Abstract: Techniques are provided for computing with private healthcare data. The techniques include a de-identification method including receiving a text sequence; providing the text sequence to a plurality of entity tagging models, each of the plurality of entity tagging models being trained to tag one or more portions of the text sequence having a corresponding entity type; tagging one or more entities in the text sequence using the plurality of entity tagging models; and obfuscating each entity among the one or more tagged entities by replacing the entity with a surrogate, the surrogate being selected based on one or more attributes of the entity and maintaining characteristics similar to the entity being replaced.

Abstract: The present disclosure relates to systems and methods for transmitting data. The methods may include obtaining, by a first module, a first packet, wherein the first packet includes a first random code, first data, and a first signature, wherein the first signature is generated by a second module by encryption based on an original random code and original data; generating, by the first module a second signature by encryption based on the first random code and a checksum of the first data; and generating, by the first module, a first response to the first packet upon determining whether the second signature matches the first signature.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: The present invention is generally related to systems and methods for providing an improved authentication and verification system through the use of compiled user data and user location or traffic data from multiple channels of input. Multiple devices may be utilized by the system in order to receive and process data to authenticate user identities and verify the validity of account activity.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for resource origination tracking, the invention including: electronically receiving, from a first user device associated with a first user, a digital resource and a set of distribution rules associated with the digital resource; creating an NFT associated with the digital resource; predicting, via a machine learning engine, a value of the NFT; electronically receiving, from a second user device associated with a second user, a request to complete a resource transfer; transferring ownership of the NFT associated with the digital resource from the current owner to the second user; and transmitting, to a managing entity system, instructions to transfer, from an account associated with the second user, a first amount of financial resources to an account associated with the current owner and a second amount of financial resources to an account associated with the first user.

Abstract: A physical card (in some cases without any on-board source of power or computing capabilities) is configured to maintain access information for digital bearer assets. The physical card may include disposed thereon a single address operable to receive digital bearer assets in one or more transactions on a decentralized computing platform, like a blockchain-based decentralized computing platform. Other decentralized computing platforms utilize different address generation protocols, thus preventing use of a single address on those other platforms. A set of addresses is generated, each address corresponding to a given decentralized computing platform. Each address is based on a same underlying key-pair, and a primary address is selected from the set for a given card. The remaining addresses in the set are stored, without storage of the public key or private key, and returned in a response to a request for additional addresses of the currency card.

Abstract: Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.

Abstract: Disclosed herein are methods, systems, and processes for the enhanced crawling of unexposed web applications for vulnerability scanning purposes. A response to a request generated to a web application is received and a web application framework detection routine on the response for web application frameworks is executed. A determination is made that a web application framework is part of the response and the response is loaded in a web browser associated with the web application. A custom web application framework hook for the web application framework is injected into a web page of a web browser and a list of Document Object Model (DOM) elements and corresponding event handlers is received. A determination is made, based on the list, to execute DOM events to discover functionality of the web application. The web page is loaded in the web browser, the DOM events are executed, and network activity of the web browser during execution of the DOM events is recorded.

Abstract: An electronic device, such as a payment reader, may include a physically unclonable function (PUF) source to generate a plurality of PUF values. The electronic device may also include circuitry to compare the plurality of PUF values from the PUF source to determine a degree of randomness of the at least one PUF source in generating the plurality of PUF values. The circuitry can then determine, based on the determined degree of randomness, whether to use the PUF values from the PUF source to perform a secure operation for the electronic device.

Abstract: A communication device may display an instruction screen in a case where a first wireless connection is established between the communication device and a first external device; in a case where it is instructed that a target process is to be executed in a situation where the instruction screen is displayed, supply, to the first wireless interface, first instruction information; after the public key has been sent to the first external device, receive an authentication request from the first external device; send an authentication response to the first external device; receive connection information from the first external device; and in a case where the connection information is received from the first external device, establish, by using the connection information, the second wireless connection between the communication device and a second external device.

Abstract: Methods, systems, and computer-readable media for a client-side filesystem for a remote repository are disclosed. One or more files of a repository are sent from a storage service to a client device. The file(s) are obtained by the client using a credential sent by a repository manager. Local copies of the file(s) are accessible via a local filesystem mounted at the client device. One or more new files associated with the repository are generated at the client device. Using the credential, the one or more new files are obtained at the storage service from the client device. The one or more new files are added to the repository.

Abstract: A computer-implemented method includes: establishing a connection between a user device of a user and a system onboard a vehicle being driven by the user; requesting access, through the established connection, to user information on the user device; in response to a grant of access, retrieving at least a portion of the user information from the user device, the portion of user information including a digital identification document of the user that had been issued by an entity after having vetted the user, the digital identification document including a digital biometric of the user as well as a digital watermark indicating the issuing entity; and retaining, on the system onboard the vehicle, data encoding the digital identification document of the user on the vehicle such that when the vehicle is inspected by a third-party agent, the digital identification document of the user is presented to the third-party agent.

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

Abstract: A method for controlling device activation and an associated electronic device are provided. The method includes: utilizing a static entropy source of the electronic device to provide a static entropy; utilizing a first message authentication code (MAC) operator of the electronic device to execute a predetermined algorithm for generating a reference code according to the static entropy and an embedded key of the electronic device; receiving an activation code from outside of the electronic device; utilizing a comparing circuit to compare the activation code with the reference code for generating a comparison result; and determining whether to activate at least one functional circuit of the electronic device according to the comparison result.

Abstract: A method and a secure boot control circuit for controlling a secure boot of an electronic device. The method is applicable to the secure boot control circuit, and the electronic device includes the secure boot control circuit. The method includes: checking randomness of an output of an entropy source of the secure boot control circuit to generate a check result; utilizing the entropy source to provide a random number sequence; generating a reference code according to the random number sequence; comparing the reference code with an activation code stored in the secure boot control circuit to generate a comparison result; and determining whether to enable at least one function of the electronic device according to at least one of the check result and the comparison result.

Abstract: Software for producing and verifying computational determinations using a distributed ledger, by: (i) receiving an indication of a first artificial intelligence (AI) inferencing event, the first AI inferencing event including a first AI inferencing result produced by a first machine learning model based, at least in part, on a first input from a user; (ii) computing a hash of the first machine learning model using a cryptographic hash function; (iii) sending a record of the first AI inferencing event to a verification system, the record of the first AI inferencing event including the hash of the first machine learning model; and (iv) receiving a verification from the verification system indicating that the hash of the first machine learning model matches a hash of a second machine learning model and that the record of the first AI inferencing event has been stored in a first distributed ledger.

Abstract: Network equipment (300, 400) is configured for use in one of multiple different core network domains of a wireless communication system (10). The network equipment (300, 400) is configured to receive a message (60) that has been, or is to be, transmitted between the different core network domains. The network equipment (300, 400) is also configured to apply inter-domain security protection to, or remove inter-domain security protection from, one or more portions of the content of a field in the message according to a protection policy (80). The protection policy (80) includes information indicating to which one or more portions of the content inter-domain security protection is to be applied or removed. The network equipment (300, 400) is also configured to forward the message (60), with inter-domain security protection applied or removed to the one or more portions, towards a destination of the message (60).

Abstract: A system is provided for identification of secure wireless network access points using cryptographic pre-shared keys. In particular, the system may comprise a client-side application that may use a pre-shared key to generate a list of valid access point ID's in a pseudorandom manner. A server-side application may use the same pre-shared key to generate one or more access point ID's. Based on the pre-shared key, a client computing device may readily identify which wireless access points within the network are secure and trusted.

Abstract: A system and method for assigning a single use real-time privilege are disclosed. A processor validates credentials of a user based on comparing credentials data of the user with pre-stored reference data in response to receiving a request to access a target computer to execute a single process; creates a single use blockchain private key for the single process and generates the passcode in response to a successful validation of the credentials. The processor also writes request data corresponding to the private key and the passcode onto a blockchain. In response to receiving user login data and the passcode to access the target computer, the processor validates passcode by confirming that the passcode matches the request data wrote in the blockchain; and assigns a single use real-time privilege to the user for executing the single process in response to successful validation of both the passcode and the received request.

Abstract: Methods and systems are disclosed herein for authenticating a user. A security device may use an object associated with a user and a device of the user to authenticate the user, for example, if the user has forgotten a password. A user may insert the object (e.g., a card, or other object) into the security device and may select an option to authenticate via a device that is trusted by both the security device and the user, rather than authenticating by entering a password at the security device.