Abstract: One or more medical devices are configured to connect to a predetermined temporary provisioning network of a healthcare organization, the temporary provisioning network being different than a healthcare network of the healthcare organization. After the devices are received by the healthcare organization, and powered up for the first time, device identifiers corresponding to the medical devices are received at a server remote from the healthcare organization, from the temporary provisioning network, together with an indication that the medical devices are requesting access to a management server within a healthcare network of the healthcare organization.

Abstract: A method for securely sharing and authenticating a last secret can include splitting a secret into a first split and a second split, the secret comprising a cryptographic element and controlling access to a first key, the secret comprising at least one of a password, a second key, and a tokenized value, and the first key controlling access to a secure computing system, encrypting the first split by an encryption key established between the dealer computing system and the combining computing system, encrypting the second split by the encryption key established between the dealer computing system and the combining computing system, transmitting the encrypted first split to a first share-holder, transmitting the encrypted second split to a second share-holder, designcrypting the encrypted first split, and designcrypting the encrypted second split.

Abstract: A method, computer program product and computer system for trusted timestamping is provided. A processor generates a first key pair, where the key pair includes a public key and a private key. A processor publishes the public key of the first key pair to an immutable data structure. A processor receives a first digital file for timestamping. A processor signs the first digital file with the private key of the first key pair.

Abstract: The present invention discloses a cloud-side collaborative multi-mode private data circulation method based on a smart contract, including: S1, a system is initialized; S2, the original data are encrypted into private data, an encryption certificate z? for storage is generated, and z? includes metadata and a data certificate key?; S3, the DO calls a smart contract program to realize uplink of the encryption certificate z? and releases z? to a block chain through a smart contract, wherein the smart contract is open to all user accounts; S4, rapid data circulation is realized: when DO releases the data certificate, DU has been identified, a DU's account IDDU is set through an access policy, the DU obtains an encryption key for data access by executing a smart contract and a key algorithm, private data are obtained through metadata and decrypted to obtain a plaintext; and S5, the data circulation is confirmed.

Abstract: Secure multi-party information retrieval is disclosed. One example is a system including a query processor to request secure retrieval of candidate terms similar to a query term. A collection of information processors, where a given information processor receives the request and generates a random permutation. A plurality of data processors, where a given data processor generates clusters of a plurality of terms in a given dataset, where the clusters are based on similarity scores for pairs of terms, and selects a representative term from each cluster. The given information processor determines similarity scores between a secured query term received from the query processor and secured representative terms received from the given data processor, where the secured terms are based on the permutation, and the given data processor filters, without knowledge of the query term, the candidate terms of the plurality of terms based on the determined similarity scores.

Abstract: Methods, computer-readable media, software, and apparatuses may retrieve, from an industry standard setting scoring system and for a vulnerability, a temporal score based on a pre-revision version of a scoring system, and predict, based on a machine learning model and based on the temporal score for the vulnerability, an updated temporal score based on a post-revision version of the scoring system. A mitigating factor score, indicative of a mitigation applied to the vulnerability by an enterprise organization, may be determined. A risk score may be generated for each vulnerability, as a composite of the updated temporal score and the mitigating factor score. The risk scores for vulnerabilities in a collection of vulnerabilities may be aggregated to determine an enterprise risk score for the enterprise organization. In some instances, the enterprise risk score may be displayed via a graphical user interface.

Abstract: A method for accessing a data source is described. A communication for the data source is received from a proxy at a sidecar. The proxy mirrors the communication so that the communication is provided to the data source and the sidecar. The sidecar includes a dispatcher and service(s). The dispatcher receives the communication, is data agnostic, and provides the communication to the data source and service(s). The service(s) inspect the communication. In some embodiments, the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and the service(s) include OSI Layer 7 service(s). The service(s) perform function(s) based on the communication.

Abstract: Network infrastructure can be automatically detected. A network sensor detects a new network message. A source-address of the new network message is extracted. A plurality of addresses are assembled based on the source-address. These are recursed, using each of the unique similar-addresses as current addresses. Metadata is assembled for each of the addresses in the plurality of addresses. For each particular address in the plurality of addresses, a risk-label is assigned out of a plurality of possible risk-labels, by weighing a plurality of factors; and performing a network security action with the risk-label.

Abstract: This invention is directed toward a communications server that enables individual actors on the Internet to be registered, their identities to be confirmed at an acceptable level of confidence, and their association with, and/or ownership of, certain user identifiers (such as email addresses, phone numbers, domain names, application usernames, and the like), to be verified. The invention also enables Internet actors communicate at different levels of security and to encrypt or sign digital messages and/or documents between each other while maintaining sole possession and control of their private cryptographic keys. To ensure the integrity of user information on the communications server has not been compromised, the invention includes embodiments to periodically backup crucial data in a publicly accessible blockchain format that cannot reasonably be altered, but can be independently verified.

Abstract: This application provides a message processing method and system, and a user plane function UPF device. The method includes: receiving user equipment (UE) authentication information sent by a session management function (SMF) device; matching a received uplink message of the UE with the UE authentication information, and if the matching succeeds, sending the uplink message that includes the UE authentication information to a first application (APP); and performing authentication by the first APP on the UE according to the UE authentication information. In the foregoing process, authentication on the UE does not need to be performed by a remote APP. This simplifies the authentication process, reduces network resource overhead, speeds up authentication on UEs, reduces the latency of UE authentication, and further increases the application switching speed.

Abstract: A device may receive a certificate, such as an X.509 certificate, that includes authentication information. The authentication information may uniquely identify a customer equipment. The device may authenticate the customer equipment using the authentication information. The device may obtain configuration information, associated with configuring the customer equipment to receive a service, based on authenticating the customer equipment using the authentication information. The device may provide the configuration information to permit the customer equipment to be configured to receive the service. The device may provide the service to the customer equipment based on authenticating the customer equipment.

Abstract: A set of methods are proposed to increase data security, both in motion and at rest, by creating microshard data fragments. Microshard data fragments are subsets of a data file which are smaller than a defined atomic unit of value (e.g. a fraction of the size of a social security number or valuable password that one seeks to protect). These microshard data fragments are then dispersed across several physical locations, obscuring the value. Additional techniques are proposed to further frustrate unauthorized reassembly attempts and to create system efficiencies.

Abstract: Systems and methods relating to alerting users as to user information to be exchanged during transactions. A user information system (UIS) information circuit and an associated user information database populates an account with user information received from at least one of the user and a plurality of entities. A user information request relating to a transaction is received from an entity computing system associated with an entity over a network via a network interface circuit. A security circuit sends an alert comprising an approval request containing an identification of user information requested in the user information request to a user computing device associated with the user over the network. The security circuit receives an approval of the approval request from the user computing device, and the UIS information circuit provides the approved information to the entity to complete the transaction.

Abstract: A method according to one embodiment includes transmitting, by an enterprise system, a data request for user data stored in a software wallet to a software wallet provider, transmitting, by the software wallet provider, an authorization request to an end user device of the user in association with the data request, creating, by the end user device, a transaction signed with a first private cryptographic key to generate a signed transaction, transmitting, by the end user device, the signed transaction to the software wallet provider, signing, by the software wallet provider, the signed transaction with a second private cryptographic key to generate a multi-signed transaction, transmitting, by the software wallet provider, the multi-signed transaction to the enterprise system, and validating, by the enterprise system, the multi-signed transaction using a public cryptographic key associated with the first private cryptographic key and the second private cryptographic key.

Abstract: An information processing apparatus that successively activates a plurality of modules, comprises a first module, a second module, and a third module. The first module activates the second module which has been verified, and the second module activates the third module which has been verified. The first module includes verification information used for verifying both of the second module and the third module, verifies the second module using the verification information and verifies the third module using the verification information.

Abstract: Examples described herein include systems and methods for providing push notifications to a third-party application executing on a client device. An example can include encrypting user credentials, generating a callback Uniform Resource Locator (“URL”) with at least a portion of the encrypted credentials embedded into the URL, and requesting notifications from an email service to be provided at the callback URL. Upon receiving a notification at the callback URL, a system component can decrypt the credentials within the URL using a private key and log into the email account using those decrypted credentials. The system component can then generate a push notification based on any changes found in the email account and cause the notification to be delivered to the third-party application on the client device.

Abstract: A method of storing data on target data processing devices, the method comprising: for each target data processing device, using a security data processing device on which first data has been stored to: obtain a device cryptographic certificate from the target data processing device, the device cryptographic certificate having been generated by, and being verifiable as having been generated by, a trusted entity; verify the device cryptographic certificate as having been generated by the trusted entity; generate second data using the first data; and store the second data on the target data processing device.

Abstract: Apparatuses, methods, systems, and program products are disclosed for distributed license encryption and distribution. An apparatus includes a processor and a memory that stores code executable by the processor. The code is executable to select a license token from a pool of available license tokens associated with available digital licenses in response to a license request from a first device. The license token includes information identifying second devices where segments of a digital license associated with the license token are stored. The segments are encrypted using encryption keys for one or more participants. The code is executable to re-encrypt the segments of the digital license for the selected license token using an encryption key for the first device and send the license token to the first device where it is used to request the segments from the second devices, decrypt the segments, and reconstruct the digital license.

Abstract: Disclosed in some examples are methods, systems and machine-readable mediums which allow for more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in well-distributed positions determined by the user. These systems secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the well-distributed noise symbols from legitimate credential symbols.

Abstract: An example operation may include one or more of generating, by an executing client, a blockchain transaction comprising an anonymous rating, a proof, a nullifier, and a root node value, receiving, by a smart contract, the blockchain transaction, the anonymous rating related to an authorizing client, verifying the proof with the root node value and the nullifier, verifying that the root node value is a current or a previous merkle tree root node value, adding the anonymous rating to a shared ledger, marking the nullifier as used, and storing the marked nullifier to the shared ledger.