Abstract: A system and methods for providing and reclaiming a single use imaging device for sterile environments is disclosed and described. The system may include a single use high definition camera used for general purpose surgical procedures including, but not limited to: arthroscopic, laparoscopic, gynecologic, and urologic procedures, may comprise an imaging device that is a sterile and designed to ensure single use. The imaging device may have a single imaging sensor, either CCD or CMOS, encased in a housing.

Abstract: Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication process. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider.

Abstract: According to an example aspect of the present invention, there is provided method, comprising: generating or receiving a first hash on the basis of the mobile network data change by a source network function, providing the first hash and security credentials information of the source network function for validation by a set of validator entities, and in response to detecting validation of the first hash and the security credentials information, generating a first transaction for a first blockchain, the first transaction being indicative of the mobile network data change and comprising the first hash.

Abstract: Cross-session acquisition of a verifiable credential. The first session includes generating a user secret known to the first session and to the user, and the generation of an encrypted identity token that includes claims about authentication of the user and the user secrete. In the second session, a second computing system uses the acquired identity token to get a verifiable credential. The user is prompted to prove knowledge of the user secret within the identity token. In response to successful proof of this knowledge and validation of the identity token, the issuer system issues a verifiable credential that relies upon one or more claims that were included within the identity token, and then provides the verifiable credential to the user.

Abstract: Proper functioning of an antivirus software running on an endpoint system is detected using a test data that is provided to the endpoint system. The test data is also provided to a backend system, which provides the endpoint system with an antivirus definition that includes information for detecting the test data. The antivirus software running on the endpoint system scans for the test data and reports detection of the test data to the backend system. The antivirus software is deemed to have failed the proper functioning test when the antivirus software fails to report detection of the test data. Proper functioning of the antivirus software is also detected by performing a challenge procedure, which involves sending a challenge message to the endpoint system. The endpoint system is expected to respond to the challenge message with a response that includes expected information.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for an approach to securing information stored in a distributed network. The system allows for generating distributed identifiers for information entries, wherein the distributed identifiers mask the information entries using a hash function and the distributed identifiers are dispersed across distributed ledgers. The system also allows for originating nodes to access the information entries within the distributed identifiers, while permitting other nodes and domains to reference the distributed identifiers themselves instead of referencing the information entries.

Abstract: Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

Abstract: A computer server receives sensor data via a cellular wireless network from each of a plurality of automobiles in a geographical area. In each automobile of the plurality of automobiles the sensor data is received from sensors located in the respective automobile. The sensor data of the respective automobile may include a time stamp of the sensor data and at least one parameter of an external environment of the respective automobile. The computer server may further determine an external environmental parameter of the geographical area based on the sensor data received from the plurality of automobiles in the geographical area via the cellular wireless network. The external environmental parameter relates to the external environment of the plurality of automobiles in the geographical area. The computer server may transmit the external environmental parameter to multiple automobiles of the plurality of automobiles.

Abstract: Various systems and methods for establishing security profiles for Internet of Things (IoT) devices and trusted platforms, including in OCF specification device deployments, are discussed herein. In an example, a technique for onboarding a subject device for use with a security profile, includes: receiving a request to perform an owner transfer method of a device associated with a device platform; verifying attestation evidence associated with the subject device, the attestation evidence being signed by a certificate produced using a manufacturer-embedded key, with the key provided from a trusted hardware component of the device platform; and performing device provisioning of the subject device, based on the attestation evidence, as the device provisioning causes the subject device to use a security profile tied to manufacturer-embedded keys.

Abstract: Embodiments relate to a user authentication device configured to detect a face region in a target object image including at least part of a face of a target object, recognize masked or unmasked in the face region, extract target object characteristics data from the face region of the target object image, call reference data and authenticate if the target object is a registered device user based on the called reference data and the target object characteristics data. The reference data is generated from an unmasked image of the registered device user.

Abstract: Methods and systems for facilitating authentication of a user with a plurality of applications are described. One method includes authenticating a user with a first secure application based on information received from a smart credential stored on a mobile device via a local wireless connection. The method includes obtaining a remote challenge from a remote authentication service and a mobile challenge, signing the mobile challenge with a private key, and transmitting a signed version of the mobile challenge, the remote challenge, and a public key to the mobile device. The method further includes receiving a signed version of the remote challenge and a certificate indicating validation of the mobile challenge, and transmitting the signed version of the remote challenge to the remote authentication service. Based on receiving an authentication result from the remote authentication service, access is granted to a remote secure application via the browser.

Abstract: An input data may be received. A portion of a cryptographic operation may be performed with the received input data at a first function component. During the performance of the cryptographic operation at the first function component, a pre-charge operation may be performed at a second function component. Furthermore, the second function component may be used to perform another portion of the cryptographic operation with a result of the portion of the cryptographic operation performed at the first function component.

Abstract: An information security protection method includes: repeatedly substituting a plaintext into an encryption algorithm to obtain a plurality of ciphertexts, and determining whether the ciphertexts are all the same h the processor core. Each time the processor core substitutes the plaintext into the encryption algorithm, the encryption algorithm outputs a ciphertext. When the processor core determines that the ciphertexts are not all the same, the processor core outputs a hacker attack message, which means that an encryption process has suffered a hacker attack.

Abstract: Disclosed herein is a method of facilitating sharing of medical information associated with a patient among user devices. Accordingly, the method may include transmitting a software plugin to a first user device and a second user device, transmitting indicators corresponding to a plurality of users to the first user device, receiving a communication message from the first user device, retrieving a second user information associated with a second user, analyzing the second user information and a message content based on a medical compliance guideline, determining a compliance score, retrieving a second device characteristic, transforming the communication message according to the second device characteristic, generating a transformed communication message, and transmitting the transformed communication message to the second user device.

Abstract: Various examples described herein are directed to systems and methods for managing an interface between a user and a user computing device. The user computing device may determine that an audio sensor in communication with the user computing device indicates a first command in a user voice of the user, where the first command instructs the user computing device to perform a first task. The user computing device may determine that the audio sensor also indicates a first ambient voice different than the user voice and match the first ambient voice to a first known voice. The user computing device may determine that a second computing device associated with the first known voice is within a threshold distance of the user computing device and select a first privacy level for the first task based at least in part on the first known voice.

Abstract: A method is provided for authenticating an occupant within an interior of a vehicle. The vehicle includes a camera which is configured to monitor the interior of the vehicle, and a processing device being configured to process image or video data provided by the camera. Characteristic features are determined being visible via the camera, and authenticating image or video data are captured via the camera while an occupant is present within the interior of the vehicle. Via the processing device, face recognition and liveliness check are performed for the occupant based on the authenticating image or video data, and an identification degree of the characteristic features is determined within the authenticating image or video data. Based on the face recognition, the liveliness check and the identification degree it is determined whether an authentication of the occupant is to be accepted.

Abstract: A contactless Secure Element compliant to an inter-industry Secure Element contactless management standard where a Card Reset privilege or Implicit Selection parameter on a contactless interface is compulsory for an Identification Virtual Document application to be able to communicate with an external entity, said Secure Element has a proxy application having the Card Reset privilege or Implicit Selection parameter on the contactless interface and being adapted to receive any command from an external entity for any of the available Identification Virtual Document application belonging to any one of the different standards of Identification Virtual Document, to extract a select command comprising an Logical Data Structure application identifier, to identify and to determine the corresponding recipient Identification Virtual Document application using the extracted Logical Data Structure application identifier and to forward such a command to the determined corresponding recipient Identification Virtual Documen

Abstract: A system and method for agentless detection of sensitive data in a cloud computing environment. The method includes detecting a first data object including a data schema and a content in a cloud computing environment; detecting a second data object, having the data schema of the first data object; generating in a security graph: a first data object node representing the first data object, a second data object node representing the second data object, and a data schema node representing the data schema; storing a classification based on the content in the security graph, wherein the content is classified as sensitive data or non-sensitive data; and rendering an output based on the classification and the data schema node, in lieu of the first data object node and the second data object node, in response to receiving a query to detect a node representing a data object classified as sensitive data.

Abstract: Disclosed herein are techniques for protecting web applications from untrusted endpoints using remote browser isolation. In an example scenario, a browser isolation system receives a request from a client browser executing on a client device to connect with a remote application accessible via a private network. A surrogate browser is provided to facilitate communications between the client browser and the remote application. A security policy is enforced against the communications.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which detects and defends against malware in-flight regardless of the specific nature and methodology of the underlying attack. The analytic server learns the system's normal behavior during testing and evaluation phase and trains a machine-learning model based on the normal behavior. The analytic server monitors the system behavior during runtime comprising the runtime behavior of each sub-system of the system. The analytic server executes the machine-learning model and compares the system runtime behavior with the normal behavior to identify anomalous behavior. The analytic server executes one or more mitigation instructions to mitigate malware. Based on multiple available options for mitigating malware, the analytic server makes an intelligent decision and takes the least impactful action that have the least impact on the system to maintain mission assurance.