Abstract: Encryption key exchange processes are disclosed. A disclosed method includes initiating communication between a portable communication device including a token and a first limited use encryption key, and an access device. After communication is initiated, the portable communication device receives a second limited use key from a remote server via the access device. The portable communication device then replaces the first limited use key with the second limited use key. The second limited use key is thereafter used to create access data such as cryptograms that can be used to conduct access transactions.

Abstract: A device processes a communication between a source and user equipment. The user equipment is one of a plurality of user equipment connected to a network and the user equipment is associated with an entity. The device determines that the communication is associated with an anomalous traffic pattern. The device implements a provisional blocking of traffic between the source and the plurality of user equipment connected to the network and generates a filtering rule based on determining the anomalous traffic pattern, where the filtering rule prescribes that traffic between the source and the second user equipment is to be blocked. The device transmits a notification to the entity associated with the user equipment that requests that the entity affirm the filtering rule, and the device blocks traffic between the source and the user equipment based on the entity affirming the filtering rule.

Abstract: An example operation may include one or more of receiving a data block for storage on a blockchain from an orderer node, the data block comprising a full-step hash of a storage request and a reduced-step hash of the storage request, performing an approximate hash verification on the data block based on the reduced-step hash of the storage request included in the data block, and in response to a success of the approximate hash verification, committing the data block among a hash-linked chain of data blocks stored within a distributed ledger of a blockchain.

Abstract: Disclosed herein is a social media platform profile identification and social discovery feature. Disclosed social media networks enable introduction of users that may not otherwise know one another based on commonality between those users. Social media profiles are identified by digital objects instead of or in addition to more traditional indexing methods such as real names or screen names. Social discovery on a social network is performed via matching to similar behavior profiles in activity monitored by a block explorer. Machine learning models categorize behavior patterns observed by the block explorer into a machine recognized glossary. Social networks further recommend actions by users based on the monitored online behaviors of social connections.

Abstract: Signed digital certificates can be automatically obtained from a trusted certificate authority. For example, a computing device can receive a request associated with a handshake procedure for establishing a secure session between a client device and a server. The request can indicate a trusted certificate authority that issues signed digital certificates. The computing device can determine that a local key store that is local to the server does not have a signed digital certificate issued by the trusted certificate authority and responsively obtain the signed digital certificate from the trusted certificate authority. The computing device can return the signed digital certificate back to the client device as part of the handshake procedure to establish the secure session.

Abstract: A method, apparatus and computer program product to defend learning models that are vulnerable to adversarial example attack. It is assumed that data (a “dataset”) is available in multiple modalities (e.g., text and images, audio and images in video, etc.). The defense approach herein is premised on the recognition that the correlations between the different modalities for the same entity can be exploited to defend against such attacks, as it is not realistic for an adversary to attack multiple modalities. To this end, according to this technique, adversarial samples are identified and rejected if the features from one (the attacked) modality are determined to be sufficiently far away from those of another un-attacked modality for the same entity. In other words, the approach herein leverages the consistency between multiple modalities in the data to defend against adversarial attacks on one modality.

Abstract: Systems and methods are provided for encrypting and decrypting data using visually encoded ciphertext. The method includes selecting, using a graphical user interface coupled to an electronic device, one or more portions of a document to be encrypted, visually encoding the selected one or more portions of the document, generating a visual representation, wherein the visual representation corresponds to encrypted content, and replacing the selected one or more portions of the document with the visual representation. The method further includes displaying, to the user, the visual representation, capturing the visual representation using one or more cameras, decoding the visual representation, obtaining the encrypted content, and decrypting the encrypted content, generating decrypted content.

Abstract: Disclosed is a dual-link wireless ad hoc network and a security defense method in an emergency scene, aiming at comprehensively improving its security defense capability. The method comprises: sending, by a source node, the secret key and other messages which are not security defense messages through the second link; detecting, by a destination node, abnormal messages from the acquired valid messages after matching with abnormal message feature library, filtering the abnormal messages out, and quickly broadcasting the features of new abnormal messages through the first link; checking, by a new node to be added to the network, the identity and hardware state, authorizing the new node without abnormality, and broadcasting the authorization result information through the first link; adding, by other nodes receiving the security defense messages, the features of the new abnormal messages to their own abnormal message feature library, and allowing the entry of the new node.

Abstract: A request is obtained for accessing a resource in a different region from a region indicated by a session token included with the request. The session token is re-encrypted using secret information of the second region. The request to access the resource in the different region can be fulfilled using the re-encrypted session token.

Abstract: An example operation includes one or more of establishing, by a first blockchain trust anchor node, a trusted connection to a trust anchor node of a second blockchain, detecting, by the first blockchain trust anchor node, changes of the first blockchain, and executing a smart contract to reflect the detected changes on the second blockchain.

Abstract: Systems and methods for adaptive token verification are disclosed. For example, a system may include at least one memory storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include training a verification model to verify tokenized requests based on system identifiers. The operations may include receiving a tokenized request from an external system, the request comprising a system identifier of the external system. The operations may include generating output of the verification model based on the system identifier, and, based on the output, performing one of granting the request or blocking the request.

Abstract: A method of preventing unauthorized access to electronic mail attachment is disclosed herein. A message management system receives one or more files designated as sensitive files. The message management system generates one or more hash values by applying a hash function to each of the one or more images corresponding to the file. The message management system stores the one or more hash values in a database. The message management system receives an outgoing electronic message that includes an attached file. The message management system generates one or more attachment hash values for the attached file by applying the hash function to the attached file. The message management system compares the one or more attachment hash values to the database. The message management system determines that at least one attachment hash value matches at least one hash value. The message management system blocks the outgoing electronic message.

Abstract: Embodiments as disclosed provide systems and methods that use a local authenticator within a domain to provide a credential to access a resource of the domain to a non-local requestor. When a request is received from a non-local requestor at the domain the non-local requestor can be authenticated based on the request. The local authenticator can then be accessed to obtain a credential. This credential may be the same type of credential provided to members of the domain when they authenticate using the local authenticator. The credential is provided to the non-local requestor so the non-local requestor can access the resource of the domain using the credential and authentication of the non-local requestor with respect to these accesses can be accomplished using the local domain authenticator and the credential.

Abstract: A method includes generating, by an internal segmentation orchestrator, a key to cipher/decipher a cryptographic segmentation tag used by an untrusted device, transmitting the key to an external segmentation orchestrator, transmitting the cryptographic segmentation tag to the external segmentation orchestrator and provisioning a trusted network edge with the key and optionally the cryptographic segmentation tag. The method can also include onboarding, based on the key and the cryptographic segmentation tag, the untrusted device, wherein the untrusted device receives the cryptographic segmentation tag from the external segmentation orchestrator.

Abstract: An example operation may include one or more of receiving a gossip message originated from a domain anchor peer in a first security domain, verifying that block content within the gossip message does not violate a cross-domain security policy, in response to verifying the block content, updating an endpoint of the gossip message with an address of a domain anchor peer in a second security domain, and transmitting the updated gossip message to the domain anchor peer in the second security domain.

Abstract: Systems and techniques for keeping a mobile device up to date with respect to dynamic information necessary to identify and access the most suitable wireless network are disclosed. Such dynamic information includes device configuration update and wireless network selection policies update. Both device configuration data update and wireless network selection policies update includes wireless local area network (WLAN) automatic access parameters. The mobile device receives wireless network selection policies update whenever the mobile device changes location. At statically determined time slots, the mobile device receives device configuration update, followed by an additional wireless network selection policies update, which includes updated WLAN automatic access parameters.

Abstract: Described herein is a data security system for enabling tokenized access to sensitive data, including a token provider configured to initiate a secure connection with a remote client computing device of a first data subject, and receive, from the remote client computing device, a request for an access token to provide a service provider with access to sensitive data associated with the first data subject. The request includes a data definition and authorization parameters. The token provider is also configured to generate the access token that enables access to the sensitive data, store the access token in a token database, and transmit, to the remote client computing device, a response including the access token and instructions that enable the remote computing device to display the access token to the first data subject or transmit the access token to the service provider.

Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.

Abstract: Various embodiments of the present technology generally relate to management of big data storage and data access control systems. In some embodiments, a data access system for use in multiple application service and multiple storage service environments comprises a sandbox database for users, wherein the sandbox database is a virtual database environment via which a user may access datasets according to one or more access policies. In some embodiments, the data access system receives a user request to access a dataset stored in a database into the sandbox environment, wherein the database is associated with the data access system. In response to the request, the data access system may retrieve the corresponding data from the database, determine any associated sandbox access policies, and generate an anonymized data table in the sandbox environment.

Abstract: Systems and methods for secure sharing of sensitive information in a computing environment. The methods comprise, by a first entity of a first computing environment receiving sensitive information of the first computing environment, receiving a request to share the sensitive information from a second entity of the first computing environment, and determining whether the second entity is a trusted entity included in a list of trusted entities held by a configuration service associated with a second computing environment. If the second entity is not a trusted entity, determining whether the second entity can establish trust by validating a subscription of the second entity with a directory service, and validating a digital certificate corresponding to the second entity with a certificate authority. If the second entity can establish trust or is a trusted entity, sharing the sensitive information with the second entity so as to enable operation of the second entity.