Abstract: In some implementations, a mobile device may store information related to a mobile ID registered to the mobile device, wherein the mobile ID is an electronic identity document associated with a user of the mobile device. The mobile device may configure, for the mobile ID, a mobile ID association tree that defines one or more groups that each include, as members, the user of the mobile device and one or more additional users that are each associated with a respective mobile ID, wherein the one or more groups are each associated with one or more shared services that are accessible to each member of a corresponding group based on information related to the mobile ID associated with the respective member.

Abstract: The present application discloses a method, system, and computer system for detecting malicious SQL or command injection strings. The method includes obtaining an SQL or command injection string and determining whether the command injection string is malicious based at least in part on a machine learning model.

Abstract: Systems and methods are provided for generating a combined list of attributes for at least one selected object by combining known attributes and a list of attributes for custom tables, determining a scrambling method for each attribute in the combined list of attributes for the at least one selected object, and scrambling each attribute of the combined list of attributes for the at least one selected object, according to the scrambling method for each attribute. The systems and methods further provided for generating a compliance report indicating what was changed in a system by the scrambling of each attribute and what scrambling methods were applied and allowing release of production data comprising the scrambled attributes for the at least one selected object, to a test system for use in testing functionality for an application or service.

Abstract: A system for controlling user access to an application is disclosed, where the system is configured to receive a request to access the application from a user, the application associated with an identity provider and a datastore; route the request to an intermediary; redirect the request to an identity provider for authentication; authenticate a user with the application based on receiving application identity information at the identity provider; generate a temporary user credential at the intermediary; provide the request along with the temporary user credential to the application; capture a backchannel request from the application to the datastore; confirm that the temporary user credential matches the one previously generated; send confirmation to the application that the temporary user credential enables user access to the application; send communication from the application to the user granting the user access to the application.

Abstract: A data poisoning and model drift prevention computing system may feed trusted historical data to one or more generative adversarial networks (GAN) and cause the GANs to generate simulated data. Curated simulated data is clustered and the data characteristics are captured, such as number of clusters, data density, and the like. The data poisoning and model drift prevention computing system sanitizes the model data and merges the sanitized data with trusted data. The data poisoning and model drift prevention computing system may then cluster the resultant data again and compare the similarities with trusted data clusters. No change in cluster characteristics indicate the data is not tampered and in expected condition. The data poisoning and model drift prevention computing system identifies a deviation in cluster characteristics corresponding to poisoned data and trigger remedial actions.

Abstract: Techniques for adaptively improving the performance of a locked machine learning program have been disclosed. In one particular embodiment, the techniques may be realized as a method for enabling a first party to provide a trained machine learning model to a second party, the method comprising receiving the trained machine learning model from the first party, the trained machine learning model being associated with one or more policies defining permissible operations; and constraining the second party to operate the trained machine learning model in a manner that is consistent with said one or more policies.

Abstract: Auditing data containing sensitive data are stored in a data structure comprising data objects. Each data object comprises one or more pairs of a name and a value. Pairs that are flagged or identified as containing sensitive data are partially encrypted; the value is encrypted using an asymmetric key and the name corresponding to the encrypted value remains unencrypted. Some pairs that are not flagged or identified as containing sensitive data are left unencrypted. Unencrypted data may be stored in the partially encrypted auditing data as plain text. The auditing data may be analyzed to generate business metrics and identify application errors. The auditing data may also be queried, and data objects containing unencrypted pairs and/or partially encrypted pairs may be returned based on matching unencrypted names and/or values to the data query.

Abstract: The present disclosure relates to a data processing method, non-transitory medium and electronic device. The method includes: acquiring first user data and second user data, and initializing a first time window corresponding to the first user data and first time information corresponding to the first time window, as well as a second time window corresponding to the second user data and second time information corresponding to the second time window; determining first data and the first time information corresponding to the first time window based on the first user data; determining second data and the second time information corresponding to the second time window based on the second user data; based on the first data and the second data, determining alignment data corresponding to a same user from the first user data and the second user data.

Abstract: A self-service lender portal provides lenders with a suite of tools for interacting with a multi-lender architecture configured to provide loan applicants with automated pre-qualification and eligibility evaluation for multiple candidate lenders. The lender portal provides lenders with an interface for uploading rule sets defining lending and eligibility criteria, downloading operational data generated from processing loan applicant information, generating and managing security keys for encryption and decryption of sensitive data, and managing access policies for providing single sign-on by interfacing with the lender's own identity management systems.

Abstract: There is provided mechanisms for attesting a first TEE residing on a first node. A method is performed by a second TEE also residing on the first node. The method comprises obtaining a request from the first TEE to be attested. The method comprises, in response thereto, obtaining a shared key from a third TEE residing on a second node. The method comprises performing local attestation of the first TEE, whereby the first TEE is provided with the shared key from the second TEE.

Abstract: Disclosed are a method and apparatus for detecting a logic vulnerability allowing arbitrary password reset for an account, and a computer readable storage medium. The method includes: invoking a preset identification program to determine whether a request for a verification code is initiated in a to-be-detected webpage; obtaining, from a front-end page, a response packet sent in response to the request for a verification code, and determining whether there is a short message service (SMS) verification code in the response packet, on determining that a request for a verification code is initiated in the to-be-detected webpage; and; and determining that the logic vulnerability allowing arbitrary password reset for an account exists in the to-be-detected webpage, on determining that there is an SMS verification code in the response packet.

Abstract: Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

Abstract: In one embodiment, a set of feature vectors can be derived from any biometric data, and then using a deep neural network (“DNN”) on those one-way homomorphic encryptions (i.e., each biometrics' feature vector) can determine matches or execute searches on encrypted data. Each biometrics' feature vector can then be stored and/or used in conjunction with respective classifications, for use in subsequent comparisons without fear of compromising the original biometric data. In various embodiments, the original biometric data is discarded responsive to generating the encrypted values. In another embodiment, the homomorphic encryption enables computations and comparisons on cypher text without decryption. This improves security over conventional approaches. Searching biometrics in the clear on any system, represents a significant security vulnerability. In various examples described herein, only the one-way encrypted biometric data is available on a given device.

Abstract: In one embodiment, a device in a network receives a set of known user identifiers used in the network. The device receives web traffic log data regarding web traffic in the network. The web traffic log data includes header information captured from the web traffic and a plurality of client addresses associated with the web traffic. The device detects a particular one of the set of known user identifiers in the header information captured from the web traffic associated with a particular one of the plurality of client addresses. The device makes an association between the particular detected user identifier and the particular client address.

Abstract: Case management systems and techniques are disclosed. In various embodiments, a hierarchical document permission model is received, the model describing a document hierarchy comprising a plurality of hierarchically related document nodes and defining for each of at least a subset of said document nodes one or more document roles and for each such role one or more document permissions with respect to that document node. The hierarchical document permission model is used to determine and enforce permissions with respect to case management instances to which the hierarchical document permission model applies.

Abstract: A physical card (in some cases without any on-board source of power or computing capabilities) is configured to maintain access information for digital bearer assets. A unique identifier visible on the card may be transmitted to a server-system to utilize functionalities corresponding to the card (e.g., based on information associated with the unique identifier) on a decentralized computing platform, like a blockchain-based decentralized computing platform. Private access information, like a secret, private key that corresponds to a public key (e.g., a public-private key-pair) or a representation of the private key (like a ciphertext thereof) and corresponding encryption key, may be physically concealed with tamper-evident components such that a user can readily determine whether the private access information was divulged. In some examples, a user is required to activate one or more tamper-evident features, thereby altering a visible state of the card, to utilize functionalities corresponding to the card.

Abstract: Methods and systems are disclosed herein for authenticating a user. A security device may use an object associated with a user and a device of the user to authenticate the user, for example, if the user has forgotten a password. A user may insert the object (e.g., a card, or other object) into the security device and may select an option to authenticate via a device that is trusted by both the security device and the user, rather than authenticating by entering a password at the security device.

Abstract: A system protects personally identifiable information (PII) by implementing an unconventional key management scheme. In this scheme, the system uses a set of keys rather than an individual key for encrypting PII. Different portions of the PII are encrypted using different keys from the set of keys. In this manner, even if a malicious user were to access a key, that key would not give the malicious user the ability to decrypt all of the PII. Additionally, the system generates a new set of keys periodically (e.g., once a month). The system also deletes sets of keys that are too old (e.g., six months old). As a result, even if a malicious user were to access a key, the usefulness of that key would be time limited.

Abstract: In an implementation, a first electronic control unit (ECU) performs an operation using a first key and a first fresh value to generate a keystream; performs an exclusive OR operation using the keystream and a to-be-transmitted first plaintext packet to generate a first ciphertext packet; and sends the first ciphertext packet to a second ECU. The first fresh value is a value generated by a counter in the first ECU when the first ECU transmits a packet, and the counter is configured to record a quantity of packets transmitted by the first ECU. The first ECU transmits the first ciphertext packet to the second ECU. This can prevent the first packet transmitted by the first ECU from being eavesdropped on, and help improve confidentiality of the packet transmitted by the first ECU.

Abstract: An integrated circuit module functioning for information security includes: a secure circuit unit, which has passed a security evaluation as a cryptographic module and stores therein at least one digital key for providing a digital key service; and a controller unit set which is in communication with the secure circuit unit and includes a fast service unit and a trusted zone unit. The trusted zone unit and the secure circuit unit respectively use a first channel establishment key and a second channel establishment key dependent on each other to establish a secure signal channel. The secure circuit unit transmits a specific data to the fast service unit via the security signal channel to perform a fast service.