Abstract: Systems and methods are described for removing unused encryption key files from a computing device. In an example, a key removal tool can identify three sets of keys to preserve. For the first set, the key removal tool can append a device identifier to known key names and add the resulting key file names to a whitelist. For the second set, the key removal tool can identify keys associated with certificates on the computing device and add their corresponding file names to the whitelist. The third set can correspond to keys created after a cutoff timestamp. The key removal tool can delete all key files with key file names not on the whitelist that were created before the cutoff timestamp.

Abstract: A search index is generated from one or more data records, wherein the one or more data records have contents in a plurality of different fields. Field information of the one or more data records is stored in the search index as specialized indexed elements, wherein the specialized indexed elements overlap with other indexed elements of the one or more data records. A search query is received from a user allowed to access only a portion of the plurality of different fields. The search query is processed within the portion of the plurality of different fields using the search index including the specialized indexed elements.

Abstract: A system including: a transceiver; a boot processor configured to: capture an image of a container of the system, determine whether the system container image has been modified, and post, to a node of a distributed ledger network, a first attestation based on a determination of whether an anomaly exists in the system container image; a system processor; and a memory storing instructions that instruct the system processor to: receive a request to connect to an external device, request a second attestation from a node of the distributed ledger network as to whether an anomaly exists in the external device container image, determine whether an anomaly exists in the external device container image, and either: establish, in response to determining that an anomaly does not exist, a connection with the external device, or deny the request to connect to the external device in response to determining that an anomaly exists.

Abstract: Provided is a de-identification method for big data, for anonymizing the big data so that the big data may be freely distributed to an external system without concern about personal information leakage and enabling a statistical value calculated from the distributed data to be maximally close to a statistical value of original data to thereby secure the reliability of statistical analysis. Records in which values of abstraction reference fields are all the same and the number thereof is less than or equal to N are separately grouped without being excluded from being abstracted, and a connection-type attribute value including an occurrence rate value of a corresponding category attribute value in a group is allocated as an attribute value of an abstracted record to minimize abstraction missing data, so that the statistical value calculated from the distributed data becomes maximally close to the statistical value of the original data.

Abstract: A system and method are disclosed for monitoring rides in a vehicle in which a driver of the vehicle picks up a rider at a pickup location and drives the rider to a drop-off destination. The system includes at least one sensor arranged in the vehicle and configured to capture sensor data during the rides, a transceiver configured to communicate with a personal electronic device of a driver of the vehicle, a non-volatile memory configured to store data; and a processor. The system captures sensor data during a ride, receives a ride identifier from the personal electronic device that uniquely identifies the ride, and stores the sensor data captured during the ride with the ride identifier as metadata.

Abstract: A method is for data communication in a network including a first network area and a second network area. The method includes provisioning medical patient data; provisioning identification data for identification of a patient; provisioning a code linked to the identification data; sending medical patient data and the code from the first network area to a server in the second network area; and processing the patient data by the server. The method further includes provisioning identification data or input of identification data for identification of a patient by the user; establishing of a code linked to the identification data; automatic sending of the code to the server; establishing the status of the processing patient data linked to the code; creating a corresponding status notification by the server; and sending the status notification to the user.

Abstract: The present application provides an access control barring method and device. The method is applied to a terminal, and the method includes: determining a designated call type barring for an access control barring; and performing the access control barring based on the designated call type barring.

Abstract: A data association system includes a POST connector which collects data maintained in an information system a pipeline which stores the data collected by the POST connector; and a pipeline orchestrator which controls anonymization of the data stored by the pipeline. the data association system is characterized in that the pipeline executes anonymization processing of anonymizing the data, the POST connector and the pipeline store data before being anonymized by the anonymization processing, and the pipeline orchestrator instructs, after execution of the anonymization processing, the POST connector and the pipeline to delete the data before being anonymized.

Abstract: A method of performing user authentication includes by a service electronic device associated with a service, receiving, from a public electronic device, a request for a user to initiate a session of the service, generating a first security token, a first write token, a first read token, and/or a first delete token, sending the first security token, the first write token, the first read token, and/or the first delete token to a server electronic device, receiving, from the server electronic device, a key location identifier that uniquely identifies a memory location of a data store associated with the server electronic device where the first security token, the first write token, the first read token, and/or the first delete token are stored, saving the key location identifier in a data store associated with the service electronic device, generating a signed key location identifier, generating a machine-readable image that includes the key location identifier, the signed key location identifier and the first

Abstract: A server device includes a memory and a processor to execute saving an encrypted text of a message generated by encrypting the message with a message key generated from a shared key and a group identifier, by using a message key identifier as an identifier of the message key as a key; saving an encrypted text of the message key generated by encrypting the message key to be re-encryptable by using the shared key, by using the message key identifier as a key; and receiving, after update of the shared key, a re-encryption key from a communication terminal that has generated the re-encryption key by using the shared key and the updated shared key, using the re-encryption key to generate a re-encrypted encrypted text of the message key, and overwriting the encrypted text of the message key before re-encryption with the re-encrypted encrypted text of the message key.

Abstract: Systems, computer program products, and methods are described herein for virtualization of non-fungible tokens. The present invention is configured to receive, via a first user input device, a resource transfer request using a virtual token from a first user, wherein the virtual token is electronically linked to an NFT of a resource transfer instrument; retrieve the NFT associated with the resource transfer instrument in response to receiving the resource transfer request; retrieve an NFT credential descriptor for the resource transfer request from a first metadata layer of the NFT associated with the resource transfer instrument; receive an authentication credential from the first user; determine whether the authentication credential matches an NFT credential descriptor that is electronically linked to the NFT associated with the resource transfer instrument; and authorize the resource transfer request based on at least determining that the authentication credential matches an NFT credential descriptor.

Abstract: A method of integrating a cryptographic digital asset into a digital software application includes receiving a digital asset identification (ID) code, the digital asset ID code existing together with a unique owner ID code on a distributed blockchain ledger, the digital asset ID code including a code string segmented into a series of code subsets, wherein a first plurality of the code subsets includes data indicative of a plurality of attributes of the digital asset. The cryptographic digital asset is then represented on a display, wherein the cryptographic digital asset comprises a virtual object having an appearance based on the first plurality of code subsets, the virtual object further includes a plurality of object attributes. At least one of the object attributes is modified according to an aspect of the digital software application or interaction between a character avatar and the virtual object.

Abstract: A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed.

Abstract: Secure access recovery to a network device includes encrypting a user password into an encrypted target password using a secret regenerative key, and adding a one-time password seed and the encrypted target password into a secure recovery container, which is stored securely in the network device and a trusted recovery device. In response to a recovery request, a one-time password can be generated using the one-time password seed to retrieve the encrypted target password from the recovery device. A decrypted recovery password is generated based on executing decryption on an input string based on the secret regenerative key. The encrypted target password, retrieved from the secure recovery container in the network device, is decrypted into a decrypted target password based on the secret regenerative key. Secure access is recovered in response to determining the decrypted recovery password matches at least a part of the decrypted target password.

Abstract: A system can control access to encrypted data shared by a group of users by the use of a vault key that is associated with a group of users. The encrypted data can include encrypted secret data generated from the secret data using a secret key, an encrypted secret key can be generated from the secret key by the use of a vault key, and an encrypted vault key generated from the vault key by the use of a public key associated with a user of the group of users. The system can allow users to store and access the encrypted data only if the user is a current member of the group. The system can verify the user's membership status from a group manager, such as a system managing a channel or chat session. Users added to the group are also granted permission to grant access to new users.

Abstract: Blockchain environments may mix-and-match different encryption, difficulty, and/or proof-of-work schemes when mining blockchain transactions. Each encryption, difficulty, and/or proof-of-work scheme may be separate, stand-alone programs, files, or third-party services. Blockchain miners may be agnostic to a particular coin's or network's encryption, difficulty, and/or proof-of-work schemes, thus allowing any blockchain miner to process or mine data in multiple blockchains. GPUs, ASICs, and other specialized processing hardware components may be deterred by forcing cache misses, cache latencies, and processor stalls. Hashing, difficulty, and/or proof-of-work schemes require less programming code, consume less storage space/usage in bytes, and execute faster. Blockchain mining schemes may further randomize byte or memory block access, further improve cryptographic security.

Abstract: Disclosed is a device and method to secure software update information for authorized entities. In one embodiment, a device for receiving secured software update information from a server, the device includes: a physical unclonable function (PUF) information generator, comprising a PUF cell array, configured to generate PUF information, wherein the PUF information comprises at least one PUF response output, wherein the at least one PUF response output is used to encrypt the software update information on the server so as to generate encrypted software update information; a first encrypter, configured to encrypt the PUF information from the PUF information generator using one of at least one public key from the server so as to generate encrypted PUF information; and a second encrypter, configured to decrypt the encrypted software update information using one of the at least one PUF response output so as to obtain the software update information.

Abstract: A system and method for sharing a digital key for a vehicle. The system includes a first digital key device having a digital key stored thereon, a second digital key device, and a vehicle server. The first digital key device sends a request to the vehicle server for a key sharing session. The vehicle server commences a key sharing session in response to the request. The first digital key device shares the digital key to a second digital key device. The vehicle server ends the key sharing session.

Abstract: The disclosure relates to a computed-implemented method, a computer program, and a computer system for selectively verifying personal data. The method comprises receiving, by an identity application of a client device, personal data of a user. The method further comprises computing, via a cryptographic hash function, one or more cryptographic hashes from elements of the personal data. The method further comprises storing the cryptographic hashes, an internal identifier and a timestamp as an entry in a distributed database. The internal identifier is unique within the distributed database. The method further comprises receiving a user request from the user. The method further comprises selecting one or more of the elements of personal data for verification. The method further comprises requesting verification of the selected elements of personal data. The method further comprises determining an authorization indication in response to the verification request.

Abstract: A device is suggested for processing input data including a hardware accelerator generating a first hash value based on a first portion of the input data and a second hash value based on a second portion of the input data, wherein the first hash value is generated based on a first configuration of the hardware accelerator and wherein the second hash value is generated based on a second configuration of the hardware accelerator. Also, a method for operating such device is provided.