Abstract: Trust of a secure workspace that has multiple layers with distributed ownership can be verified. A management service can maintain a repository of layers for secure workspaces and a certificate vault storing certificates of the owners of the layers. The management service can also maintain workspace metadata defining secure workspaces that pertain to a particular user and the layers that form the secure workspaces. When a secure workspace is to be deployed on a user computing device, the management service can send the layers that form the secure workspace and the workspace metadata for the secure workspace to a host agent on the user computing device. The host agent can then leverage the certificates of the owners of the layers to verify the trust of each layer and, if trust is verified for all layers that form the secure workspace, can deploy the secure workspace on the user computing device.

Abstract: A system for communicating email messages using tokens receives a request to send an email message to a receiver. The email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system generates a particular token for the sender's email address in response to determining that the sender's email address is not associated with a token, where the particular token uniquely identifies the sender's email address. The system sends the email message using the particular token instead of the sender's email address, such that the sender's email address remains anonymous from the perspective of the receiver.

Abstract: Disclosed herein are system, method, and computer program product embodiments for verifying the integrity of a boot process without relying on a boot aggregate value. An embodiment operates by cryptographically validating, by a hardware root of trust, a first code module associated with a digital signature. The embodiment determines that the first code module was cryptographically validated and cryptographically measures the first code module thereby generating a first measurement. The embodiment stores a representation of the first measurement in a first platform configuration register (PCR) of a trusted platform module. The embodiment configures a remote attestation agent to instruct a remote attestation server to attest the value stored in the first PCR. The embodiment transmits a TPM attestation quote to the remote attestation server.

Abstract: A system and a method are provided for an external server for use with a first network device and an external network. The external server contains: a memory having a priori data stored therein, the a priori data includes a plurality of potential security attack signatures; and a processor configured to execute instructions stored on the memory to cause the external server to: monitor the first network device for actions on the first network device; identify an action on the first network device that matches one of the plurality of potential security attack signatures of the a priori data; and notify the first network device that the action is a potential security attack.

Abstract: A first playback device is configured to obtain audio content from a cloud-based media service, the audio content encrypted according to a first encryption scheme. The first playback device is configured to communicate with a cloud-based license service to obtain information for decrypting the audio content and use the obtained information to decrypt the audio content. The first playback device is also configured to re-encrypt the decrypted audio content in accordance with a second encryption scheme and transmit the re-encrypted audio content to at least a second playback device that is grouped with the first playback device for synchronous audio playback. The first playback device is also configured to play back the audio content in synchrony with playback of the audio content by the second playback device.

Abstract: Systems and methods for censoring text characters in text-based data are provided. In some embodiments, an artificial intelligence system may be configured to receive text-based data and store the text-based data in a database. The artificial intelligence system may be configured to receive a list of target pattern types identifying sensitive data and receive censorship rules for the target pattern types determining target pattern types requiring censorship. The artificial intelligence system may be configured to assemble a computer-based model related to a received target pattern type in the list of target pattern types. The artificial intelligence system may be configured to use a computer-based model to identify a target data pattern corresponding to the received target pattern type within the text-based data, identify target characters within the target data pattern, and to assign an identification token to the target characters.

Abstract: An identity management and authorization system (IMAS) receives a request to download an application to a user device associated with a user. The IMAS downloads, to the user device, a template application instance corresponding to the requested application, the template application instance having a reduced functionality than the requested application. The IMAS receives, from the user device, a request to register to the downloaded template.

Abstract: An access control method and system that uses a physical proximity interface on a token dispenser device to obtain tokens on a blockchain which are used for subsequent access to a local network. The tokens are authenticated on the local network using proof of authority authentication. A client device can present a token to the local network from anywhere in the world in order to access at least one device on the local network. In an example, the method includes receiving, from the physical proximity interface of the token dispenser device, a token on a blockchain layer; presenting, to a node of the local network, the token; and receiving, from the node, successful authentication of the token by way of proof of authority authentication. The method can include, after the successful authentication of the token, authorizing the client device to access a device on the local network.

Abstract: Systems and methods include a computer-implemented method for predicting pH of seawater. A model is generated that is configured to predict a power of hydrogen (pH) of treated seawater. Generating the model includes correlating process parameter values and historical data of seawater processing plants of oil and gas reservoirs. Upstream parameters of the seawater plant are received by a soft sensor pH predictor installed at a seawater plant. A pH of seawater being processed by the seawater plant is predicted using the model and neural network software of the soft sensor pH predictor.

Abstract: Method for authenticating at least one ventilator with at least one remote station, wherein the ventilator can connect itself via at least one interface to the remote station, at least one authentication file is stored on the ventilator, the authentication file contains at least one signature code of a signing authority, and a public keycode of the signing authority is known to the remote station, the ventilator sends the authentication file to the remote station when establishing the connection to the remote station, the remote station checks the signature code of the authentication file using the public keycode as to whether the signature code originates from the signing point and the ventilator is authenticated when the remote station recognizes the signature code as originating from the signing authority.

Abstract: A system can efficiently control access to an interactive computing environment. The system can receive authentication data of an authentication attempt associated with an entity. The system can determine, for the entity, a historical vector including features that include sub-features. The historical vector can be determined by generating synthetic data, generating weights, and determining probabilities. The synthetic data can be based on historical authentication attempts by entities other than the entity. The weights can correspond to sub-features of the historical vector. The probabilities can indicate a likelihood that a corresponding sub-feature is involved in the authentication attempt. The system can compare the historical vector to the authentication data. The system can generate a responsive message based on the comparison for controlling access to the interactive computing environment.

Abstract: A computer-implemented method. The method includes recognizing the possibility of a manipulation of the software of a first component of a plurality of components of a vehicle electrical system of a vehicle in a central device for mitigating a manipulation of software. The central device for mitigating a manipulation is part of the vehicle electrical system, and is designed to mitigate a manipulation of software in each component of the plurality of components of the vehicle electrical system. The method further includes initiating a countermeasure for mitigating the manipulation of the software of the first component and carrying out the countermeasure for mitigating the manipulation of the software of the first component. The countermeasure includes changing a functionality of the first component and at least partially shifting the functionality of the first component to one or multiple other components of the plurality of components.

Abstract: Techniques for applying context-based security in mobile networks using an API and a data store are disclosed. In some embodiments, a system/process/computer program product for applying context-based security in mobile networks using an API and a data store includes monitoring network traffic on a mobile network at a security platform to identify a new session; determining user-IP mapping information associated with the new session using an API and a data store; and enforcing a security policy on the new session at the security platform based on the user-IP mapping information to apply context-based security in the mobile network.

Abstract: There is described herein a computer-implemented method of processing an input data item. The method comprises processing the input data item using a parametric model to generate output data, wherein the parametric model comprises a first sub-model and a second sub-model. The processing comprises processing, by the first sub-model, the input data to generate a query data item, retrieving, from a memory storing data point-value pairs, at least one data point-value pair based upon the query data item and modifying weights of the second sub-model based upon the retrieved at least one data point-value pair. The output data is then generated based upon the modified second sub-model.

Abstract: Provided is an authentication system that improves user convenience. This authentication system includes at least one first terminal, a plurality of second terminals, and a server device. The first terminal is capable of providing services using a biometric authentication function or non-biometric authentication function. Each of the second terminals is capable of switching between a biometric authentication function and a non-biometric authentication function and capable of providing services using the biometric authentication function or non-biometric authentication function. The server device is connected to the first terminal and the plurality of second terminals. The server device calculates the rate of usage of a biometric authentication function by the at least one first terminal. The server device determines an operation mode for at least one of the plurality of second terminals on the basis of the calculated rate of usage.

Abstract: A cryptography system comprising a first node having a unique identifier generator configured to generate at least one physical unclonable function (PUF); and a second node configured to remotely send an attestation request to the first node is disclosed. In some embodiments, the cryptography system may form at least part of a distributed ledger and the PUF is configured to respond to the attestation request.

Abstract: A hearing device and a method for operating a hearing device is disclosed, hearing device comprising a processing unit configured to compensate for hearing loss of a user of the hearing device; an interface; and a memory unit, wherein the memory unit has stored therein a first primary certificate comprising a first primary hearing device identifier; a second primary certificate comprising a second primary hearing device identifier; and customer data indicative of the hearing device being configured to operate as a customer hearing device, wherein the processing unit is configured to determine if the hearing device is configured to operate as a customer hearing device based on the customer data; and in accordance with a determination that the hearing device is configured to operate as a customer hearing device, operate the hearing device according to the second primary certificate.

Abstract: Aspects of the present disclosure may address cryptographic methods and systems using redundant encryption and re-keying to provide security in a post-quantum computing environment. A trusted server may initially establish encrypted communications with users, using symmetric key matrices established with the users. The trusted server may be used to establish symmetric key matrices between users and to assist in the users in establishing communications. All of the symmetric keys in a given symmetric key matrix may be used to encrypt plaintext for transmission. Re-keying may be used to generate new symmetric key matrices on a periodic basis or upon initiation by a node or based on a selected secrecy mode. Establishment of symmetric key matrices and re-keying may involve the use of post-quantum key encapsulation mechanisms.

Abstract: An apparatus includes a memory that stores instructions; and a processing unit that executes the instructions to identify a created process, to receive a notification of a first event for an ancestor process and a notification for a second event for the created process, the notification of the first event indicating a first ActivityID and a first ID, the notification of the second event indicating a second ActivityID and a second ID, the first ID being different from the second ID, to perform a first determination that the created process was created by a component object model (COM) call, at least in part based on the second ID, and to perform a second determination that the ancestor process indirectly created the created process, at least in part based on the first and second ActivityIDs and the first determination.

Abstract: A searchable encryption system includes a registration device including an index generation unit (624) and an encrypted index generation unit (625). The index generation unit (624) generates a registration keyword index by using a registration keyword, authorized-person attribute information corresponding to an authorized person who has an authority to search for the registration keyword, a user key function to generate a user key corresponding to a searcher, a search query function to generate a search query having the user key incorporated therein, and an index query function to generate an index query having the search query incorporated therein. The encrypted index generation unit (625) generates an encrypted index by encrypting the registration keyword index by using the index disclosure key.