Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: A system and method for pairing two devices for secure communications. A user selects a first device to pair with a second device. The first and second devices have the ability to securely communicate with each other through the use of encrypted communications. An encryption key is written to the first device and then burned into the encryption module on the first device. A third device is selected to pair with the first device. A second encryption key is written to the first device and then burned into the encryption module.

Abstract: Embodiments of systems and methods for implementing data sovereignty safeguards in a distributed services network architecture are disclosed. Embodiments of a distributed services system may have a number of distributed nodes that each implements a set of services. When a user requests a service at a particular node of a distributed services system, the node is configured to determine if that node is not (or is) data sovereign for a region associated with the user. If the node is not data sovereign for the user's region, the user may be directed to a corresponding service at a node of the distributed service system that is data sovereign for the user's region.

Abstract: A method for privacy-preserving inventory matching may include: (1) receiving a plurality of axe submissions; (2) arranging the parties into data structures based on a direction in the party's axe submission; (3) sending each party's commitment to the other party; (4) receiving, from each party, output secret-shares of an arithmetized comparison circuit; (5) verifying that the output secret-shares of the arithmetized comparison circuit received from the parties match commitments to the output secret-shares sent by the respective opposite party; (6) identifying a minimal party based on the outputs of the arithmetized comparison circuit; (7) generating and sending a proof of the minimal party identification to the minimal party; (8) receiving a minimal quantity integer from the minimal party; (9) revealing the minimal quantity integer to the first party and the second party; and (10) executing the trade for the minimal quantity integer.

Abstract: Methods are provided in which a network device hosts distinct network access resources that are managed by different entities. The method includes obtaining a request for partitioning one or more network resources of an on-premise network device for connecting one or more endpoints to a first network managed by a first entity. The on-premise network device connects one or more endpoints to a second network managed by a different entity. The method further involves partitioning, based on the request, the one or more network resources and connecting the one or more endpoints to the first network using the one or more network resources. The one or more network resources are managed by the first entity while at least one other network resource of the on-premise network device is managed by the different entity and is associated with connecting the one or more endpoints to the second network.

Abstract: Embodiments of the present invention relate to apparatuses, systems, methods and computer program products for dynamic adapted security analysis of network resource components. Specifically, the system is typically structured for providing proactive network security by dynamically analyzing entering network resource components for vulnerabilities, establishing adapted validation thresholds and mitigation actions, and preventing unsuccessfully validated network resource components in a distributed network. In some aspects, in response to determining that a file attribute data element of the first network program resource component is of a predetermined file type, the system blocks the incoming file transfer associated with the first network program resource component.

Abstract: A method for supplying and a method for obtaining, by a terminal, from a first user, a biometric signature of a second user. The terminal receives a radio signal transmitted by a transmitter device according to a near-field communication technology, via a channel using the electromagnetic wave conduction capabilities of the body of the second user when the second user comes into contact with or grazes a surface of the transmitter device and via a channel using the electromagnetic wave capabilities of the body of the first user when the first user comes into contact with or grazes the second user, and obtains, from this radio signal, the biometric signature of the second user. The biometric signature is stored in a secure memory space of the terminal in order to be used subsequently during an authentication of the first user.

Abstract: Disclosed are embodiments directed to security methods applied to connections between components in a distributed (networked) system including medical and non-medical devices, providing secure authentication, authorization, patient and device data transfer, and patient data association and privacy for components of the system.

Abstract: Methods and systems for managing artificial intelligence (AI) models are disclosed. To manage AI models, poisoned training data introduced into an instance of the AI models may be identified and the impact of the poisoned training data on the AI models may be efficiently mitigated. To do so, a first poisoned AI model instance may be obtained. Rather than re-training an un-poisoned AI model instance to remove the impact of poisoned training data, the first poisoned AI model instance may be selectively un-trained whenever poisoned training data is found in the training dataset. Subsequently, weights of the first poisoned AI model instance may be adjusted to account for future training data. As poisoned training data may occur infrequently, selectively un-training the AI model may conserve computing resources and minimize AI model downtime when compared to a full or partial re-training process of an un-poisoned AI model instance.

Abstract: User authentication and validation for performing transactions may be performed by a validation server of a service provider. For example, when a login request or purchase request is received, the request may be authenticated or validated before permitting the requested transaction. In some arrangements, the validation may be delegated to one or more devices or users external to the service provider. Multiple validation users may be consulted for each transaction request to determine a consensus validation decision. A consensus may be reached based on unanimous responses or based on a specified threshold level (e.g., more than 50% responding positively or negatively). The service provider may use this consensus determination to authorize or reject a transaction request.

Abstract: Disclosed herein are systems and methods for storing patient medical information on a local processing device, anonymizing a portion of that medical information and storing it on a second processing device, exposing that anonymized medical information to a third processing device coupled to the second processing device through a network, and restricting users of the third processing device to only accessing HIPAA compliant medical information. Alarms are included for indicating the improper transfer of HIPAA data.

Abstract: An implementation of the present application provides a computer-implemented method to increase the security of a blockchain-implemented transaction, the transaction including participation from a plurality of participating nodes, each participating node participating as a message originator, selector, and propagator. The method, implemented at a participating node, includes: receiving ciphertext from a prior node and determining whether the participating node is a selector node for said ciphertext received from the prior node. When the participating node is the selector node for said ciphertext, the method includes selecting a subset of said ciphertext, decrypting the selected subset of said ciphertext to provide opted ciphertext and transmitting said opted ciphertext to the next node. When the participating node is other than the selector node for said ciphertext, the method includes decrypting said ciphertext received from the prior node and transmitting the decrypted ciphertext to the next node.

Abstract: A processor with a Hash cryptographic algorithm and a data processing method are shown. In response to one single Hash cryptographic instruction of an instruction set architecture, the processor reads a first storage space within a system memory to obtain an input message of a limited length, and processes the input message in accordance with the Hash cryptographic algorithm to generate a final Hash value of a specific length.

Abstract: Implementations provide a computer-implemented method that includes: accessing, by a node of a blockchain network, a first set of data encoding a set of transaction records, wherein the blockchain network comprises a plurality of consensus nodes; at least based on the first set of data, generating, by the node, a transaction hash for the set of transaction; accessing a second set of data encoding a compliance status of the node of the blockchain network; at least based on the second set of data; generating, by the node, a compliance hash for the node of blockchain network; generating, by the node, a root hash that combines the transaction hash and the compliance hash; and submitting, by the node and to the plurality of consensus nodes of the blockchain network, a block that includes the root hash for entry into the blockchain.

Abstract: An information processing method is provided. The method includes: acquiring first identity information of a first security domain; obtaining first discovery request information on the basis of the first identity information, wherein the first discovery request information is used for requesting a target resource of a target device that matches the first identity information; and sending the first discovery request information.

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

Abstract: A non-transitory computer readable medium stores instructions that, when executed by a processor, cause the processor to receive, from one or more processing nodes, data representative of usage and inventory of one or more software assets by one or more industrial automation devices of an industrial automation system that are communicatively coupled to the one or more processing nodes, determining a data delta for the industrial automation system that represents differences between the software asset data and a previous iteration of the software asset data, encrypt the data delta for the industrial automation system, and transmit the encrypted data delta for the industrial automation system to a remote server.

Abstract: Described embodiments relate to systems and method for conditioning, de-biasing and/or whitening raw entropy data or for hashing data. The method comprises receiving data; determining at least a first algebraic number from the data; calculating at least one solution to one or more transcendental equations using the at least the first algebraic number as an input parameter value, wherein the one or more transcendental equations comprise a transcendental function that is capable of generating transcendental number outputs from algebraic number inputs; determining one or more sequences of pseudo random numbers based on the at least one solution; and determining an output based on the one or more sequences of pseudo random numbers. For example, the data may be received from a raw entropy source and comprise raw entropy to be transformed. Alternatively, the data may be data to be hashed and the output may comprise a hash of the data.