Abstract: A base key that is stored at a device may be received. A network identification may further be received. A device identification key may be generated based on a combination of the network identification and the base key. Furthermore, the device identification key may be used to authenticate the device with a network that corresponds to the network identification.

Abstract: Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

Abstract: Techniques are disclosed relating to user authentication. In some embodiments, a first computing device receives, from a second computing device, a request for a user credential to be input into an authentication prompt associated with the second device. The first computing device determines a proximity associated with the second computing device based on a received wireless location beacon and, based on the request and the determined proximity, presents a selection prompt asking a user of the first computing device to select a user credential stored in the first computing device. The first computing device then provides the selected user credential to the second computing device to input into the authentication prompt. In some embodiments, the first computing device receives the wireless location beacon from a remote controller of the second computing device and determines a proximity based on a signal strength associated with the received location beacon.

Abstract: Techniques are provided for computing with private healthcare data. The techniques include a method comprising constructing an isolated memory partition that forms a secure enclave and pre-provisioning software within the secure enclave. The pre-provisioned software is configured to receive at least one of input data or the instructions for the one or more application computing processes in an encrypted form; decrypt the at least one of input data or instructions using one or more cryptographic keys; execute the one or more application computing processes based on the decrypted at least one of input data or instructions to generate output data; generate a proof of execution that indicates that the one or more application computing processes operated on the received input data; encrypt the output data using the one or more cryptographic keys; and provide external access to the encrypted output data and the proof of execution.

Abstract: Disclosed are various embodiments for resetting security credentials for an authentication management client on a client device. In one non-limiting example, the authentication management client is configured to receive encrypted account data associated with a user from an authentication management service and decrypt the encrypted account data using a master security credential. The decrypted account data is stored as client account data associated with the client device. The authentication management client is configured to receive a request to reset a plurality of security credentials in the client account data. At least one of the plurality of security credentials in the client account data are reset.

Abstract: Described herein is a data security system for enabling tokenized access to sensitive data, including a token provider configured to initiate a secure connection with a remote client computing device of a first data subject, and receive, from the remote client computing device, a request for an access token to provide a service provider with access to sensitive data associated with the first data subject. The request includes a data definition and authorization parameters including a data source identifier. The token provider is also configured to generate the access token that enables access to the sensitive data from the data source, store the access token in a token database, and transmit, to the remote client computing device, a response including the access token and instructions that enable the remote computing device to display the access token to the first data subject or transmit the access token to the service provider.

Abstract: An always-listening-capable computing device is disclosed, comprising: a first electronic sensor configured to receive user input, a second electronic sensor configured to receive a signal indicating that a user depressed a physical button, a gate-keeping module implemented by a processor, wherein data from the first electronic sensor passes through the gate-keeping module while a gatekeeping function is disabled, no data from the first electronic sensor passes through the communications module while the gatekeeping function is enabled, all data input to the gate-keeping module is received via an exclusive input lead from the first electronic sensor, and all data output from the gate-keeping module is transmitted via an exclusive output lead to a component other than the first electronic sensor. The device receives the signal indicating that the user has depressed the physical button; and enables or disables a functionality of a second computing device.

Abstract: Techniques are provided for computing with private healthcare data. The techniques include a de-identification method including receiving a text sequence; providing the text sequence to a plurality of entity tagging models, each of the plurality of entity tagging models being trained to tag one or more portions of the text sequence having a corresponding entity type; tagging one or more entities in the text sequence using the plurality of entity tagging models; and obfuscating each entity among the one or more tagged entities by replacing the entity with a surrogate, the surrogate being selected based on one or more attributes of the entity and maintaining characteristics similar to the entity being replaced.

Abstract: The present disclosure relates to systems and methods for transmitting data. The methods may include obtaining, by a first module, a first packet, wherein the first packet includes a first random code, first data, and a first signature, wherein the first signature is generated by a second module by encryption based on an original random code and original data; generating, by the first module a second signature by encryption based on the first random code and a checksum of the first data; and generating, by the first module, a first response to the first packet upon determining whether the second signature matches the first signature.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: The present invention is generally related to systems and methods for providing an improved authentication and verification system through the use of compiled user data and user location or traffic data from multiple channels of input. Multiple devices may be utilized by the system in order to receive and process data to authenticate user identities and verify the validity of account activity.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for resource origination tracking, the invention including: electronically receiving, from a first user device associated with a first user, a digital resource and a set of distribution rules associated with the digital resource; creating an NFT associated with the digital resource; predicting, via a machine learning engine, a value of the NFT; electronically receiving, from a second user device associated with a second user, a request to complete a resource transfer; transferring ownership of the NFT associated with the digital resource from the current owner to the second user; and transmitting, to a managing entity system, instructions to transfer, from an account associated with the second user, a first amount of financial resources to an account associated with the current owner and a second amount of financial resources to an account associated with the first user.

Abstract: A physical card (in some cases without any on-board source of power or computing capabilities) is configured to maintain access information for digital bearer assets. The physical card may include disposed thereon a single address operable to receive digital bearer assets in one or more transactions on a decentralized computing platform, like a blockchain-based decentralized computing platform. Other decentralized computing platforms utilize different address generation protocols, thus preventing use of a single address on those other platforms. A set of addresses is generated, each address corresponding to a given decentralized computing platform. Each address is based on a same underlying key-pair, and a primary address is selected from the set for a given card. The remaining addresses in the set are stored, without storage of the public key or private key, and returned in a response to a request for additional addresses of the currency card.

Abstract: Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.

Abstract: Disclosed herein are methods, systems, and processes for the enhanced crawling of unexposed web applications for vulnerability scanning purposes. A response to a request generated to a web application is received and a web application framework detection routine on the response for web application frameworks is executed. A determination is made that a web application framework is part of the response and the response is loaded in a web browser associated with the web application. A custom web application framework hook for the web application framework is injected into a web page of a web browser and a list of Document Object Model (DOM) elements and corresponding event handlers is received. A determination is made, based on the list, to execute DOM events to discover functionality of the web application. The web page is loaded in the web browser, the DOM events are executed, and network activity of the web browser during execution of the DOM events is recorded.

Abstract: An electronic device, such as a payment reader, may include a physically unclonable function (PUF) source to generate a plurality of PUF values. The electronic device may also include circuitry to compare the plurality of PUF values from the PUF source to determine a degree of randomness of the at least one PUF source in generating the plurality of PUF values. The circuitry can then determine, based on the determined degree of randomness, whether to use the PUF values from the PUF source to perform a secure operation for the electronic device.

Abstract: Methods, systems, and computer-readable media for a client-side filesystem for a remote repository are disclosed. One or more files of a repository are sent from a storage service to a client device. The file(s) are obtained by the client using a credential sent by a repository manager. Local copies of the file(s) are accessible via a local filesystem mounted at the client device. One or more new files associated with the repository are generated at the client device. Using the credential, the one or more new files are obtained at the storage service from the client device. The one or more new files are added to the repository.

Abstract: A communication device may display an instruction screen in a case where a first wireless connection is established between the communication device and a first external device; in a case where it is instructed that a target process is to be executed in a situation where the instruction screen is displayed, supply, to the first wireless interface, first instruction information; after the public key has been sent to the first external device, receive an authentication request from the first external device; send an authentication response to the first external device; receive connection information from the first external device; and in a case where the connection information is received from the first external device, establish, by using the connection information, the second wireless connection between the communication device and a second external device.

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

Abstract: A computer-implemented method includes: establishing a connection between a user device of a user and a system onboard a vehicle being driven by the user; requesting access, through the established connection, to user information on the user device; in response to a grant of access, retrieving at least a portion of the user information from the user device, the portion of user information including a digital identification document of the user that had been issued by an entity after having vetted the user, the digital identification document including a digital biometric of the user as well as a digital watermark indicating the issuing entity; and retaining, on the system onboard the vehicle, data encoding the digital identification document of the user on the vehicle such that when the vehicle is inspected by a third-party agent, the digital identification document of the user is presented to the third-party agent.