Abstract: An access manager determines whether access will be granted to a guarded species or space utilizing a controller including a digital processor with a memory for storing an ID library and a transducer block coupled with the processor for accessing a plurality of different ID types and an access control block coupled with the processor for granting or denying access.

Abstract: A method for identity resolution and data enrichment is performed by at least one hardware processor and includes detecting at an account of a data provider, a shared data object that is shared by an account of a data consumer with the account of the data provider. An application executing at the account of the data consumer is enabled for an identity resolution process based on the detecting of the shared data object. A request for source data received from the application is detected at the account of the data provider. The source data is managed by the account of the data provider. The source data is communicated to the application executing at the account of the data consumer, based on a verification that the application is enabled for the identity resolution process. The identity resolution process is performed at the account of the data consumer using the source data.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes using vocal confidence processing. A request for access to an account may be received. An authentication question may be provided to a user. Voice data indicating one or more vocal utterances by the user in response to the authentication question may be received. The voice data may be processed, and a first confidence score that indicates a degree of confidence of the user when answering the authentication question may be determined. An overall confidence score may be modified based on the first confidence score. Based on determining that the overall confidence score satisfies a threshold, data preventing the authentication question from being used in future authentication processes may be stored. The data may be removed when a time period expires.

Abstract: A client device collects immunization data includes a type of immunization given to an individual and a date that the immunization was provided to the individual. The client device converts immunization data into a numeric string, where the numeric string as converted comprises an encrypted payload portion and a mode indicator portion. The client device generates a two-dimensional machine-readable identifier using the numeric string. A reader device reads the two-dimensional machine-readable identifier and accesses the numeric string. The reader device converts at least a portion of the numeric string comprising the immunization data into a predetermined format for importing into an electronic health record (EHR).

Abstract: Embodiments are disclosed for a method. The method includes generating a correction datastore indicating shifts in magnitude representing corresponding characters that uniquely identify hardware comprising a computer processing chip. The method further includes generating security masks based on a correction file. Additionally, the method includes using a correction process for the computer processing chip. The generated security masks include corresponding overlays representing the shifts in magnitude with respect to corresponding product masks for the computer processing chip. The method also includes generating the computer processing chip using the security masks and the product masks.

Abstract: Provided are a program and personal information protection method which are executed by a system which is operated by a medical practitioner, said program and method comprising: a display process of causing a monitor part 2 to display an examination result screen 3 including personal information which identifies a subject; an identification process of identifying the personal information in the examination result screen 3 which is displayed in the display process; and an invalidation process of invalidating the personal information identified in the identification process in a captured image which includes the examination result screen 3. Instances of personal information being displayed in error to outside users are thus reduced in comparison to the prior art, and sharing of examination result information is implemented smoothly.

Abstract: An information processing apparatus includes a processor configured to obtain a registered first voice of a first user identified in first authentication achieved by an authentication method different from an authentication method employing a voice, obtain a second voice uttered by a second user during operation, perform second authentication for confirming that the second user is the first user identified in the first authentication by comparing a feature of the first voice and a feature of the second voice, and perform, if the second authentication is successfully completed, a process in accordance with an operation associated with the second voice.

Abstract: The present system relates a platform for addressing the optimal privacy-accuracy trade-off in the revelation of a user's valuable information to a third party. Specifically, the present system formalizes the privacy-accuracy trade-off in a precise mathematical framework, wherein mathematical formalization captures user's privacy preference with a single parameter. The system possesses a revelation method of user data that is optimal, in the sense of abiding by user's privacy preference while providing the most accurate description to third party subject to the aforementioned privacy preference constraint.

Abstract: A method including receiving, by an infrastructure device from a first user device, a request to provide a list of available user devices that are available for authenticating the first user device with a service provider; receiving, by the infrastructure device from the first user device, a selection message indicating a selection of a second user device for authenticating the first user device; transmitting, by the infrastructure device to the second user device based on receiving the selection message, an authentication message indicating that the second user device is to authenticate the first user device; receiving, by the infrastructure device from the second user device, one or more encrypted authentication factors associated with authenticating the first user device; and transmitting, by the infrastructure device to the first user device, the one or more encrypted factors associated with authenticating the first user device with the service provider is disclosed.

Abstract: Methods and devices for spoofing proof authentication of a user by voice to unlock a user device. According to one of its aspects, a method includes performing spoofing proof authentication of a user by voice. According to another aspect, a device is configured for spoofing proof authentication of a user by voice. Implementation of the method provides not only personalized access to the data, but also the highest level of security due to anti-spoofing.

Abstract: A method for authenticating by a network server a communication apparatus, the communication apparatus contains a tamper resistant area adapted to memorize a first secret, by receiving from the communication apparatus a request message including a subscriber identifier; providing, by consulting a database accessible by the network server, a device identifier associated to the received subscriber identifier allowing to identify the communication apparatus; identifying in a secure distributed ledger a record published by a manufacturer of at least a portion of the communication apparatus, the record including a second secret attributed to the identified communication apparatus; generating a challenge message including a random number and sending it to the communication apparatus for it to generate a first result; receiving from the communication apparatus a response message including the first result, the communication apparatus being authenticated by the network server if the first result is equal to a second

Abstract: An electronic control unit is connected to a network in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the network via the second control circuit. The second control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. Upon determining that the frame conforms to the first rule, the second control circuit transmits the frame to the first control circuit. The first control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule. The second rule is different from the first rule.

Abstract: A system and a method for configuring resources over a network cloud are described. Attributes related to user roles i.e. categories of user roles, network cloud based services associated with each category, and a number of users associated with each category are received. Hardware capabilities and/or network capabilities corresponding to the attributes are determined from a mapping table stored in a repository. A service set capable of providing the hardware capabilities and the network capabilities is determined from the mapping table stored in the repository. The mapping table is based on previous implementations and instructions associated with one or more service sets. Resources are configured over the network cloud to implement the service set.

Abstract: In an anomaly detection method that determines whether each frame in observation data constituted by a collection of frames sent and received over a communication network system is anomalous, a difference between a data distribution of a feature amount extracted from the frame in the observation data and a data distribution for a collection of frames sent and received over the communication network system, obtained at a different timing from the observation data, is calculated. A frame having a feature amount for which the difference is predetermined value or higher is determined to be an anomalous frame. An anomaly contribution level of feature amounts extracted from the frame determined to be an anomalous frame is calculated, and an anomalous payload part, which is at least one part of the payload corresponding to the feature amount for which the anomaly contribution level is at least the predetermined value, is output.

Abstract: A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remote entity. The encryption of the derived key with the public key may provide secure transmission of the derived key to an authorized remote entity with a private key that may be used to decrypt the encrypted derived key.

Abstract: A user makes a request from a requesting device for access to a secure operation associated with a network-based service. A first biometric authentication is processed for the request and at least one second scope-based authentication is processed for the request based on an analysis of a physical environment for the requesting device. A determination is made based on at least the first biometric authentication and the scope-based authentication whether the secure operation can be: processed on behalf of the user by the network-based service, not processed at all, or processed only if requested from a specific medium/channel associated with a specific device, which may or may not be the requesting device.

Abstract: A secret share value [q] of a quotient q of a/p is obtained through secure computation using a secret share value [a] and a modulus p and [a/d0]=[(a+qp)/d0]?[q]p/d0, . . . , [a/dn?1]=[(a+qp)/dn?1]?[q]p/dn?1 are obtained and output through secure computation using secret share values [a] and [q], divisors d0, . . . , dn?1, and a modulus p. Here, [?] is a secret share value of ?, a is a real number, n is an integer equal to or greater than 2, d0, . . . , dn?1 are divisors of real numbers, p is a modulus of a positive integer, and q is a quotient of a positive integer.

Abstract: An example apparatus includes target signal generator circuitry to generate a target signal having a first center frequency and a bandwidth. The example apparatus additionally includes companion signal generator circuitry to generate a companion signal having a second center frequency that is less than (a) the first center frequency adjusted by a first threshold and greater than (b) the first center frequency adjusted by a second threshold, the first threshold being a first multiple of the bandwidth, the second threshold being a second multiple of the bandwidth, the first multiple different than the second multiple. In some examples, the example apparatus includes adder circuitry to combine the target signal and the companion signal to form a composite signal. Additionally, the example apparatus includes transmitter circuitry to transmit the composite signal to a target device.

Abstract: Methods for identifying potentially sensitive information and protecting such potentially sensitive information include scanning systems that collect and/or disseminate such information. Without limitation, systems collect and/or disseminate personal identification numbers (e.g., personal identification numbers, tax identification numbers, etc.), such as merchant systems, bank systems, healthcare systems, and the like, that collect, use, or disseminate sensitive information may be scanned to identify sequences of data that are likely to be sensitive, and may take actions to protect such sequences of data. Scanning and protection systems are also disclosed.

Abstract: A system, method, and computer program product are provided for consent management. A method may include receiving a first data request for user data associated with a user, the user data stored in a user data database; communicating a consent request to the requester system; receiving a consent response from the requester system; storing consent data associated with the consent response for the user data requested in the first data request in an immutable ledger; receiving a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database; verifying the consent verification request based on the consent data; and communicating a consent verification response to the user data database, the consent verification response indicating consent from the user to share the user data with the requester system.