Abstract: Disclosed is a calculation device. The present calculation device includes: a memory for storing a plurality of homomorphic ciphertexts for an approximate message including an error; and a processor for sorting the plurality of homomorphic ciphertexts by using a 5-way sorter which can sort five homomorphic ciphertexts in a single stage.

Abstract: A method for assessing vulnerability to predatory internet attacks determined using new technologies in the evaluation of personal psychological assessments so as to pinpoint vulnerable persons. Once pinpointed, those with high user risk may not be hired, or if employed already, may be provided additional information/training or have computer software protection installed at their station. Persons are administered a battery of personality/psychological evaluation questions with various statistical and data mining techniques used for common psychological assessments applied to their responses. This algorithmic model uses multiple psychological assessments for a combined measure of user risk.

Abstract: In a vehicle-to-everything (V2X) technology environment, systems and methods are provided for extending the distribution of activation codes (ACs) in an Activation Codes for Pseudonym Certificates (ACPC) system, in a privacy-preserving manner, to a unicast mode of communication. In this unicast ACPC (uACPC), in some embodiments, the ACs are distributed by the back-end system via a unicast channel upon the receipt of the vehicle's direct request for its respective ACs. In some embodiments, uACPC can leverage edge computing architecture for low latency delivery of certificate revocation lists (CRLs) and higher availability for the distribution of ACs.

Abstract: System and method to produce an anonymized cohort having less than a predetermined risk of re-identification. The method includes receiving a data query of requested traits for the anonymized cohort, querying a data source to find records that possess at least some of the traits, forming a dataset from at least some of the records, and grouping the dataset in time into a first boundary group, a second boundary group, and one or more non-boundary groups temporally between the first boundary group and second boundary group. For each non-boundary group, calculating maximum time limits the non-boundary group can be time-shifted without overlapping an adjacent group, calculating a group jitter amount, capping the group jitter amount by the maximum time limits and by respective predetermined jitter limits, and jittering said non-boundary group by the capped group jitter amount to produce an anonymized dataset. Return the anonymized dataset.

Abstract: Each of a secure computation server apparatuses includes a random number generation part that generates random numbers using a pseudo random number generator shared among the secure computation server apparatuses; a seed storage part that shares and stores a seed(s) used for generating random numbers in the random number generation part; a pre-generated random number storage part that stores random numbers generated by the random number generation part; a share value storage part that stores a share(s) to be a target of processing; a logical operation part that computes a carry to be transmitted and received among the secure computation server apparatuses using the random numbers and the share(s) to be a target of processing; an inner product calculation part that removes a mask from the carry; and an arithmetic operation part that performs a processing of erasing the carry to obtain a processing result.

Abstract: Security incident detection based on historian configuration data collected over time is described. Historic configuration data associated with a computing device is updated based on received configuration data indicative of a change in configuration of the computing device in a computer system. The historic configuration data indicates changes to configurations of the computing device over a time period. A determination that relationship between the computing device and an entity of the computer system has changed is made based on the updated historic configuration data. The updated historic configuration data is provided as input to a machine learning (ML) model configured to generate an indication of whether the updated historic configuration data evidences a security incident. In response to the ML model generating an indication that the updated historic configuration data evidences a security incident, a security alert indicative of the evidenced security incident is generated.

Abstract: Aspects of the subject disclosure may include, for example, a device having a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations including capturing images generated by a fiducial invoked on a user device; determining a context of the fiducial; detect an anomaly in the images based on the context; and responsive to detecting the anomaly, providing a notification of the anomaly. Other embodiments are disclosed.

Abstract: A method for supporting sharing of travel history of travelers in airports includes receiving, by a trusted entity of the distributed ledger system, a registration request from a traveler via a traveler application. The registration request provides personal information of the traveler to the trusted entity. The method further includes generating, by the trusted entity, a public key for the traveler using an identity-based encryption mechanism and sending, from the trusted entity to the global identity blockchain, a registration transaction with respect to the traveler. The registration transaction comprises the public key of the traveler. The method further includes recording a travel history that includes all travel tickets of the traveler, wherein a Merkle tree of all the travel tickets of the traveler is generated. The Merkle tree has a Merkle root, and the Merkle root of the Merkle tree is stored in the global identity blockchain.

Abstract: A framework for efficiently and automatically exploring a data network and accurately identifying network threats, which comprises a plurality of software and hardware-based agents, distributed over the data network. The agents are capable of adjusting or reconfiguring, on the fly, the behavior of the agents and their ability to collect data in a targeted manner, so as to investigate suspicious incidents and alerts and collect data that was not yet collected by the system; collecting forensic data by executing tasks defined in workflows, being distributed threat intercepting programs and reporting about the collected forensic data, back to a Central Control Unit (C&C).

Abstract: Unstructured data items are stored at an object storage service. A filtering requirement to be used to generate a result set for an access request is determined. Using a transformed representation of the filtering requirement, a target set of tokens of the filtering requirement which are to be obfuscated within a log record is identified. A log record that comprises substitute tokens for the target set of tokens is generated and stored.

Abstract: Disclosed herein are techniques for analyzing control-flow integrity based on functional line-of-code behavior and relation models. Techniques include receiving data based on runtime operations of a controller; constructing a line-of-code behavior and relation model representing execution of functions on the controller based on the received data; constructing, based on the line-of-code behavioral and relation model, a dynamic control flow integrity model configured for the controller to enforce in real-time; and deploying the dynamic control flow integrity model to the controller.

Abstract: A system, a method and a device for developing a smart contract are provided. A particular embodiment of the system comprises a specification acquisition module configured to acquire specification of a target smart contract interface, a client development module configured to generate, on the basis of the specification of the target smart contract interface, a smart contract client side interface and a smart contract client side agent, the smart contract client side interface and the smart contract client side agent being used to construct a client smart contract application, and a server development module configured to generate, on the basis of the interface specification of the target smart contract, a smart contract server interface and a smart contract server skeleton, the smart contract server interface and the smart contract server skeleton being used to construct a server smart contract.

Abstract: Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.

Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.

Abstract: A composite device with a high security level is provided. A composite device capable of inhibiting unauthorized use favorably is provided. The composite device includes a control portion, a detection portion, an authentication portion, and a memory portion. The detection portion has a function of detecting a touch and a function of obtaining first fingerprint data of a finger touching the detection portion. The authentication portion has a function of executing user authentication processing. The memory portion has a function of retaining second fingerprint data registered in advance. The control portion has a function of bringing a system into an unlocked state when the authentication portion authenticates a user and a function of comparing the first fingerprint data obtained by the detection portion and the second fingerprint data when the detection portion detects a touch, and bringing the system into a locked state in the case where those data do not match.

Abstract: Systems and methods are disclosed for security breach notification. In one implementation, an indication of a security breach is received, at a first device with respect to a user account. Based on the indication of the security breach, a processing device generates a security breach notification, the security breach notification including an instruction to initiate at an account repository one or more actions with respect to the user account. An attempt is made to transmit the security breach notification to the account repository via a first communication interface of the first device. In response to a determination that the security breach notification was not successfully transmitted to the account repository, the security breach notification is transmitted to a second device via a second communication interface of the first device.

Abstract: Novel tools and techniques are provided for implementing monitoring and detection of fraudulent or unauthorized use in telephone conferencing systems or voice networks. In various embodiments, a computing system might monitor call activity through telephone conferencing system or voice network. In response to detecting use of the telephone conferencing system or voice network by at least one party based on the monitored call activity, the computing system might identify incoming and/or outgoing associated with a call initiated by the at least one party. The computing system might analyze the identified incoming and/or outgoing call data to determine whether the call initiated by the at least one party constitutes at least one of fraudulent use or unauthorized use of the telephone conferencing system or voice network. If so, the computing system might initiate one or more first actions.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for verifying the provenance of a digital object generated by a neural network, such as an image or audio object. Also methods, systems, and apparatus, including computer programs, for training a watermarking neural network and a watermark decoding neural network. The described techniques make efficient use of computing resources and are robust to attack.

Abstract: Disclosed herein is a system architecture that structures commodity heterogeneous interconnected computing platforms around universal object abstractions, which are a fundamental system abstraction and building block that provides practical and provable end-to-end guarantees of security, correctness, and timeliness for the platform.

Abstract: Disclosed is a method and system for authenticating user content authentication. A user content authentication method according to an example embodiment may include authenticating a user that desires to create user content, verifying that the user is directly writing the user content, and creating authentication information on the user content created by the user when it is verified that the user is directly writing the user content.