managing processor configured to set or change identification information and manage predetermined identification information that is set or changed; and a receiving processor configured to be able to receive a predetermined signal to obtain predetermined identification information and perform synchronization, and to use a result of determining matching between obtained predetermined identification information and a received predetermined signal to determine whether the sending processor is an authorized sending processor.

Abstract: Network traffic management apparatuses, systems, methods, and computer-readable media for automatically detecting attack signatures and generating attack signature identifications, involving: collecting a stable dataset during a stable time; determining whether a cyber-attack is detected; when a cyber-attack is detected, periodically generating attack signatures and updating an enforcer with the attack signatures, the attack signatures representing dynamic rules to be enforced; validating the dynamic rules via a long-time validation mechanism, validating involving considering behavior of each dynamic rule after the cyber-attack and during a new cyber-attack and ranking each dynamic rule using the stable dataset, thereby generating persistent rules having a dynamic rule; exporting the persistent rules to a security enforcer; introducing the persistent rules to a persistent rule revocater; determining whether export of an unrevoked persistent rule is requested; and if requested, exporting the unrevoked persiste

Abstract: A method for performing an encrypted data operation may include generating an encrypted hierarchical path identifier corresponding to a hierarchical data space for at least one plaintext data operation that preserves the hierarchy of the hierarchical data space. The at least one plaintext data operation may correspond to at least one subdivision of the hierarchical data space. The method may further include encrypting the at least one plaintext data operation, and sending a request to perform an encrypted data operation to a server. The request may include the encrypted data operation and the encrypted hierarchical path identifier.

Abstract: In one example embodiment, a proxy server obtains, from a client, a query regarding a server with which the client is attempting to establish a communication session. Based on the query, the proxy server evaluates dynamically updated stored data to determine whether the dynamically updated stored data indicates that the server supports a secure transport protocol. Based on determining that the dynamically updated stored data indicates that the server supports the secure transport protocol, the proxy server provides a response to the client. The response causes the client to provide, to the server, an initial secure transport protocol message in the communication session.

Abstract: A method for encrypting data when a device is offline is disclosed. In the method, a determination is made as to whether a successful connection with a remote server computer can or cannot be made. If a connection cannot be made, then data can be encrypted with an ephemeral public key. Later, then a connection is available, the encrypted data can be transmitted to the remote server computer for processing.

Abstract: Disclosed are various embodiments that related to rendering a data driven user interface used to configure device profiles in an enterprise device management environment. In some examples, the enterprise device management environment can include a platform messaging service and a platform specific adapter. In one example, a system can receive a request to generate a device profile for a platform. The system can render a data driven user interface for configuring the device profile based on a definition file. The system can also receive input of a value for a user interface element and retrieve the values from the other user interface elements. The system can generate the device profile based on a translation of the values and transmit a command to a platform messaging service to facilitate an installation of the device profile in a mobile device. Various delivery methods for installing the device profile are disclosed.

Abstract: This disclosure relates to techniques for performing Wi-Fi authentication in a wireless communication system. Public key cryptography may be used to enhance the confidentiality of the user's permanent identity in transit. In some embodiments, a RSA-OAEP (SHA-256) encryption scheme may be used to protect the permanent identity when the EAP client needs to send the user's permanent identity to the server in the absence of pseudonym or fast re-authentication identity. In some embodiments, a server certificate is used to authenticate a iWLAN tunnel to protect an IMSI during setup of a Wi-Fi call. Using the methods described herein on both or either of the EAP client and server side may offer improved privacy protection.

Abstract: An encrypted security system and associated methods for controlling physical access are described. The system includes a security server configured to receive a request for authentication from a mobile device, the request including information identifying the mobile device and a physical access control device. The security server forwards an encryption message including a plurality of unique identifiers to the physical access control device via the mobile device. The physical access control device is configured to authenticate the plurality of unique identifiers in the encryption message and operate an access control mechanism.

Abstract: Methods, systems, and devices for voice-activated medical assistance are described. The method may include receiving an indication of an audio request from a user and determining whether a response to the audio request includes medical information associated with a patient. After determining whether the response includes medical information, the medical assistance server may identify an access class of the medical information and a permission level associated with accessing the access class of the medical information. The method may further include determining whether the user is authorized to access the access class based on the permission level and transmitting an indication of the response to the audio request based on determining whether the user is authorized.

Abstract: Authentication is performed on a plurality of links of a computing environment. One node requests generation of a shared key by a key server coupled to the one node. The one node obtains the shared key and an identifier of the shared key and sends the identifier from the one node to another node. A message encrypted with the shared key is sent from the one node to the other node via one link of the plurality of links. The one node receives via the one link an indication that the other node decrypted the encrypted message using the shared key obtained by the other node. The sending the encrypted message and the receiving the indication that the other node decrypted the encrypted message are repeated on one or more other links of the plurality of links using the shared key previously obtained.

Abstract: Techniques for access point name and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for access point name (e.g., APN) and application identity (e.g., application identifier) based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier.