Abstract: Methods, systems and computer program products for association rule mining of an encrypted database are provided herein. A computer-implemented method includes receiving, at a first cloud computing environment, encrypted transaction data that are encrypted using an encryption scheme which provides additive homomorphism, wherein the transaction data comprise a plurality of combinations of two or more elements of a set of elements, receiving, at the first cloud computing environment, encrypted query data that are encrypted using the encryption scheme, wherein the query data comprise at least one of an element and a combination of two or more elements of the set of elements which are the subject of a query seeking a determination of whether at least one of the element and the combination of two or more elements is frequent, and computing addition of the encrypted query data with the encrypted transaction data.

Abstract: System and methods are disclosed for organizations to run a test against an active directory list to see if any user-provided passwords have been part of an existing data breach. Utilizing information from such a test identifies users that have weak passwords, reused passwords or shared passwords that have been associated with an earlier breach. With this information, the organization can seek to reduce risk by training staff for this specific issue in a timely and appropriate manner to significantly reduce the risk of a future breach by those identified users. Training can be customized and targeted at those users who attempt to use passwords that have been associated with a breach (either of their own account or of another account on the same or related domain.

Abstract: A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication via a backchannel to reduce the potential for malicious third-party impersonation of the client prior to transfer of the call to the customer call center. Pre-authorized customer support calls may be intelligently and efficiently routed directly to call center agents, without incurring further delay. During call handling, call center agents may initiate further client authentication processes, including contactless card authentication requests, over one or more different communication channels for authorizing access to sensitive information or to allay suspicion.

Abstract: A data management system is provided. The system includes at least one processor, configured to couple to a plurality of domains of a storage memory. The at least one processor is configured to perform actions. The actions include securing data in each of the plurality of domains, using a plurality of domain protection keys, each domain protection key specific to one of the plurality of domains, and securing the plurality of domain protection keys, using a system protection key. A method for protecting user data is also provided.

Abstract: Systems, methods, and non-transitory computer-readable media can determine that a user operating a computing device has accessed a content item through the social networking system. A determination is made that the content item includes at least a first section of content and a second section of content, wherein the first section of content is restricted to users that are associated with a group of users, and wherein the second section of content is available to all users. A determination is made that the user is associated with the group of users. The content item is provided for presentation through a display screen of the computing device, wherein both the first section of content and the second section of content are presented to the user.

Abstract: A computing device may receive a compress data streams which may then be decompressed to generate decompressed data. The computing device may then determine if the decompressed data includes a flag indicating that the decompressed data should be modified. If the decompressed data is to be modified, the computing device may add padding values to the compressed data stream until a boundary block of the compressed data stream is reached. The modified compressed data stream may then be transmitted to an endpoint.

Abstract: Embodiments manage access to cryptography keys for database data, within a secure key store of a local key server owned by a new (security) operating system (OS) user separate from an original default OS user. Existing principles governing distinct OS user access privileges engrained within the OS itself, are leveraged to preclude the default OS user from accessing files of the new security OS user. Embodiments thus segregate the right to read secure cryptography keys of a secure key store, from the right to administer database installation on the OS level. While the original default OS user retains access to the encrypted data, the new security OS user now owns the cryptography key necessary to decrypt that database data. Thus, the default OS user is denied enough information to unlock the database data, enhancing its security. Embodiments are particularly useful for promoting data security in cloud setups and multi-tenant databases.

Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.

Abstract: Disclosed are various embodiments for sharing network site account information among multiple users. Account information for a network site account is received from a first user at a first client. An indication is received from the first user that the account information is to be shared with a second user. The second user is authenticated at a second client. The account information is transferred to the second client.

Abstract: Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

Abstract: An image processing apparatus and method is provided. The image processing apparatus has one or more processors and a memory that stores instructions for execution by the one or more processors. Upon execution of the instructions, the image processing apparatus is configured receive, from a credential source, a credential having a domain identifier identifying an authentication domain and authentication data used to authenticate with authentication domain and parse at least a portion of the domain identifier to obtain information identifying the authentication domain with which to authenticate the credential.

Abstract: Automated secure document and text communication. Secure messages using metadata to transmit hidden encryption keys. Cloud-based collaboration on always-encrypted documents and metadata; cloud-based collaboration on documents and metadata using virtual machines. Maintaining a distributed log for message path tracing, coupled to the message and securely encrypted, even when the message is securely encrypted. Secure message communication over a multi-hop path, that can alter encryption at each hop, adjust security measures at each hop, and include and log biometric sensors at each hop. Secure message communication, using media that can be manipulated by cameras, fax machines, photocopiers, printers, scanners, smart phones, or variants thereof. Free and substantially noiseless conversion of messages between digital and physical form. Secure message communication using multi-media to ensure non-interception and lack of machine readability if intercepted.

Abstract: A system uses a multi-level encryption and tokenization mechanism to allow for fields of a larger object to be individually tokenized and encrypted. Protected data is encrypted using an encryption key and a generated token is displayed in its place. The encryption key is then encrypted using a secondary key. To dereference a token, a requesting application provides the token and associated context to a token service, which searches a token store for a record having both the token and the context. If such a record is located, the token service generates a secondary key and decrypts the encryption key. The decrypted encryption key then decrypts the protected data and transmits the data to the requesting application.

Abstract: An apparatus that operates with a detachable unit mounted therein, includes: a storage unit configured to store a public key; and a verification unit configured to verify data held by the mounted unit, based on the public key. The data includes attribute information indicating an attribute of the unit, and authentication information generated from target information including the attribute information with a secret key paired with the public key and from which the target information is restorable, and the verification unit is further configured to detect an anomaly in the attribute information or the authentication information included in the data, by determining whether the attribute information included in the target information restored from the authentication information using the public key matches the attribute information included in the data.

Abstract: A computer-implemented method comprising: accessing, at a client device, a first artifact and artifact metadata corresponding to the artifact; creating, at the client device, an artifact cryptographic digest corresponding to the artifact to certify existence of the artifact; transmitting, at the client device, the artifact cryptographic digest and artifact metadata to a server; adding, at the server device, the artifact cryptographic digest to a block chain; and adding, at the server device, the artifact cryptographic digest, the artifact metadata and the first artifact to a data storage device separate and distinct from the block chain to reference the artifact cryptographic digest on the block chain.

Abstract: A method of managing implicit certificates of an elliptical curve encryption (ECQV). The implicit certificates are stored in different nodes of the network as a function of a distributed hash table (DHT) and not with a single certification authority. The implicit certificate of the public key associated with a node is obtained by chaining elementary certification operations with a sequence of indexing nodes of the network. Chaining of elementary certification operations can reinforce authentication of network nodes.

Abstract: A display apparatus of a multi-display system is disclosed. The display apparatus includes a display, an input connector configured to receive an input of an image which is encrypted based on HDCP, an output connector which is connected with another display apparatus of the multi-display system, and a processor configured to control the display to display an image corresponding to the display apparatus by decrypting the encrypted image and to re-encrypt the decrypted image to transmit to the another display apparatus through the output connector.

Abstract: A destination server communicates with a computer system using cryptographically protected communications utilizing a first negotiable feature. The destination server detects a triggering event and, in response to the triggering event, causes the cryptographic protected communications with the computer system to change from the first negotiable feature to a second negotiable feature. As a result of stored data indicating that the computer system fails to support the second negotiable feature, the destination server initiates a security measure.

Abstract: Systems and methods include implementing a remote machine learning service that collects digital event data; collecting incumbent digital threat scores generated by an incumbent machine learning model and successor digital threat scores generated by a successor digital threat machine learning (ML) model; implementing anomalous-shift-detection that detects whether the successor digital threat scores of the successor digital threat ML model produces an anomalous shift; if the anomalous shift is detected by the machine learning model validation system, blocking a deployment of the successor digital threat model to a live ensemble of digital threat scoring models; or if the anomalous shift is not detected by the machine learning model validation system, deploying the successor digital threat ML model by replacing the incumbent digital threat ML model in a live ensemble of digital threat scoring models with the successor digital threat ML model.

Abstract: Systems are provided herein for a hardware protection framework. A security module monitors a plurality of voltage lines of at least one electronic control unit (ECU) electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. The voltage differential is compared to a plurality of predetermined signal fingerprints associated with the at least one ECU. A variance in the compared voltage differential is identified relative to one or more of the plurality of predetermined signal fingerprints. Data characterizing the identified variance is provided. In some aspects, a pulse or a data stream is injected based on the voltage differential having an amplitude lower than a predetermined voltage threshold.