Abstract: A system, method and apparatus that uses a quantum event-based, binary data generation apparatus operating in combination with a single-party or two-party, symmetric and/or asymmetric key storage system to create both random numbers and encryption keys to be used for purposes of encryption and decryption of a user's or organization's file data.

Abstract: System and methods are described which are useful for efficiently combining characteristic detection rules, such as may be done to efficiently and quickly assist in the dispositioning of user reported security threats.

Abstract: Some methods may involve receiving, at a first node of the health network, encrypted sensor data from one or more sensors. The first node may be in a data communication path between the one or more sensors and other nodes of the health network. The method may involve decrypting, by the first node of the health network, only a portion of the encrypted sensor data, and transmitting the encrypted sensor data from the first node of the health network to a second node of the health network. The first node may be a gateway device. In some examples, the second node may be able to decrypt more of the encrypted sensor data than the first node.

Abstract: Improved virtualized application performance is provided through disabling of unnecessary functions, such as unnecessary encryption and decryption operations. An example method performed by a hypervisor includes the steps of obtaining a request from a first virtual machine to perform one or more of encrypting and decrypting of a communication between the first virtual machine and a second virtual machine; determining when the first and second virtual machines execute on a same host as the hypervisor; and in response to the first and second virtual machines executing on the same host: processing the communication without performing the one or more of encrypting and decrypting of the communication, wherein the hypervisor initiates an encryption of further communications between the first virtual machine and the second virtual machine in response to at least one of the first virtual machine and the second virtual machine being moved from the same host.

Abstract: Embodiments of the present invention provide a method, system and computer program product for cognitive user identification recommendation. In an embodiment of the invention, a method for cognitive user identification recommendation includes monitoring typing patterns of an end user as the end user enters data in different fields of different applications of a computing device having a device type and categorizing each of the fields and applications according to field type and application type. The method further includes generating a data structure mapping the user typing patterns to each type of field and application to model user input behavior of the end user. The method also includes transmitting the data structure to a requesting application for prompting the end user to provide a particular type of password mapped to the modeled user input and consistent with a field type of the password and a type of requesting application.

Abstract: In providing cloud services, key-based security measures specific to a local network are utilized when an internal client terminal logs into the network to access cloud services, and when a remote client terminal connects directly to the cloud services. A cloud service computer references the credential authorization service of the local network, allowing key-based security measures of that network to be applied even when a remote client terminal connects directly to a cloud service computer. By referencing the local credential authorization service, it is possible to provide cloud services to different organizations that administer key-based security measures independently of each other.

Abstract: A firewall device comprises a storage unit that stores therein one or more rules related to blocking a request for each of a plurality of WEB servers independently of the rule for another WEB server; a feature-amount calculating unit that calculates a feature amount for each of the WEB servers based on a number of detections with regard to each index in each of the WEB servers; and a rule updating unit that updates a rule stored in the storage unit for each of the WEB servers based on the feature amount calculated by the feature-amount calculating unit.

Abstract: A method includes receiving, from a user via an electronic device, input representing a password to be utilized for an account; automatically determining, utilizing a processor, a complexity value for the input password; automatically determining, based on the determined complexity value, security settings for the account; receiving, from a user via an electronic device, input representing an attempt to login to the account, the input representing an attempt to login to the account including an attempted password; automatically determining that the attempted password does not match the password to be utilized for the account; and determining a course of action to take in response to the determination that the attempted password does not match the password to be utilized for the account, the course of action being determined based at least in part on the automatically determined security settings for the account.

Abstract: Segmentation and classification of documents in a mixed security environment includes receiving a document including a plurality of subcomponents. A security classification level of each of the plurality of subcomponents is determined using a first classification model. The security classification level of each subcomponent includes one of a first classification level and a second classification level. A first subcomponent having the first classification level is routed to a first environment having a first security level. A second subcomponent having the second classification level is routed to a second environment having a second security level. A pointer for the second subcomponent is determined in which the pointer references a portion of the first subcomponent.

Abstract: Methods, systems, computer programs, and electronically readable media storing computer programs are provided for providing access to a plurality of structured data stores based on a plurality of personal authentication information. A first personal authentication information is received. Upon authenticating the first personal authentication information, access to a first level data store is provided. A second personal authentication information is received, and upon authenticating the second personal authentication information, and after authenticating the first personal authentication information, access is provided to a second level data store.

Abstract: Systems, apparatuses, and methods related to a computer system having a processor and a main memory storing scrambled data are described. The processor may have a secure zone configured to store keys and an unscrambled zone configured to operate on unscrambled data. The processor can convert the scrambled data into the unscrambled data in the unscrambled zone using the keys retrieved from the secure zone in response to execution of instructions configured to operate on the unscrambled data. Another processor may also be coupled with the memory, but can be prevented from accessing the unscrambled data in the unscrambled zone.

Abstract: An information processing apparatus comprises a controller configured to: (1) receive, from a first user authorized to access a resource, an access control setting applicable to a second user, the access control setting set within an authority of the first user; (2) receive, in response to a successful authentication of the second user, an access permission request for the resource from the second user; and (3) request, if what is requested in the access permission request is allowed by the access control setting, the resource to execute a process according to the access permission request.

Abstract: An electronic control device, a communication management method performable, and a non-transitory storage medium storing a program are disclosed. The electronic control device is connected to an in-vehicle network and is configured to restrict predetermined communication in the in-vehicle network. The electronic control device includes a key connection unit configured to accept connection of a key device, a key verification unit configured to verify the key device connected to the key connection unit, and a function controller configured to permit the predetermined communication in the in-vehicle network when the verification of the key device using the key verification unit succeeds.

Abstract: A system for transmitting and receiving digital data includes a database including a plurality of user records and an application server. Each user of the records includes a plurality of user profiles, each of the user profiles includes a unique user ID and a unique password, each user of the profiles is associated with at least one PrivaKey/ChannelKey. The application server is programmed to execute a program including the steps of verifying a first user profile and a second user profile, authenticating the first user profile and the second user profile, receiving a PrivaKey/ChannelKey associated with the first user profile and the second user profile, automatically encrypting a plurality of digital data, sending the encrypted digital data to the second user profile, rebuilding the secret key from the ReciKey to prepare the encrypted digital data, automatically decrypting the encrypted digital data, and displaying the decrypted digital data.

Abstract: A system and method are described for preventing security breaches in an IoT system.

Abstract: A traffic monitoring system and method for mapping traffic speed and density while preserving privacy. The system can include fixed stations that make up a network and mobile probes that are associated with vehicles. The system and method do not gather, store, or transmit any unique or identifying information, and thereby preserves the privacy of members of traffic. The system and method provide real-time traffic density and speed mapping. The system and method can further be integrated with a complementary flood monitoring system and method.

Abstract: Disclosed is a method for controlling user access to a medical system including a body-wearable medical device that can be, e.g., an insulin pump and/or a continuous glucose monitor. A remote controller is provided and has a user interface and can exchange data with the medical device. The remote controller is configured for entering, via the user interface, at least one command for execution by the medical device. The remote controller has a locked state in which entering medical device commands or other commands is disabled. In the locked state, the user is prompted to enter an identification code and the remote controller can be unlocked when the correct identification code is entered. In the unlocked state, entering of the medical device command is enabled. Alternatively, instead of entering a correct identification code, the remote controller can be switched to the unlocked state when a safety condition is met.

Abstract: A notification is received that a first user device and a second user device would like to share a data set. The data set is retrieved from a database. A first security level associated with the first user device and a second security level associated with the second user device is retrieved. The data set is provided to the first user device and the second user device in accordance with the first security level and the second security level.

Abstract: An embodiment of an automatic key delivery system is described, An automatic key delivery system comprises the following operations. Herein, a first token is generated and provided to a first network device. Thereafter, a first key value pair, including the first token and a first key segment of a cryptographic key, is received by a first relay server and a second key value pair, including the first token and a second key segment of the cryptographic key, is received from a second relay server. In response, a second token to be provided to the first relay server and the second relay server. Thereafter, the first and second key segment are returned from the first and second relay servers based on usage of the second token as a lookup in order to recover the cryptographic key for decryption of an encrypted content from the first network device.

Abstract: A cryptography system for digital identity authentication, and security including a computer system or platform to enable users (individual, identity editor, requestor) using invariant and variant data on an identity server which uses multi-factor authentication, one or more user devices, at least one hardware device; and utilizing an authentication protocol system with an encryption function having a hardware key and a software key, a private key and a public key. The private key may be generated from said hardware key and said software key may be stored on said at least one hardware device in communication with one of said one or more user devices. The public key may be managed in a key infrastructure on said identity server. The public key may be restricted to use between paired user accounts on said server.