Abstract: A system is provided for generation of substitutable configuration of secure distributed register tokens. In particular, the system may generate, on a distributed register, a secure token with a built-in source code function for triggering a substitution of the secure token with one or more substitute tokens upon the occurrence of a specific condition. The function may pull one or more values associated with the secure token (e.g., from an oracle) and generate the one or more substitute tokens based on the one or more values. Once the substitute tokens are generated, the substitute tokens may be used to replace the secure token on the distributed register.

Abstract: The present disclosure relates to techniques for automated and adaptive cloud security management. Embodiments provide for, at an electronic device configured to interface with a cloud computing environment, initiating one or more transactions in the cloud computing environment using a first identifier to cause a first service of the cloud computing environment to generate a first set of data including the first identifier and a second identifier, and a second service of the cloud computing environment to generate a second set of data including a third identifier and a fourth identifier. Embodiments also provide for automatically determining whether the first identifier corresponds to the third identifier, and, in accordance with a determination that the first identifier corresponds to the third identifier, associating the second identifier and the fourth identifier to generate a linkage between the first and second services.

Abstract: Disclosed is a neural network enabled interface server and blockchain interface establishing a blockchain network implementing event detection, tracking and management for rule based compliance, with significant implications for anomaly detection, resolution and safety and compliance reporting.

Abstract: An approach for increasing security of biometric templates is described. An improved system is adapted to split a full set of features or representations of a trained model into a first partial template and a second partial template, the second partial template being stored on a secure enclave accessible only through zero-knowledge proof based interfaces. During verification using the template, a new full set of features is received for comparison, and a model is loaded based on the available portions of the model. Comparison utilizing the second partial template requires the computation of zero-knowledge proofs as direct access to the underlying second partial template is prohibited by the secure enclave.

Abstract: A system, method, and computer-readable medium are disclosed for providing auditability of a distributed ledger technology (DLT) of de-identified data of entities, stored in the DLT. In certain embodiments, data related to an entity is de-identified. The de-identified data is stored in the DLT. Access to the de-identified data is determined. Instances of access to the de-identified data is recorded to the DLT. In certain embodiments, information used to re-identify the de-identified data is store on the DLT. Access to the information can also be determined and recorded to the DLT.

Abstract: Securely acquiring and managing electronic-based signatures by a content management system. A content management system exposes content objects to a plurality of collaborators. Executable modules of the content management system implement an Internet-based interface that is configured to acquire electronic-based signatures from a user device. A particular user device is configured to access particular content objects over the Internet-based interface and to acquire an electronic-based signature corresponding to one or more of the particular content objects. When one or more conditions are detected that would at least potentially influence how the acquisition of the electronic-based signature is carried out, then one or more remediation actions are invoked. Various security-specific remediation actions address corresponding security vulnerabilities. Various document-specific remediation actions are determined based on the document conditions that had been detected.

Abstract: A data processing method, a detection device administration server, a user terminal, a network server, and a data processing system are provided. The data processing method is applicable to a detection device administration server and includes: communicating with a first detection device; sending, in response to a user terminal of a user binding the first detection device through first identification information of the first detection device, a first detection request to the first detection device; and receiving, after the user completes the first detection, first detection data sent by the first detection device.

Abstract: A method for authenticating a user performed by an identity server computer is disclosed. The method comprises receiving, by a server, a user device identifier from an access device. The server transmits a challenge to a mobile device operated by a user, and the mobile device signs the challenge. The server receives and verifies the signed challenge and then provides the signed challenge or a portion thereof to an access device, which processes the transaction with the signed challenge.

Abstract: Methods and systems disclosed herein describe a universal access layer that allows a plurality of applications to obtain data and/or information from a plurality of heterogeneous data stores. The universal access layer may include one or more application data objects to validate requests, transform a format of the request, determine which data stores comprise the requested data and/or information, encrypt the request, combine responses into a single response, and retransform the response prior to sending it to the requesting application. By using the universal access layer, applications may improve the speed with which they access data and/or information from the plurality of heterogeneous data stores.

Abstract: A system for managing an access to an asset is provided. A digital key to the asset is generated and synchronized between a first user device of a first user and an access control device that controls the access to the asset. A key-sharing request is initiated by the first user device to grant a second user the access to the asset. Based on the key-sharing request, an application server communicates the digital key to a second user device of the second user. When the second user device is within a detection range of the access control device, the access control device receives the digital key from the second user device, validates the digital key, and grants the second user the access to the asset for an access duration defined in the key-sharing request.

Abstract: A system and method for train control system intrusion detection that uses Machine Learning (ML) to detect attacks on traction and braking operations performed by a TCMS. Control message history, which includes previously generated operational commands and control messages sent to each train and mobility information for each train at predetermined time intervals, is received. The received input data is checked for misbehavior and detect attacks.

Abstract: A resource request that is directed to a first online resource of a resource provider is detect by a computing device. A first user that initiated the resource request is identified based on the resource request. A set of challenge questions is determined in response to the resource request and based on the first user. A first challenge question of the set of challenge questions is present, to a first client device of the first user.

Abstract: A communications device for managing an authentication event is provided, which is configured to generate location data indicative of a geolocation associated with the communications device, retrieve, from a key that is obfuscated and stored in the communications device, the key, sign the location data with the retrieved key, and transmit request data to a communications server apparatus for requesting the authentication event, the request data comprising the signed location data. A method and a communications system for managing an authentication event are also provided.

Abstract: A method consistent with embodiments of the present disclosure may begin with retrieving a message to be electronically transmitted. The method may proceed with digitally securing the message by generating a first digital signature for the message. The first digital signature may be added to a list of digital signatures for inclusion in the message. A list of allowed anticipated changes may be retrieved. In accordance to embodiments disclosed herein, the message may be pre-signed for the allowed anticipated changes. Pre-signing the message may comprise editing the message with each allowed anticipated change, generating a subsequent digital signature for the message edited with the allowed anticipated change, and adding the subsequent digital signature to the list of digital signatures for inclusion in the electronic message. This process may be repeated for each allowed anticipated change in the allowed anticipated changes.

Abstract: The present disclosure describes an architecture and design of Unauthorized-Blocking-Role (UAB). UAB is a mechanism which prevents higher privileged users of cloud-hosted software from performing unauthorized activities on protected objects, such as management objects. UAB works by periodically monitoring the permissions of customer users on key management objects in an object hierarchy in management software. If a customer user is detected to have privileges higher than the user should have on those objects, UAB applies restrictive role-based access controls (RBACs) on the user. Similarly, UAB also monitors protected principals and protected roles to ensure that their privileges are not modified by a customer user.

Abstract: A device described herein may maintain a distributed ledger that is also maintained by at least one other device. The device may receive a record for recordation to the distributed ledger, and may add the record to the distributed ledger without communicating with the at least one other device to validate (e.g., cross-validate) the record. The device may receive a request for information included in the record and, after receiving the request for the information included in the record, communicate with one or more devices, of the at least one other device, to validate the record. The device may determine, based on communicating with the one or more devices, that the record is valid; and may output, in response to the request and based on determining that the record is valid, the requested information included in the record.

Abstract: A messaging system includes a sending device and a recipient device communicating through a central unit, a first software module loaded and executed in the sending and recipient devices, and a second software module loaded and executed in the central unit, the first and second software modules creating, managing, and exchanging: items of a first open type that include a chat, a message, or a digital element that are always visible on a screen of a device display, and items of a second reserved type that include a chat, a message, or a digital element that switch between a visible state in which they displayed, entirely or as a preview, on a specific area of the screen, and a hidden state in which they are not displayed on the screen and also do not occupy the specific area of the screen, which they occupy instead when in the visible state.

Abstract: Disclosed herein are systems and method for securely providing access to data. In one exemplary aspect, a method may comprise receiving a request to access data on a computing device of a user and identifying a location of the computing device. The method may comprise determining whether access to the data is allowed in the location based on a location-based rule of a plurality of location-based rule. The method may comprise, in response to determining that access to the data is allowed in the location, detecting, via sensors of the computing device, (1) at least one other person different from the user or (2) a surveillance device in the location, and determining whether the at least one other person or the surveillance device can view the data without direct access to the computing device. If not, the method may comprise providing access to the data on the computing device.

Abstract: A data deletion notification service registers data repositories that store personal data. The service receives requests from users to delete personal data, sends notifications of the deletion requests to the registered data repositories, and stores deletion records recording the deletions and a timestamp associated with the deletion request. The service may wait for confirmation of the deletions from the data repositories, resending the deletion requests if a confirmation is not received, and recording confirmation in an audit record. Data repositories performing a restoration may request, from the service, a list of users that have requested deletion of personal data since the time of the creation of the backup used for restoration. The service may generate, based on deletion records with corresponding timestamps, the list of users and respond to the request with the list. Confirmations of the deletions may be tracked, stored and made available via an audit interface.

Abstract: A system is described for controlling access to resources using an object model. Users can specify use cases for accessing resources. The user may be granted access if the user satisfies qualifications required for accessing the resource, selected a use case permissible for accessing the resource, and satisfies qualifications required for the use case. Use cases, qualifications, resources, and/or links between them can be implemented using an object model. The system can be used in addition to authentication and authorization.