Abstract: The present invention relates to a method of fusing at least two different candidate lists into a single candidate list, said at least two different candidate lists being generated by matching biometric data captured from an individual to be identified and biometric data enrolled from candidates to calculate match scores of candidates and ranking said match scores, the method comprising steps of: normalizing the match scores of the candidates of said at least two different candidate lists; ranking at least part of the candidates of said at least two different candidate lists in a single candidate list according to said normalized match scores to fuse said at least two different candidate lists; identifying at least one candidate belonging to multiple lists of said at least two different candidate lists; and raising said identified at least one candidate's rank in said single candidate list.

Abstract: Systems, methods, and devices that relate to efficient incident management using multi-dimensional correlation across different layers of the network are disclosed. In one example aspect, a method for wireless communication includes receiving reporting information about a network incident associated with multiple network nodes in a network, and identifying a network node or a connection between two network nodes as a root cause for the network incident based on a multi-dimensional correlation that correlates one or more sets of horizontal information in respective layers of an Open Systems Interconnection (OSI) model and vertical information across multiple layers of the OSI model.

Abstract: Embodiments detect security vulnerabilities, e.g., backdoors, in applications. An embodiment reverses object code of a computer application to generate source code of the computer application. In turn, the generated source code is compared to trusted source code of the computer application to detect a security vulnerability in the object code of the computer application. Embodiments can take one or more protection actions, e.g., sending a notification or preventing execution of the object code, amongst other examples, in response to detecting the security vulnerability.

Abstract: Methods, systems, and apparatus for generating an encryption key. In one aspect, a method includes the generating and sending, by a first device, a stream of random challenges to other devices. Each other device proses, by a physically unclonable function (PUF) included in the device, the stream of random challenges twice to obtain pairs of responses and computes a first Bernoulli matrix vector. Each other device generates a first LPN instance using a pre-stored public matrix, a partial encryption key, and the first Bernoulli error matrix, and sends the first LPN instance to the first device. The first device computes a threshold number of the first LPN instances and an estimated combined error of PUFs included in the other devices. The first device generates an encryption key by recovering a summation of each partial encryption key encoded in the threshold number of first LPN instances.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for data processing to monitor and trigger alerts based on identified technical issues at instances running in a cloud platform environment. Availability data for the cloud platform can be collected. Based on evaluation of the availability data, a determination that at least a portion of a set of services are experiencing issues can be made. A detailed check is triggered to collect data logs, metrics, and dependencies data for at least the portion of the set of services. An overall status of performance of the cloud platform based on obtained service status data from the detailed check can be determined. Based on analysis of the overall status of performance of the cloud platform, execution of causal engine logic to identify an issue at the cloud platform can be performed, and a notification for the issue can be provided.

Abstract: A method for exchanging packets between two nodes of a packet-switched communication network. Each packet comprises a marking field and a reflected marking field. Each node sets the value of the marking field in its outgoing packets to be transmitted to the other node. This value is alternately switched between two alternative marking values every N outgoing packets. While incoming packets are received from the other node, each node also sets the value of the reflected marking field of its outgoing packets according to the value of the marking field of the incoming packets. An observer placed between the two nodes may count the packets whose marking field is equal to any of the marking values and/or the packets whose reflected marking field is equal to any of the marking values, and use N and such counts to provide a packet loss measurement.

Abstract: A distributed memory data repository of connected data centres. The network load balances by routing requests to different data centres for processing. The solution design provides a blue print to implement a distributed memory data repository based defense system across multiple nodes with dynamic fail-over capabilities. The defense system runs independently on a single node, exclusively leveraging memory for data storage and implementing a communication channel to interact with other nodes.

Abstract: In some implementations, a network onboarding system may receive, over a first connectivity protocol, a uniform resource identifier (URI) for an IoT device. The network onboarding system may authenticate, over the first connectivity protocol, the IoT device based on the URI. The network onboarding system may exchange, with the IoT device, over the first connectivity protocol, a set of IoT device credentials with a set of onboarding credentials for an IoT network. The network onboarding system may configure a notify message that includes the IoT device credentials for transmission over a second connectivity protocol. The network onboarding system may perform, by the network onboarding system, a filtered discovery of the IoT device over the second connectivity protocol. The network onboarding system may onboard, over the second connectivity protocol, the IoT device onto the IoT network.

Abstract: A method for encryption that combines the steganographic method of concealing data inside a truly random string of bits with a cryptographic key that allows for the random distribution of this data, essentially creating a symmetrical cipher.

Abstract: An electronic device and a method for controlling thereof is provided. The electronic device includes a memory including a neural network model, a display, a communicator including circuitry, and a processor configured to identify, based on a user command to transmit a first image to an external device being input, whether private information of a user is included in the first image by inputting the first image in the neural network model, based on identifying that private information of the user is included in the first image, display a first user interface (UI) asking whether to process at least one private information based on the private information included in the first image, and based on a user command input through the first UI, process the first image and control the communicator to transmit the processed to the external device.

Abstract: In one example embodiment, a server that is in communication with a network that includes a plurality of network elements obtains, from the network, a service request record that includes sensitive information related to at least one of the plurality of network elements. The server parses the service request record to determine that the service request record includes a sequence of characters that is repeated in the service request record, and tags the sequence of characters as a particular sensitive information type. Based on the tagging, the server identically replaces the sequence of characters so as to preserve an internal consistency of the service request record. After identically replacing the sequence of characters, the server publishes the service request record for analysis without revealing the sequence of characters.

Abstract: A formal verification method for a certificate storage smart contract is provided. The method includes: obtaining the certificate storage smart contract, and performing certificate storage, forensic, and certificate storage and forensic authority granting according to different production environments and authority; adding standardization statements of formal standardization into the certificate storage smart contract; and obtaining a verification result by performing model verification on the certificate storage smart contract into which the standardization statements of the formal verification are added. A computer device and a non-transitory computer-readable storage medium are further provided.

Abstract: A computer-implemented method for data segmentation to improve security is described. The method includes receiving a request, from a client device of a user, for authentication information; parsing the request; based on the parsing, determining an authentication score that represents a likelihood that the request is from an authenticated device; determining, from the authentication score, a number of segments into which the requested authentication information is divided; and for each of the segments, assigning one or more portions of the authentication information to that segment, in which each segment is associated with one or more times at which to transmit information assigned to that segment, and at one or more times specified by that segment, transmitting one or more portions of the authentication information assigned to that segment to the client device.

Abstract: A method and system for analysis of a facility may include providing an emulation host system, first generating a golden circuit model on the emulation host system, first inserting a first hardware trojan model, first emulating operation of the golden circuit model, and second emulating operation of the first hardware trojan model. A facility may include a trojan instrument facility having a trojan detection instrument comparing logic circuit output against a threshold for detecting hardware trojan activity, and outputting alert data, and in relation to opening one of a plurality of scannable access points, a scannable register is inserted into an active scan chain with an associated instrument interface.

Abstract: An acceptance hash code is disclosed herein. An acceptance hash code is a value generated by a device using a hash function. The acceptance hash code itself may represent a legally enforceable document. The acceptance hash code may be structured in a manner such that a device operated by a user can transmit a legally enforceable document over a network using a smaller file size than is possible with conventional secure transaction techniques. In addition, the manner in which the acceptance hash code is generated allows a receiving device to verify that the document elements of the document are as expected and to verify an identity of a user that allegedly executed the document. Thus, even if a malicious user attempts to alter document elements or perform other fraudulent activity, the receiving device can use the acceptance hash code to identify such activity and prevent a transaction from being completed.

Abstract: A system including a processor configured together and analyzing network activity data associated with a plurality of network service providers, gather geographic reference data that includes information about locale(s) of interest, create bins and use spatial matching to associate network performance parameters with hex bins associated with the locale(s) of interest. Generate, based at least in part on the geographic network data, a geospatial map overlay for incorporation in an interactive graphical user interface (GUI), the geospatial map overlay comprising a visual indication of one or more areas of interest and associated aggregated network performance data, and identify and deploy one or more measures to improve network performance and thus customer experiences for at least one or more of the identified locale associated with a bin.

Abstract: A method including encrypting, by a multiuser device, a first folder based on utilizing a first symmetric key and a second folder based on utilizing a second symmetric key, the first folder and the second folder being stored on the multiuser device; encrypting, by the multiuser device, the first symmetric key based on utilizing a first trusted key and the second symmetric key based on utilizing a second trusted key; and providing access, by the multiuser device, to the encrypted first folder by decrypting the encrypted first symmetric key based on verifying first biometric information and to the encrypted second folder by decrypting the encrypted second symmetric key based on verifying second biometric information, the first biometric information being different from the second biometric information. Various other aspects and techniques are contemplated.

Abstract: In some implementations, a device may provide a data structure storing first data, wherein the first data indirectly identifies second data, and wherein the second data identifies a particular individual. The device may obtain, from the data structure, the first data. The device may generate a cryptographically random value using a secure generator. The device may combine the first data and the cryptographically random value to generate hashing input data. The device may perform, using a hashing algorithm, a hashing operation on the hashing input data to generate de-identified first data, wherein re-identification of the de-identified first data requires knowledge of at least the first data, the cryptographically random value, and the de-identified first data. The device may perform an action using the de-identified first data.

Abstract: An example system includes network devices at a site; and a network management system (NMS) that is configured to: identify a first network device of the plurality of network devices with which a network connection has been lost; identify, based on a network topology graph generated from the network data, one or more neighbor network devices of the plurality of network devices that are connected to the first network device; perform root cause analysis of the lost connection with the first network device based on the network data to identify a root cause of the lost connection; and send, to a neighbor network device selected from the one or more neighbor network devices and based on the identified root cause, instructions for the first network device to perform an action to remediate the lost connection, wherein the neighbor network device communicates the instructions to the first network device.

Abstract: A method for providing a personal data storage service between a first user who is a data provider and a second user who is a data requester by using a smart contract based on a first layer and a privacy layer and a storage layer based on a second layer is provided. The method has an effect of generating encoded subject data made by encoding subject data by using a random key as an encryption key generated through a data provider terminal, to thereby prevent the personal storage service provider from decoding the subject data. Further, the method has another effect of saving the storage for use in PDS service, since there is no need to generate each of encoded encryption key and encoded subject data in line with each of data requester even if the number of data requesters increase by implementing using a proxy re-encryption technology.