Abstract: Apparatus and associated methods relate to provide transient access rights to entities for creating, accessing, and/or sharing digital health content (DHC). In an illustrative example, a health content distribution system (HCDS) may generate a time-limited access token (TLAT) for authenticated users to access DHC. The TLAT, for example, may be generated based on a predetermined association of a corresponding DHC with a patient, a predetermined association of a requestor with the patient, a predetermined role of the requestor with relation to the patient, and a predetermined association between the requestor and a creator of the content. The TLAT may be further generated based on a predetermined association between the requestor and an organization associated with the patient. The HCDS may, for example, upon receiving the TLAT, transmit the corresponding DHC to be displayed at the requestor's device. Various embodiments may advantageously provide a secure on-demand health content access system.

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

Abstract: Aspects of the present disclosure involve a method, a system and a computer readable memory to generate and use prime numbers in cryptographic operations by determining one or more polynomial functions that have no roots modulo each of a predefined set of prime numbers, selecting one or more input numbers, generating a candidate number by applying one or more instances of the one or more polynomial functions to the one or more input numbers, determining that the candidate number is a prime number, and using the determined prime number to decrypt an input into the cryptographic operation.

Abstract: According to some implementations, context-based information is provided. The method can establish a first context for a user to start a process of correlation of information from multiple sources. The method can then authorize the user to access information from one or more sources of information. The method can request the first information from the one or more sources of information based on the first context. Based on the first information received from the one or more sources of information, the method can revise the first context to generate a second context. The method can use the second context to correlate second information from the one or more sources of information. The method can filter the second information for the user to determine a relevant subset of information. Eventually, the method can send the relevant subset of information to a client device associated with the user.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: In various embodiments, the present invention relates to a blockchain-powered SDN-enabled networking infrastructure in which the integration between blockchain-based security and autonomy management layer and multi-controller SDN networking layer is defined to enhance the integrity of the control and management messages. In one or more embodiments, this networking infrastructure is utilized achieve three main functionalities: (1) integrity verification of control and management commands for cloud platforms, (2) identification of the malicious hosts abusing the cloud platform, and (3) enhancing the availability of the cloud platform via autonomous bandwidth provisioning.

Abstract: Techniques for cooperative timing alignment using synchronization pulses are described. The techniques can include generating, at an integrated circuit device, a timing signal, controlling a local count value based on the timing signal, monitoring a synchronization signal of a system comprising the integrated circuit device, detecting a synchronization pulse in the synchronization signal, and aligning the local count value with an implied count value associated with the synchronization pulse in order to align the local count value with those of other integrated circuit devices of the system.

Abstract: Authorization for access to an application server and associated communication service can be desirably managed. When a device attempts to access an application server and service, an authorization server generates an encrypted token, comprising device identifier information, and communicates the token to the device. The device communicates the token to the application server. The application server communicates the token to the authorization server. The authorization server determines whether the device is validated to access the application server and service based on the encrypted token, private decryption key, and initialization vector, and based on subscriber-related information. The authorization server does not share the private decryption key or initialization vector with the application server. If validated, the authorization server communicates validation-related information, including a permitted portion of subscriber-related information, to the application server.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key. Example embodiments of systems and methods can be used to provide further authentication and added levels of security for transactions.

Abstract: Systems, methods and apparatuses to configure a computing device for identification and authentication are described. For example, a key management server (KMS) has a certificate generator and is coupled to a registration portal. A copy of secret implemented into a secure component during its manufacture in a factory is stored in the KMS. After leaving the factory, the component can be assembled into the device. The portal receives registration of the component and a hash of software of the device. The certificate generator generates, independent of the device, public keys of the device, using the copy of the secret stored in the KMS and hashes of the software received via the registration portal, and then sign a digital certificate of the public key of the device. Authentication of the device can then be performed via the private key of the device and the certified public key.

Abstract: A method of a relay user equipment (UE) can include receiving, at the relay UE, from a first neighbor UE, a communication request message for establishing a connection between an initiating UE and a target UE, the communication request message including first security-establishment-related information originating from the initiating UE for establishing a security association between the initiating UE and the target UE; modifying the communication request message to add second security-establishment-related information for establishing a security association between the relay UE and a second neighbor UE; and transmitting to the second neighbor UE the modified communication request message that includes the first security-establishment-related information originating from the initiating UE for establishing the security association between the initiating UE and the target UE, and the second security-establishment-related information added by the relay UE for establishing the security association between the rela

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Abstract: Systems and methods are provided for authenticating an identity of a user requesting a resource or service from an entity. In some embodiments, a system may include at least one processor; and a non-transitory medium containing instructions that cause the system to perform operations. The operations may include receiving credential information associated with the remote user, and receiving, from the server associated with the entity, first hash information. The operations may also include generating second hash information based on information associated with the user, comparing the first hash information with the second hash information, and transmitting an indication based on the comparison to the server associated with the entity.

Abstract: Embodiments of the present disclosure are directed to a network analytic system for tracking and analysis of network infrastructure for network-based digital assets. The network analytic system can detect and track a relationship between assets based on one or more attributes related or shared between any given assets. The network analytic system can analyze network-based digital assets to determine information about a website (e.g., information about electronic documents, such as web pages) that has be used to detect phishing and other abuse of the website. The network analytic system can analyze data about network-based assets to determine whether any are being used or connected to use of unauthorized or malicious activity or known network-based assets. Based on the relationship identified, the network analytic system can associate or link assets together. The network analytic system may provide an interface to view data sets generated by the network analytic system.

Abstract: Methods and systems for removing sensitive information from a digital image. An instruction to share a digital image is received. It is then determined that the digital image contains a depiction of a corporate display medium that is classified as sensitive based on a policy and, based on the determination that the digital image contains the depiction of the corporate display medium that is classified as sensitive based on the policy, the digital image is processed to modify the depiction. The digital image is shared.

Abstract: Certain aspects of the present disclosure provide techniques and systems for screening chat attachments. A chat attachment screening system monitors a chat window of a first computing device associated with a first user during an interaction session between the first user and a second user. An upload of an attachment is detected based on the monitoring. Access to the attachment from a second computing device associated with the second user is blocked, in response to detecting the upload. Content from the attachment is identified and extracted. A type of the attachment is determined based on the content. A determination is made as to whether the second user is authorized to access the type of the attachment. An indication of the determination is presented on at least one of the first computing device or the second computing device during the interaction session.

Abstract: A computer-implemented method includes generating behavior patterns based on historical behavior of a plurality of emails. The method further includes receiving an email message from a sender, wherein the email message is withheld from delivery to a recipient. The method further includes extracting a plurality of features from the email message. The method further includes determining whether content of the email message matches at least one criterion for suspicious content. The method further includes determining a reputation score associated with the sender based on a comparison of the extracted features with the behavior patterns, wherein the extracted features include an identity of the sender. The method further includes responsive to the content of the email message not matching the at least one criterion for suspicious content and the reputation score meeting a reputation threshold, delivering the email message to the recipient.

Abstract: A cloud server and an operation method thereof are provided. The cloud server is communicatively connected to at least one electronic device and at least one power device. The cloud server is used for determining whether an event occurs on any of the power devices, and determining whether a warning needs to be issued in response to the event. When both are determined to be yes, the cloud server pushes an alert message, generates a security key and a security lock, and transmits the security lock to the electronic devices associated with the event. Only when receiving a confirmation message in response to the alert message within a valid unlock time, the cloud server transmits the security key to the electronic devices associated with the event, so that the electronic devices associated with the event start to perform a corresponding operation after unlocking.

Abstract: A memory system includes a nonvolatile memory and a controller. In a case where first encrypted data obtained by encrypting first data with a first DEK is stored in the nonvolatile memory, in response to determining that second data received based on a first write request from a host is the same as the first data and a first user uses the host, the controller encrypts the first DEK with a first KEK associated with the first user to acquire a first encrypted DEK, and stores the first encrypted DEK.

Abstract: Techniques for producing records of digital activities that are performed with accounts associated with employees of enterprises are disclosed. Such techniques can be used to ensure that records are created for digital activities that are deemed unsafe and for digital activities that are deemed safe by a threat detection platform. At a high level, more comprehensively recording digital activities not only provides insight into the behavior of individual accounts, but also provides insight into the holistic behavior of employees across multiple accounts. These records may be stored in a searchable datastore to enable expedient and efficient review.