Abstract: Particular embodiments described herein provide for a system that can be configured to receive a notification that a client device is requesting, to modify original data associated with an online application, wherein the original data is stored in encrypted format in a cloud; decrypt the original data using a first client encryption key; store the decrypted data in a location accessible by the online application; enable editing capability of the decrypted data; receive a notification that the client device is finished modifying the data in decrypted format; determine whether the original data in decrypted format was modified; encrypt, based on a determination that the original data was modified, the modified data using a second client encryption key; and upload the modified data in encrypted format to the cloud.

Abstract: A system for preventing cyber security attacks over the CAN bus of a vehicle, from carrying out their plot. The system includes a teleprocessing device that is provided with the message identifier of at least one ECU to be blocked. The teleprocessing device is configured to read the message identifier of CAN messages, to thereby identify the at least one ECU to be blocked. Upon determining that the vehicle is under a cyber security attack, the ECU blocking device is activated. Upon identifying that a message was transmitted by the at least one ECU to be blocked, then during the CAN bus ‘bit monitoring’ process, before the at least one ECU to be blocked reads back the transmitted signal, the ECU blocking device alters one or more bits of the transmitted signal, to thereby force the message to be an erroneous CAN message.

Abstract: A method for device based biometric authentication includes: storing, in a computing device, an encrypted biometric template; storing, in a first memory of the computing device, at least a first application program; storing, in a second memory of the computing device, at least a second application program and an encryption key, wherein the second memory is a trusted execution environment; receiving, by the second application program of the computing device, a validation request submitted by the first application program; receiving, by an input device of the computing device, biometric data; decrypting, by the second application program of the computing device, the encrypted biometric template using the encryption key; validating, by the second application program of the computing device, the received biometric data using the decrypted biometric template; and transmitting, by the second application program of the computing device, a result of the validation to the first application program.

Abstract: User authentication techniques that use a companion device associated with a mobile computing device are described. The companion device receives a user authentication request from a user authentication service via the mobile computing device, displays information related to the user authentication request, receives an approval of the user authentication request, and transmits the approval of the user authentication request to the service via the mobile computing device. In one embodiment, after transmitting the approval, the companion device receives a token from the mobile computing device that includes a value obtained from the service, signs the token with a private key of a securely-stored signing key pair and provides the signed token to the service via the mobile computing device. In another embodiment, after the companion device transmits the approval to the mobile computing device, the mobile computing device provides a personal identification code from secure storage to the service.

Abstract: A network processor provides for in-line encryption and decryption of received and transmitted packets. For packet transmittal, a processor core generates packet data for encryption and forwards an encryption instruction to a cryptographic unit. The cryptographic unit generates an encrypted packet, and enqueues a send descriptor to a network interface controller, which, in turn, constructs and transmits an outgoing packet. For received encrypted packets, the network interface controller communicates with the cryptographic unit to decrypt the packet prior to enqueuing work to the processor core, thereby providing the processor core with a decrypted packet.

Abstract: The method, computer program product and computer system may include computing device which may detect a first user within a defined area of a display device and the first user may have a first security level. The computing device may display data on the display device and the data may be associated with a security parameter defining a security level for viewing the data. The computing device may detect a second user within the defined area of the display device and the second user may have a second security level. The computing device may determine that the second security level of the second user does not meet the security parameter for viewing the data and redact the data in response to determining that the second user does not meet the security parameter for viewing the data.

Abstract: Systems and methods for blockchain ledger growth management using separation of a blockchain ledger into multiple blockchain ledgers (each ledger having a state that can be tracked and used). The systems and methods also include linking the separated ledgers by utilizing a linking application and smart contracts added to the separated ledgers.

Abstract: The method, computer program product and computer system may include computing device which may detect a first user within a defined area of a display device and the first user may have a first security level. The computing device may display data on the display device and the data may be associated with a security parameter defining a security level for viewing the data. The computing device may detect a second user within the defined area of the display device and the second user may have a second security level. The computing device may determine that the second security level of the second user does not meet the security parameter for viewing the data and redact the data in response to determining that the second user does not meet the security parameter for viewing the data.

Abstract: The disclosed computer-implemented method for cross-product malware categorization may include accessing computer readable media storing an incomplete feature dataset and an incomplete label dataset, determining a correlation between the plurality of features and the plurality of malware labels, and constructing at least one of a complete feature dataset based on the incomplete feature dataset and the correlation and a complete label dataset based on the incomplete label dataset and the correlation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system for digital identity authentication including a computer system or platform to enable users (individual, identity editor, requestor) using invariant and variant data on an identity server which uses multi-factor authentication to: 1) The paired identity editor creates a public identifier of the individuals constructed from invariant data and signs/encrypts the individual's user data (including public identifier) with identity editor's private key (hardware) and links the public identifier to the encrypted data record; 2) a requestor obtains public identifier from the individual who wants to disclose his identity and executes an identity verification request (challenge) to an identity server, identity server sends identity verification request (challenge) to individual; 3) individual utilizes individual's private key (hardware) to sign/authenticate identity verification request (challenge); 4) identity server then uses the public key of the paired identity editor to decrypt the individuals data and to

Abstract: A method and system for authenticating a device, board, assembly or system includes obtaining or processing test/scan information provided via extraction of ECID or other unique identifying information regarding a board. A re-authentication process is performed to verify that the board contains only legitimate ECID or other uniquely identified devices, via comparison of re-extracted codes of devices at known positions against a reference record, the reference record being established by an initial authentication process that utilizes information regarding authentic/unique ECID or other uniquely identified codes of devices delivered to populate the board to derive the reference record for the device.

Abstract: Implementations disclose an access control mechanism for peer-to-peer sharing technology. A method includes receiving, by a processing device of a first user device, an encrypted media item and a wrapped key from a second user device, wherein the wrapped key comprises content masked from the first user device; transmitting, by the first user device, the wrapped key and a request to a media server to determine whether the first user device is authorized to play the encrypted media item; receiving, from the media server, a response indicating the first user device is authorized to play the encrypted media item, the response comprising a cryptographic key derived from the wrapped key; and decrypting the encrypted media item using the cryptographic key.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: A method for performing biometric authentication is disclosed. In one example, the method includes obtaining first and second biometric templates and comparing them to determine if they match. The method also includes determining if a biometric certification token is valid. A computing device or other device may communicate with a verification system to determine the validity of the biometric certification token.

Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.

Abstract: An exemplary method comprises: generating, by at least one first computing node in the enterprise network or the reconciliation network, a first digital facilitator, wherein the first digital facilitator provides one or more parameters for accessing or distributing data on a distributed ledger in the enterprise network, wherein a private key is used for performing a computing operation, based on the data, in the enterprise network; associating identification information associated with the private key or associated with a custodian of the private key, wherein the identification information enables initiation or execution of one or more distributed ledger-based computing operations in the enterprise network or the reconciliation network; and transmitting, via the reconciliation network, reconciliation data associated with the one or more distribution ledger-based computing operations, wherein the reconciliation data is extracted based on one or parameters for accessing or distributing the data in the enterpris

Abstract: One example method includes creating a backup of data, creating metadata associated with the backup, hashing the backup to create a backup hash, obtaining a key from a blockchain, generating an aggregate hash of a combination that includes the key and the backup hash, and transmitting the aggregate hash to a blockchain network. Because the aggregate hash is not modifiable when stored in a blockchain, an immutable record exists that establishes when a particular backup was created.

Abstract: The Seed Splitting and Firmware Extension for Secure Cryptocurrency Key Backup, Restore, and Transaction Signing Platform Apparatuses, Methods and Systems (“SFTSP”) transforms transaction signing request, key backup request, key recovery request inputs via SFTSP components into transaction signing response, key backup response, key recovery response outputs. An offline transaction signing request message for a transaction is received by a first cold HSM and includes an encrypted second master key share from a second cold HSM and an encrypted third master key share from a hot HSM. A first master key share is retrieved. The encrypted master key shares are decrypted and, along with the first master key share, used to recover a master private key. A keychain path is determined. A signing private key for the keychain path is generated using the master private key. The transaction is signed using the signing private key, and the generated signature is returned.

Abstract: A multi-lender architecture is configured to provide a loan applicant with automated pre-qualification and automobile loan eligibility evaluation for multiple candidate lenders. Lender output data may include sensitive data. The lender output data is stored in a data object of a first format and one or more fields of the data object are encrypted at the field level. The encrypted data object may be transmitted through multiple application layers or terminals. The encrypted data object may be reformatted at one or more application layers or terminals without decryption. A reformatted encrypted data object containing the lender output data may be decrypted at the last layer before forwarding the lender output data to the loan applicant.

Abstract: Monitoring nodes may generate a series of current monitoring node values over time representing current operation of a cyber-physical system. A decision fusion computer platform may receive, from a local status determination module, an indication of whether each node has an initial local status of “normal”/“abnormal” and a local certainty score (with higher values of the local certainty score representing greater likelihood of abnormality). The computer platform may also receive, from a global status determination module, an indication of whether the system has an initial global status of “normal”/“abnormal” and a global certainty score. The computer platform may output, for each node, a fused local status of “normal” or “abnormal,” at least one fused local status being based on the initial global status. The decision fusion computer platform may also output a fused global status of “normal” or “abnormal” based on at least one initial local status.