Abstract: A computer-implemented method for secure multi-datasource query job status notification that includes accessing notification characteristics for a query job status. Occurrence of the query job status and a present security level may be determined. Based on the notification characteristics, a notification may be generated at least in part by omitting available data based on the present security level. Based at least in part on the occurrence of the query job status, transmission of the notification to an end user computing device may be directed.

Abstract: This key information generation system generates key information necessary when using a shared device and imparts this key information to a mobile terminal. Authentication is performed between a mobile terminal which has imported key information, and an authentication device provided to the device, and if said authentication is successful, the mobile terminal enables operation of the device via the authentication device. The key information generation system includes: an information management unit which manages, by associating with one another, individual information for the authentication device, a key information generating code, and usage information pertaining to the use of the authentication device; and a key information generation unit which specifies a key information generation code from the individual information and usage information managed by being associated with one another by the information management unit, and generates key information on the basis of the key information generation code.

Abstract: A denial of service (DoS) detection and circumvention system is described herein. The DoS detection and circumvention system can track phone calls that are initiated and store a list of phone numbers that are called. The DoS detection and circumvention system can also track the number of carrier congestion messages over a certain time window. Using the list of called phone numbers and the tracked number of carrier congestion messages, the DoS detection and circumvention system can identify excessive congestion. If the DoS detection and circumvention system identifies excessive congestion, the DoS detection and circumvention system can delay calls so as to prevent a possible DoS condition.

Abstract: A method includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with digital content, wherein the copyright information and the digital content are recorded on a blockchain of a blockchain network; identifying a plurality of color values associated with one or more color attributes of at least a portion of the digital content; and embedding the unique ID in the digital content by changing one or more color values of the plurality of color values to be representative of the unique ID, wherein the embedding produces information-embedded digital content that enables retrieval of the copyright information from the blockchain based on the unique ID, and wherein a visual difference between the digital content and the information-embedded digital content is not apparent to an unaided human eye.

Abstract: A system for detecting breach of merchant systems includes an extraction management system for extracting wildcard data from a dump site at which stolen account data is offered for sale. The system also includes an account breach identifying system for accessing stored transaction data from multiple banks and merging the extracted dump site data with the transaction data to create unique PAN (primary account number) data records (each set of wildcard data corresponds to only a single PAN) and multiple PAN data records (each set of wildcard data corresponds to multiple PANs). The unique and multiple PAN data records are stored and analyzed separately, and reduce the amount of data needed to identify a breached merchant.

Abstract: According to one example, a system includes a second computing device that has one or more processors configured to receive encrypted data from a first computing device, the encrypted data being encrypted based on a first encryption key. The one or more processors are further configured to generate a second encryption key that matches the first encryption key, decrypt the encrypted data using the second encryption key, and transmit the data for use.

Abstract: An automated system and method for authenticating entities or individuals attempting to access a computer application, network, system or device using a wireless device is provided. The system employs one or more short-range wireless interfaces (e.g. BLUETOOTH or Wi-Fi) or long-range wireless interfaces (e.g. cellular or WiMAX) to detect the presence or location of the wireless device and it's proximity to the secure system to be accessed. The wireless device incorporates a unique identifier and secure authentication key information associated with the user of the wireless device. An authentication result is generated and may be used for a variety of applications. The application may process the result and determine the degree of access for which the entity or individual is allowed.

Abstract: A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

Abstract: Methods, apparatus, systems, and articles of manufacture to deconflict malware or content remediation are disclosed. An example apparatus includes at least one processor and memory including instructions that, when executed, cause the at least one processor to at least identify data to be encoded into a token, compute a hashed string based on the data to be encoded, determine a number of characters to be included in the token, select a subset of characters from the hashed string, and generate the token using the subset of characters from the hashed string.

Abstract: A mobile device includes a biological information detecting device and a wireless communication interface. The mobile device uploads the biological characteristic to the server. The server generates a token that corresponds to the biological characteristic and transmits the token to the mobile device. The mobile device transmits the token to the verification terminal device. The verification terminal device can confirm the identity of the user by verifying the token. This modularizes the process of identity verification, replacing the verification process of applications that need to verify identity, so that these applications do not need to bear the cost of identity verification after interfacing with the identity verification system.

Abstract: In order to secure interceptible calls end-to-end, an intermediate MIKEY server is used to allow an intermediate SIP server to communicate with a key-management server. The intermediate SIP server intercepts call elements when a call is initialized among a plurality of terminal devices. The intermediate SIP server supplies these intercepted elements to the intermediate MIKEY server, which then establishes a dialogue with the key-management server on the basis of these elements. The result of this dialogue is sent back to the intermediate SIP server, which records same as call metadata allowing direct or deferred use of the call content.

Abstract: A public-private key cryptographic scheme is described for granting authenticating a client to a remote device or service in order to access a secure resource. The client is provided the public key, but the private key is stored in a hardware security module (HSM) that the client is not able to access. The client requests a digital signature be generated from the private key from a secure vault service. The secure vault service accesses the HSM and generates the digital certificate, which is then passed to the client. The digital certificate may be added to a security token request submitted to an identity provider. The identity provider determines whether the digital signature came from the private key. If so, the identity provider provides authenticates the client and provides an access token that is usable by the client for authentication to the remote device with the secure resource.

Abstract: The invention provides methods, systems and computer programs for dual layer identity based access control implemented within systems that implement a micro-service architecture. The invention involves (i) receiving at a first resource server (a) a request for a first processor implemented service, (b) a primary access token generated by the primary identity authentication server, and (c) validation information corresponding to the primary access token that is transmitted by the primary identity authentication server, (iv) responsive confirming validity of the primary access token, transmitting to a secondary identity authentication server, a request for generation of a secondary access token, (v) receiving the secondary access token at the first resource server, and (vi) transmitting to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server.

Abstract: A patient support apparatus includes a frame, patient support surface, memory having a first key stored therein, a transceiver, and a controller. The transceiver wirelessly communicates with a medical device over a first mesh network using the first key. The controller transmits a request message over the first mesh network to the medical device via the transceiver. The request message includes an identifier identifying the patient support apparatus and a request to join a second mesh network different from the first mesh network. The controller receives a second key input over the first mesh network, uses the second key input to generate a second key, and to use the second key to communicate over the second mesh network. In some instances, the second key input originates from a cloud-based server storing a list of authorized devices for a particular healthcare facility.

Abstract: The present disclosure relates to a dialysis machine, external medical equipment and to methods for establishing an authenticated connection between a dialysis machine and external medical equipment. The dialysis machine is caused to establish a short-range wireless connection between the dialysis machine and external medical equipment. A first shared key is associated with the short-range wireless connection. The dialysis machine is further configured to obtain a second shared key generated using the first shared key and to generate a first signature, using the obtained second shared key. The dialysis machine is further configured to send, to the external medical equipment, an authentication request comprising the generated first signature and to receive in return an authentication accept comprising a second signature. Furthermore, the dialysis machine is configured to verify the authenticity of the external medical equipment using the second signature.

Abstract: In various embodiments, authentication stations are distributed within a facility, particularly in spaces where mobile devices are predominantly used—e.g., a hospital's emergency department. Each such station includes a series of authentication devices. Mobile device may run applications for locating the nearest such station and, in some embodiments, pair wirelessly with the station so that authentication thereon will accord a user access to the desired resource via a mobile device.

Abstract: A computer-implemented method includes: storing an encryption public key that is associated with a group of nodes, each node in the group associated with a private key share, the private key shares associated with a threshold private key reconstruction scheme for the group to allow an encryption private key associated with the encryption public key to be determined from at least a threshold of the private key shares; iteratively obtaining a plurality of indicators provided by a plurality of nodes of the group, each of the indicators representing one of an encryption private key share or a dummy signal; and identifying the encryption private key by iteratively: i) selecting a subset of the indicators; ii) calculating a possible shared secret; and iii) evaluating each possible shared secret against the encryption public key to determine whether the possible shared secret is the encryption private key. The invention is suited for implementation on a blockchain.

Abstract: A method for providing interactive recording networks is disclosed. Multiple child networks can be established, each child network being coordinated by a respective coordinating entity. Each coordinating entity can also participate in a central parent network. A data package can be sent from one network to another. When a data package is sent to another network, additional data can be added to indicate that the data package is being escalated.

Abstract: Data security is provided in the form of a method for digitally signing a data message. A client device issues a issuing a signature request to a server and generates a first signature part as functions of selected ones of first signature parameters. It then receives from the server a second signature part, said second signature part having been computed by the server as functions of second signature parameters and at least one of the first signature parameters. The client device then attempts to verify components of the second signature part and generates a final digital signature of the message only if the components of the second signature part are valid. Part of the computational effort of creating the signature is thus offloaded to the server, even though the server may not be fully trusted.

Abstract: Systems and methods utilized to protect data. One method includes maintaining, by one or more processing circuits in a production environment, encrypted data associated with a cryptographic function. The method further includes decrypting, by the one or more processing circuits in the production environment, the encrypted data to generate cleartext data. The method further includes encrypting, by the one or more processing circuits, the cleartext data using a homomorphic encryption function to generate ciphertext data. The method further includes masking, by the one or more processing circuits, the ciphertext data using a masking function to generate alternate ciphertext data. The method further includes decrypting, by the one or more processing circuits, the alternate ciphertext data to generate masked cleartext data and storing, by the one or more processing circuits in a lower environment, the masked cleartext data.