Abstract: The present disclosure relates to a device for supporting Input/Output (I/O) channel protection. The device maintains one or more channel protection enclaves (CPEs), wherein each CPE is associated with a different I/O channel, wherein each I/O channel is associated with a different address space of a memory, and wherein each CPE is allocated verification information comprising the address space associated with its associated I/O channel. The device further receives a transaction on a given I/O channel, the transaction comprising access information including one or more target addresses. Moreover, the device determines a correlation of the transaction's access information and the verification information of the CPE associated with the given I/O channel, and allows or aborts execution of the transaction, based on whether the determined correlation meets a predefined criterion.

Abstract: In a method for providing provisioning information, a central data processing system receives from a transaction data processing system, an encrypted user datum associated with a client user of the transaction data processing system; receives from at least one of a plurality of account administrator data processing systems, a response comprising a notification that a user account administrated by that account administrator data processing system is associated with the client user; receives an account administrator selection message including identification of a user-selected account administrator from an account administrator list; transmits to the account administrator data processing system associated with the user-selected account administrator, a provisioning request for client user account provisioning information; receives from the account administrator data processing system associated with the user-selected account administrator, the client user account provisioning information; and transmits to the t

Abstract: An approach is disclosed on a blockchain platform for authenticating clients. A public and private key is created at a client device. The private key into is split two or more parts. The split private key part is split into to two or more client devices including a first client device and a remaining client devices. Signing to authenticate a challenge to login using a partial key part occurs at the first client device. The challenge is sent to the remaining client devices wherein the remaining client devices that sequentially sign using short range wireless network connection and respond back to the challenge to login without a password.

Abstract: Systems and methods for providing identity verification services to users by providing a staking mechanism to incentivize participants in an identity verification system to be truthful and accurate and determining validator accuracy and associated setting of fees for using validator attestations to create an efficient, private and secure system.

Abstract: A method for identity resolution and data enrichment is performed by at least one hardware processor and includes detecting at an account of a data provider, a shared data object that is shared by an account of a data consumer with the account of the data provider. An application executing at the account of the data consumer is enabled for an identity resolution process based on the detecting of the shared data object. A request for source data received from the application is detected at the account of the data provider. The source data is managed by the account of the data provider. The source data is communicated to the application executing at the account of the data consumer, based on a verification that the application is enabled for the identity resolution process. The identity resolution process is performed at the account of the data consumer using the source data.

Abstract: An example system places control and choice of managing the usage of private data into the hands of the users themselves. In some examples, the disclosed data privacy management system allows users to select preferences on how their private data is used by the business, both internally and externally. For example, the system may present users with one or more selectable options regarding how the user's private data is used. The system may then use the user's data for purposes that are in line with the user's selected preferences.

Abstract: A client device collects immunization data includes a type of immunization given to an individual and a date that the immunization was provided to the individual. The client device converts immunization data into a numeric string, where the numeric string as converted comprises an encrypted payload portion and a mode indicator portion. The client device generates a two-dimensional machine-readable identifier using the numeric string. A reader device reads the two-dimensional machine-readable identifier and accesses the numeric string. The reader device converts at least a portion of the numeric string comprising the immunization data into a predetermined format for importing into an electronic health record (EHR).

Abstract: The present system relates a platform for addressing the optimal privacy-accuracy trade-off in the revelation of a user's valuable information to a third party. Specifically, the present system formalizes the privacy-accuracy trade-off in a precise mathematical framework, wherein mathematical formalization captures user's privacy preference with a single parameter. The system possesses a revelation method of user data that is optimal, in the sense of abiding by user's privacy preference while providing the most accurate description to third party subject to the aforementioned privacy preference constraint.

Abstract: A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remote entity. The encryption of the derived key with the public key may provide secure transmission of the derived key to an authorized remote entity with a private key that may be used to decrypt the encrypted derived key.

Abstract: A system, method, and computer program product are provided for consent management. A method may include receiving a first data request for user data associated with a user, the user data stored in a user data database; communicating a consent request to the requester system; receiving a consent response from the requester system; storing consent data associated with the consent response for the user data requested in the first data request in an immutable ledger; receiving a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database; verifying the consent verification request based on the consent data; and communicating a consent verification response to the user data database, the consent verification response indicating consent from the user to share the user data with the requester system.

Abstract: A method performed at a first electronic device includes: (i) storing a privacy table that comprises random numbers at the first electronic device, (ii) transmitting the privacy table to a second electronic device over an encrypted channel, (iii) receiving a first message for transmission to the second electronic device, (iv) generating a map based on the privacy table, (v) generating a primary key based on the map and the privacy table, and (vi) encrypting the first message using the primary key to form an encrypted first message. The method also includes (vii) transmitting the map and the encrypted first message to the second electronic device, thereby enabling the second electronic device to decrypt the encrypted first message by recreating the primary key based on the map and the privacy table and decrypting the encrypted first message using the recreated primary key.

Abstract: Described is a secure, electronic, submission process providing and enabling applicants to initiate requests to desirous requestors seeking such submissions based on authenticated and trusted identities and/or credentials or which could be authenticated securely through other defined processes. SafeCase is an innovative process for convenience, ease and security in application submissions for anyone and everyone through an electronic interface that has been built innovatively on the strong foundations of Identity Management, giving irrevocable and irrefutable trust on the Identity and/or credentials and/or the purpose that an applicant is applying for or wishes to achieve. SafeCase is an end-to-end secure and transparent interface, wherein the applicant (i.e. the Candidate) utilizes his/her Authenticated Credential(s) or Identity(ies) to submit an application. The applicant remains updated in real time on the status of the submitted application till its final disposal.

Abstract: A server computer hosting an extended reality world receives a first transmission over a communication network from a computing device associated with a user, the first transmission including a request for the user to access the extended reality world. The server computer transmits a presentation of the extended reality world to the communication device over the communications network based at least in part on the request, and displays the presentation of the extended reality world on the computing device, where the presentation includes at least an avatar associated with the user. The server computer receives a command for the avatar to store a phrase selected by the user in a location associated with a virtual object within the extended reality world. The server computer displays, within the presentation of the extended reality world on the computing device, the avatar storing the phrase at the location in the extended reality world.

Abstract: Described are methods and systems for using policies to comply with a person's request for data pertaining to the person, pursuant to applicable data privacy laws. A policy is retrieved responsive to receiving a query that includes data to identify records that store data pertaining to the person. The policy indicates first and second database objects, and respective first and second sets of fields, which store data that pertains to persons. The policy is applied. Applying the policy includes retrieving, as first values, data stored in the first set of fields of a first record associated with the data in the query, and retrieving, as second values, data stored in the second set of fields of a second record associated with the first record. The first and second values, and the names of the fields from which they were retrieved, are stored in a document.

Abstract: The system obtains information to send to the first user device and converts the information into a sequence of images, where one or more images in the sequence of images include the information, and a remainder of images in the sequence include a visual unrelated to the information. The number of the one or more images and the number of the remainder of images indicate a display frequency. The number of the remainder of images is greater than the number of the one or more images. The display frequency causes an observer to form a perception of the one or more images. The system sends the sequence to the first user device and causes the first user device to present on the display screen the sequence at the display frequency, which causes a garbling of a recording of the display screen associated with the first user device.

Abstract: A system, method, and computer-readable media for providing contextual data loss prevention (DLP) within a group-based communication system. At least a portion of a DLP policy may be suspended within a DLP engine based on a context for which a user input is to be displayed. Accordingly, the user input may be displayed without interference from the DLP engine.

Abstract: Protecting membership and data in secure multi-party computation and communication is provided. A method of protecting membership and data includes generating a padding dataset. A size of the padding dataset is determined based on a data privacy configuration. The method also includes up-sampling a first dataset with the padding dataset, transforming the first dataset, dispatching the first dataset, performing an intersection operation based on the first dataset and a second dataset to generate a third dataset, generating a first share based on the third dataset, and constructing a result based on the first share and a second share.

Abstract: A data management computing system for tracking data protection compliance of a plurality of entities using a data management (“DM”) server is provided. The DM server includes at least one processor programmed to: (i) receive, from a requesting entity, a personally identifying information (“PII”) consent request for access to a requested PII set of a user, (ii) determine at least one PII item associated with a reason code, (iii) compare the at least one PII item to the requested PII set, (iv) generate a consent recommendation, (v) transmit the consent recommendation to the user, (vi) receive a response indicating user consent, (vii) transmit, to the requesting entity, a notification indicating the user consent for the requesting entity to retrieve the at least one PII item from a third-party PII storage entity, and (viii) update a user profile to track the requesting entity with the at least one PII item.

Abstract: Provided is a technique for performing statistical processing such as processing for obtaining parameters of logistic regression analysis faster than before. A secure statistical processing system includes a cross tabulation table computing device 2 that performs secure computation on a cross tabulation table in which frequencies are in plain texts while keeping each record concealed; and a statistical processing device 3 that performs predetermined statistical processing using the cross tabulation table in which frequencies are in plain texts. The cross tabulation table computing device 2 may include a plurality of secure computation devices 221, . . . , 22N that perform secure computation on a cross tabulation table in which frequencies are fragments subjected to secret sharing while keeping each record concealed, and a management device 21 that restores the fragments to compute the cross tabulation table in which frequencies are in plain texts.

Abstract: A system for database restoration across service regions. The system includes data storage and backup data storage in the first region. The system includes a frontend for the database service configured to receive, from a client, a request to restore a database to the first region from backups stored in another backup data storage in a second region and to receive an authentication token for the request from the client. The system also includes a backup restore manager service for the first region configured to send, to another backup restore manager service implemented in the second region, a credential request for a second region credential authorizing retrieval of the one or more other backups from the second region. The backup restore manager service sends a backup restore request to retrieve the backups from the other backup data storage and loads the backups to restore the database in the first region.