Abstract: Methods and systems for processing a blockchain comprising a plurality of immutable sales records corresponding to sales made by agents of an entity are provided. According to certain aspects, a transaction request indicating a sale made by an agent of the entity may be received at a first node. A block including a sales record indicating the sale made by the agent may be added to a blockchain and transmitted to another node for validation. The first node may add the block to a copy of the blockchain, where the block may be identified by a hash value that references a previous block in the blockchain that includes at least one additional sales record.

Abstract: A method and device for securely displaying data are displayed. The method includes the following. A security display state is entered after an instruction used for starting the security display state is received. A current data packet to be displayed is obtained. If a display address includes a security display address, security data corresponding to the security display address is obtained from current data to be displayed. The security data is securely processed. The security data is displayed at the security display address. A security processing result of the security data is obtained. The security display address is a fixed address.

Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to act as a proxy on behalf of the external scanner.

Abstract: A method of generating a similarity hash for an executable includes extracting a plurality of characteristics for one or more classes in the executable, and transforming the plurality of characteristics into a set of one or more class fingerprint strings corresponding to the one or more classes. The set of class fingerprint strings is transformed into a hash string using minwise hashing, such that a difference between hash strings for different executables is representative of the degree of difference between the executables. The hash of a target executable is compared with hashes of known malicious executables to determine whether the target executable is likely malicious.

Abstract: The disclosed system and method enhances security of people, organizations, and other entities that use what has been termed “social media.” Recent trends have shown that information posted to social media may cause tremendous damage to individuals and other entities. This includes information that was posted deliberately or unintentionally, including social security numbers, financial data and other sensitive information. Further, information that previously may have been viewed as innocuous, such as location data, has caused harm on certain occasions and may need to be protected. The disclosed system provides a novel method of screening, identifying, and preventing certain information from being posted on social media and other public locations. In addition, the disclosed system and method improves security by motivating people to use security software by offering rewards for its use.

Abstract: A method for sharing secret data between multiple containers. In response to the initial booting of an operating system instance in a container, a unique operating system identifier is generated for the operating system instance. A grant authority stores the unique operating system identifier in a reserved area of a secure storage device. In response to a request from the operating system instance to access secret data in the secure storage device, the grant authority determines whether the unique operating system identifier is stored in the secure storage device. The operating system instance may be granted access to secret data in the non-reserved area of the secure storage device.

Abstract: Embodiments of the present disclosure disclose a data response method, a terminal device, and a server. The method in the embodiments of the present disclosure includes: sending encrypted information to a terminal device; receiving a first honeypot character, the encrypted information, and user data from the terminal device; decrypting the encrypted information, to obtain a second honeypot character comprised in the encrypted information; determining whether the first honeypot character sent by the terminal device is the same as the second honeypot character decrypted from the encrypted information; and responding to the user data in response to the first honeypot character being the same as the second honeypot character.

Abstract: Systems and methods for authenticating access to multiple data stores substantially in real-time are disclosed. The system may include a server coupled to a network, a client device in communication with the server via the network and a plurality of data stores. The server may authenticate access to the data stores and forward information from those stores to the client device. An exemplary authentication method may include receipt of a request for access to data. Information concerning access to that data is stored and associated with an identifier assigned to a client device. If the identifier is found to correspond to the stored information during a future request for access to the store, access to that store is granted.

Abstract: A non-transitory computer-readable recording medium stores therein a program for causing a computer to execute a process that includes: obtaining data in which a value is set to at least a part of one or a plurality of items from a device coupled to the computer via a network; determining a management level to be applied to the data among a plurality of management levels of different information protection measure strengths based on an item name of each of the one or the plurality of items of the data and presence or absence of a setting of a value to each of the one or the plurality of items; and storing the data in a memory in association with management information indicating the management level applied to the data.

Abstract: Dynamic compression with dynamic multi-stage encryption for a data storage system in accordance with the present description includes, in one aspect of the present description, preserves end-to-end encryption between a host and a storage controller while compressing data which was received from the host in encrypted but uncompressed form, using MIPs and other processing resources of the storage controller instead of the host. In one embodiment, the storage controller decrypts encrypted but uncompressed data received from the host to unencrypted data and compresses the unencrypted data to compressed data. The storage controller then encrypts the compressed data to encrypted, compressed data and stores the encrypted, compressed data in a storage device controlled by the storage controller. Other aspects and advantages may be realized, depending upon the particular application.

Abstract: The exemplary embodiments are related to a device, a system, and a method for implementing a mechanism that is configured to prevent the unauthorized execution of software. A user device is configured to execute a feature access function corresponding to an application feature included in an application. The feature access function is configured to receive one of a plurality of values each time the application is launched. During operation, the feature access function receives a value and determines whether a condition is satisfied. When the condition is satisfied, the value is returned which indicates that execution of the application feature is permitted.

Abstract: A tie cell includes a first flip-flop having a physically unclonable function (PUF), a second flip-flop that generates a PUF key value, and logic that logically combines the PUF value and the PUF key value to generate an output signal having a constant logical value. The PUF value is based on a power-up value stored in the first flip-flop, which power-up value is generated based on physical and/or electrical characteristics produced from a manufacturing process. The output value is generated to tie digital logic to the constant logical value.

Abstract: A system and method for early detection of a compromised client device includes a tamper detection service configured to monitor modifications to resource access privileges over time to identify unusual variations in jailbreak status that indicate compromise of the client device. For example, the tamper detection service may monitor the jailbreak status of system files over time to expose attempts to hide the jailbreak status of a protected resource. To validate that malware is attempting to hide the jailbreak status of a protected resources, the tamper detection process may launch multiple different resource accesses, targeting the protected resource, to determine whether different accessibility results are returned, indicating a compromised device.

Abstract: Various systems, mediums, and methods herein describe aspects of an authentication system. The system may receive a request from a user device to authenticate a user. The system may determine a route traveled by the user. The route can be determined based at least on data retrieved from the user device of the user. The system may determine one or more objects viewable along the route. At least one image of the one or more objects can be selected. The system may communicate the at least one image and at least one other image to the user device to be displayed on the user device. The system may receive a selection of the at least one image by the user through a display of the user device. The authentication of the user can be based, at least in part, on the user selection of the at least one image.

Abstract: Systems and methods for processing and transmission of encrypted data are provided. The method includes: encrypting a first data set; encapsulating the encrypted first data set in a protective layer; and transmitting the encapsulated encrypted first data set to a destination over one or more communication channels. The encrypting is performed by using a homomorphic encryption (HE) technique. The encapsulating is performed by using a quantum key distribution (QKD) encapsulation technique to generate a QKD-protected layer. The communication channels may include a classical/non-quantum channel over which the QKD-encapsulated encrypted first set of data is transmitted and a quantum channel over which a quantum key distribution is conducted, or a single communication channel to conduct both.

Abstract: A mobile terminal privacy protection method includes obtaining an application start instruction, actively obtaining a biometric feature of a user according to the application start instruction, and displaying an encrypted content list and an unencrypted content list of a corresponding application if the obtained biometric feature of the user matches a preset biometric feature. The encrypted content list of the application is generated according to encrypted content in the application, the unencrypted content list of the application is generated according to unencrypted content in the application, and the encrypted content in the application is content that is not presented when the obtained biometric feature of the user does not match the preset biometric feature.

Abstract: A method for data security including receiving a first recordset, said first recordset including a first poly-identifier representing a first personally identifiable information (PII), and a first contextual information, said first poly-identifier associated with a name field of a record in a PII structured data store. Also receiving at the server a second recordset, said second recordset including a second poly-identifier representing a second personally identifiable information (PII) and a second contextual information, said second poly-identifier comprised of unique characters associated with the name field of a record in the PII structured data store. Then comparing the first and second contextual information to calculate a correlation score to create a match table entry as a result of said comparing, said match table entry including both an internal ID and an external anonymous ID. The IDs may associate the contextual information between records to a single person.

Abstract: Methods, systems, and computer readable media can be operable to facilitate the encryption of a device identifier using an identification property of a Soc. A unique identifier of a cable modem may be encrypted using a unique key or other unique property of a SoC associated with the cable modem. When an authentication process is initiated at the cable modem, the encrypted unique identifier of the cable modem may be decrypted using the unique key or other unique property of the SoC, thereby producing the unique identifier of the cable modem. The decrypted unique identifier of the cable modem may be output from the cable modem to an upstream controller during the authentication process. In embodiments, an obfuscation key may be used to encrypt and decrypt the unique identifier of the cable modem, and the obfuscation key may be generated using a unique identifier of the SoC.

Abstract: A temperature sensing security token may include a first resistor having a first side connected to a voltage source, a second resistor having a first side connected to the voltage source, an analog comparator having a first input connected to a second side of the first resistor and a second input connected to a second side of the second resistor and an output that represents at least one bit of a key, and an analog to digital converter having an input connected to the second side of the first resistor wherein an output of said analog to digital converter is related to temperature by a temperature coefficient of resistivity of the first resistor. The first resistor and the second resistor may have the same nominal resistance. The first resistor, the second resistor and the analog to digital comparator may be encased in the same package. The package may be configured to inhibit inspection and discovery of components contained in said package.

Abstract: Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations.