Abstract: A computer stores, within a single user account, multiple supervised computing resources and multiple additional computing resources. The multiple supervised computing resources are associated with a security policy. The computer executes a first instance of a specified application that lacks read access and lacks write access to any and all of the multiple supervised computing resources. The computer executes, simultaneously with the first instance, a second instance of the specified application that accesses at least a portion of the multiple supervised computing resources. The computer applies rules from the security policy to the second instance of the specified application while foregoing applying the rules from the security policy to the first instance of the specified application.

Abstract: A system is disclosed for discreetly assessing the compatibility of two or more human genomes across diverse elements, activities, and engagement platforms relevant to potential mating scenarios. The genomic data is subjected to encryption, with the option of employing homomorphic encryption to safeguard user privacy and security. Processing of the data is facilitated through a personal health database processing system, which may be cloud-based or edge-based. The application of homomorphic encryption ensures that the genomic information of individual users remains encrypted during processing, with the outcome limited to the display of progeny compatibility to the respective end users.

Abstract: A computer-implemented method for detecting anomalous activity in a computer system by monitoring at least one decoy application programming interface. The method includes: detecting, in at least one decoy API hosted in a computer system, a function call to the at least one decoy API from an element of the computer system; and transmitting an intrusion message from the at least one decoy API to an intrusion detection system signifying that a function call to the at least one decoy API has been made.

Abstract: A system, method, and computer program product are provided for consent management. A method may include receiving a first data request for user data associated with a user, the user data stored in a user data database; communicating a consent request to the requester system; receiving a consent response from the requester system; storing consent data associated with the consent response for the user data requested in the first data request in an immutable ledger; receiving a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database; verifying the consent verification request based on the consent data; and communicating a consent verification response to the user data database, the consent verification response indicating consent from the user to share the user data with the requester system.

Abstract: A routing service, associated with a peer-to-peer blockchain network, receives data from a computer device, and executes policy decisions regarding access to a resource. A connection management broker receives data from the routing service, and executes policy enforcement regarding access to the resource, thereby providing access to the resource via an implicit trust zone. The connections among the computer device, distributed cloud-based access control, authentication, and routing service, and the connection management broker comprise an untrusted zone. The routing service has no access or visibility to the resource. Upon roaming by the computer device or the connection management broker across multiple access points, statuses are provided by the computer device, the connection management broker, and the routing service.

Abstract: Methods, systems, and apparatuses embodied herein control and track access to secured data independent of the asset storing the secured data. In this regard, some embodiments organize volumes including one or more datasets and attach one or more assets to each volume. Some embodiments further receive data permissions of use information, for example from a data steward device, for the volume and datasets, which are registered with the volume and the datasets. Some embodiments further receive a set of restrictions, retrieve the dataset permissions of use information for one or more dataset identifiers, and determine the restrictions do not conflict with the dataset permissions of use information. Some embodiments further generate, and subsequently store, an indication the set of restrictions is valid when the dataset permissions of use information does not conflict. Permissions of use information may be organized into persona data objects assigned to various user profiles.

Abstract: Embodiments present different password-less sign-in alternatives for selection by the user for a subsequent future login to the service provider account interface, and in response to determining that data inputs from a user satisfy associated data requests, enable the selected password-less sign-in alternative for a subsequent login of the user into the service provider account interface, wherein the subsequent login of the user into service provider account interface via the enabled selected password-less sign-in alternative does not require the user to enter the password.

Abstract: Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

Abstract: A procedure includes transmitting request information concerning user data requested to be collectively acquired, to an agreement server, requesting a token by scheduling a transmission timing of a token request for requesting to issue the token associated with a plurality of users from whom the agreement has been obtained among the users who fall under the request information, and by transmitting the token request to the agreement server in accordance with the scheduling, and acquiring, from a data management server, the user data not acquired yet in the user data on the users from whom the agreement has been obtained, by using the token acquired in the requesting the token.

Abstract: An identity verification system enables peer-to-peer authentication in a potentially insecure channel by leveraging a secure channel communication. The system authenticates a user via an identity verification application. The system provides a validation code to the user. The user communicates the validation code to a counterparty of the peer-to-peer communication. The system receives a request to authenticate the counterparty with the validation code and counterparty authentication data. The system authenticates the counterparty and sends the user the authentication of the counterparty. Alternatively, the user device communicates a request to generate a secure code for participants in a first insecure group application session. The user device selects an authenticated counterparty to receive the secure code from a list of authenticated counterparties. The user creates a second application session using the secure code as a password.

Abstract: For increased device security, a security policy manager is used to configure permissions for applications installed on mobile computing devices. In one approach, an evaluation server receives data associated with a context for a computing device. Based on the received data, a policy that is applicable for the current context of the computing device is identified. The identified policy has rules regarding access permissions for software installed on computing devices. The server determines a current policy implemented on the computing device, which includes determining an access permission for software installed on the computing device. The server determines that the access permission for the installed software does not comply with the policy applicable to the current context. Based on this determination, the server revokes the access permission for the installed software.

Abstract: A system access a blockchain network and conducts a blockchain transaction on a task log in the blockchain network. The system stores the blockchain transaction in a blockchain ledger. The system determines whether the blockchain transaction is associated with an anomaly. The anomaly indicates that the result of the blockchain transaction is unexpected. If it is determined that the blockchain transaction is associated with an anomaly, the blockchain transaction is rejected and removed from the blockchain ledger. Otherwise, the blockchain ledger is updated to indicate that the blockchain transaction is not associated with an anomaly.

Abstract: Systems and methods that mitigate network congestion on blockchain networks by supporting blockchain operations through off-chain interactions. For example, as communications to initiate off-chain events and/or blockchain operations are received, the system may determine various characteristics about the addresses involved. In particular, the system may determine whether the addresses correspond to cryptography-based, storage applications sharing a common platform service.

Abstract: The present invention is directed to managing sensitive local data for a global application in compliance with local data residency requirements. In a first location having data residency requirements, the system receives a write request for a record, determines that the record includes both sensitive and non-sensitive data, stores the sensitive data in a local storage device, creates masked data corresponding to the sensitive data, creates a modified record that includes the masked data, the local storage ID of the sensitive data, and the non-sensitive data, and sends the modified record to a global application for storage in a second location. In the second location, the system receives the write request for the modified record at an enforcement module on the global application, determines whether the modified record complies with the data residency requirements of the first location and, if so, sends the modified record to a global storage device.

Abstract: A method for prioritizing among vulnerabilities in a software code for a user by using a server is presented. The method comprises receiving a request, a software identification associated to the software code, and a user identification associated to the user from a user computer, fetching domain specific knowledge (DSK) data from a DSK database by using the software identification, wherein the DSK database comprises non-user defined features related to the vulnerabilities, fetching user specific knowledge (USK) data from a USK database by using the user identification, wherein the USK database comprises user defined features related to the vulnerabilities, determining utility estimations for the vulnerabilities, respectively, by comparing the vulnerabilities with the DSK data and comparing the vulnerabilities with the USK data, and transferring the utility estimations from the server to the user computer such that a prioritized list of vulnerabilities can be achieved.

Abstract: A device comprises a sensor and processing circuitry coupled to the sensor. The sensor is configured to obtain authentication information from an identification label of a cartridge of an electronic vaping device. The processing circuitry is configured to perform authentication of the cartridge based on the authentication information; and determine whether to unlock a battery section of the electronic vaping device to power the cartridge based on a result of the authentication of the cartridge.

Abstract: The present disclosure discloses an interactive method, an electronic device and a storage medium. In an embodiment, the method is applied to an electronic device including an interactive apparatus, and the method includes: receiving login request information and performing identity authentication; displaying information and/or at least one control corresponding to an authentication result; and displaying information corresponding to a control or executing a function corresponding to the control in response to an operation on the control.

Abstract: A password input method is disclosed. The password input method is conducted by a microprocessor of a touch sensitive password input device, wherein the touch sensitive password input device is integrated in an electronic device, such as point-of-sale payment terminal, smartphone, tablet computer, all-in-one computer, door station, and keyless electronic door lock. In case of the password input method according to the present invention being conducted, the touch sensitive password input device is controlled to guide a visually impaired person to successfully complete a password input operation with high security.

Abstract: The present invention provides for generating high volumes of synthetic data records for testing data processing applications associated with one or more operating fields, such as healthcare without using any confidential Information. In operation, the present invention provides for retrieving a predefined dataset. Further, the present invention provides for extracting data values associated with selected relevant data fields from the retrieved predefined dataset. Furthermore, the present invention provides for defining rules for generating data values of specific data fields out of the selected relevant data fields. Yet further, the present invention provides for evaluating a number of possible data records. Yet further, the present invention provides for generating evaluated number of synthetic data records using a predefined file format based on the extracted data values and the defined rules.

Abstract: It is provided a method for selectively granting access to a physical space secured by a barrier. The method is performed in a credential evaluator and comprises the steps of: determining a matching list containing a strict subset of credential identifiers of credentials within range of an antenna provided in a proximity of the barrier, wherein the matching list is based on how long each credential has been within range of the antenna; obtaining a set of biometric templates, consisting of biometric templates respectively associated with the credential identifiers of the matching list; obtaining biometric data of a person being closest to the barrier; and wherein a positive match between biometric data and one of the biometric templates is a necessary condition for granting access to the physical space.