Abstract: Methods, systems, and devices that support determining whether media data has been altered are described. Captured media data may be segmented into one or more subsets, and cryptographic representations (e.g., hashes) based on the subsets may be written to an immutable ledger, possibly along with metadata and other related data. A block of a blockchain may be created for each entry in the immutable ledger. A set of media data may be validated, if a corresponding immutable ledger exists, based on segmenting the set of media data into one or more subsets in accordance with the segmenting upon capture, creating candidate cryptographic representations (e.g., hashes) based on the subsets, and comparing the candidate cryptographic representations with contents of the corresponding immutable ledger.

Abstract: Methods, systems, and devices that support determining whether media data has been altered are described. Captured media data may be segmented into one or more subsets, and cryptographic representations (e.g., hashes) based on the subsets may be written to an immutable ledger, possibly along with metadata and other related data. A block of a blockchain may be created for each entry in the immutable ledger. A set of media data may be validated, if a corresponding immutable ledger exists, based on segmenting the set of media data into one or more subsets in accordance with the segmenting upon capture, creating candidate cryptographic representations (e.g., hashes) based on the subsets, and comparing the candidate cryptographic representations with contents of the corresponding immutable ledger.

Abstract: A Secure/Multipurpose Internet Mail Extensions (S/MIME) key material publication system that converts cryptographic material extracted from digitally signed and validated S/MIME messages it receives into key material formats suitable for populating email address books. Publication of the address book contents both internal and external to an organization is done using the standard address book lightweight database access protocol (LDAP). The wide availability and coordination of such automated address books distributing key material across the Internet allows the large installed base of S/MIME email clients to immediately send secure encrypted email across organizational boundaries. The system serves the role of public key server thus removing a barrier to ubiquitous secure encrypted email by simplifying global key management.

Abstract: There is provided an information processing apparatus that includes a first processor configured to verify a validity of a program, a control circuit configured to issue a system reset signal in a case where there is no access from outside for a predetermined period, and a second processor configured to execute the program that has been determined as valid by the first processor, and to become accessible to the control circuit after the program is initiated. The first processor is configured to access the control circuit before the second processor becomes accessible to the control circuit.

Abstract: Systems, methods, and computer-readable media provide for secure access to virtual machines in heterogeneous cloud environments. In an example embodiment, client credentials, such as a public key of a public-private key pair, are provided to a virtual machine in a first cloud, such as a private cloud. The virtual machine can be migrated from the first cloud to a second cloud, such as one of a plurality of heterogeneous public clouds. The virtual machine in the second cloud can be accessed from the first cloud via Secure Shell (SSH) authentication using the client credentials. The client credentials can be updated, and the updated client credentials can be used for subsequent SSH access to the virtual machine in the second cloud.

Abstract: A method that includes receiving patient-generated event data over a network from a patient device associated with a patient having an active digital therapy prescription for treating an underlying disease or disorder. The patient-generated event data is encrypted by the patient device and includes at least one timestamped event related to the active digital therapy prescription. In response to receiving the patient-generated event data, the method includes decrypting, anonymizing, and storing the anonymized patient-generated event data on memory hardware. The method further includes receiving a patient record request over the network from a healthcare provider (HCP) system that requests the patient-generated event data and includes an authentication token. In response to receiving the patient record request, the method includes retrieving and encrypting the anonymized patient-generated event data from the memory hardware using the authentication token.

Abstract: Features for providing a secure method of symmetric encryption for private smart contacts among multiple parties in a private peer-to-peer network. The features include a master key representing a unique blockchain ledger. The master key may be shared among multiple participants in a private peer-to-peer network. Sharing of the master key may include communicating the master key in an encrypted message (e.g., email) using public key infrastructure (PKI). In some implementations, more complex distribution features may be includes such as quantum entanglement. The features support instantiation of a smart contract using a specific master key. The request may be submitted as an entry to the ledger with appropriate metadata and/or payload information for identifying and processing the request.

Abstract: A storage device is configured to be connected to a host device via a physical cable which includes a power line and a data line. The storage device includes a non-volatile memory, a data path controller configured to temporarily deactivate the data line while power is supplied from the host device via the power line, and a memory controller. The memory controller includes a biometric module configured to receive biometric data and perform user authentication based on the biometric data; a biometric processing circuit configured to change a state of the memory controller, based on a result of the user authentication; and a data processing circuit configured to encrypt and decrypt data. The data path controller is configured to temporarily deactivate the data line in response to the changed state of the memory controller.

Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.

Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.

Abstract: A chatbot interface is provided for a network security software application. The chatbot interface can receive and act upon text utterances from a user or from a speech-to-text engine in instances where the user provided a voice utterance. The chatbot interface also can automatically perform tasks relating to network security. In one embodiment, the chatbot interface receives a text utterance, performs named entity recognition on the text utterance, performs intent classification to determine the intent of the text utterance, and performs an action based on the determined intent.

Abstract: A sensitive content display control system determines whether to display sensitive content on a computing device display, such as on a lock screen. The system attempts to authenticate a user of the computing device, and does not display the sensitive content if the user is not authenticated. If the user is authenticated, then the system determines whether anyone in addition to the user is looking at the computing device display. If the user is authenticated and no one else is looking at the computing device display, then the sensitive content is displayed. However, if the user is authenticated and at least one additional person is looking at the computing device display, then the sensitive content is not displayed.

Abstract: Techniques for providing segments of media items associated with events to users are described herein. Computing device(s) may receive from a user a request for a segment of a media item associated with an event. The computing device(s) may also receive data presented as evidence of acquisition of a pass for the event, verify that the data is associated with a valid pass that has been purchased for the event, and, based on the verifying, provide the segment of the media item to the user. Additionally or instead, the request may include a time length for the segment and/or a beginning position of the segment, and the computing device(s) may determine, based on a policy and one the time length and/or beginning position, a part of the requested segment of the media item to provide. The computing device(s) may then provide the determined part of the segment to the user.

Abstract: Management of a group of connected objects in a communications network including at least one local network. The connected objects, known as client objects, have at least one functional attribute. The method includes: obtaining an identifier of the group and an encryption key of the group); assigning the group at least one connected object according to at least one functional attribute of the connected object; obtaining an encryption key of the object; encrypting the encryption key of the group using the encryption key of the object; transmitting the identifier of the group, and the encrypted encryption key of the group to the at least one connected object.

Abstract: A device which can be implemented on a single packaged integrated circuit or a multichip module comprises a plurality of non-volatile memory cells, and logic to use a physical unclonable function to produce a key and to store the key in a set of non-volatile memory cells in the plurality of non-volatile memory cells. The physical unclonable function can use entropy derived from non-volatile memory cells in the plurality of non-volatile memory cells to produce a key. Logic is described to disable changes to data in the set of non-volatile memory cells, and thereby freeze the key after it is stored in the set.

Abstract: Techniques for securely controlling multiple lighting devices simultaneously with a lighting control device are disclosed. Command messages may be transmitted from the lighting control device to multiple lighting devices over a computer network without routing through a remote cloud service. The messages may be encrypted and may include an incremented sequence number. Lighting devices that receive a command message may compare the incremented sequence number to a previously stored sequence number corresponding to the lighting control device. If the incremented sequence number is greater than the stored sequence number, then a lighting device may determine the message was transmitted by an authorized lighting control device and may implement any command instruction included therein. If the incremented sequence number is equal to or less than the stored sequence number, then the lighting device may determine the command message was transmitted by a malicious source and may ignore the command message.

Abstract: A method implemented on a visual computing device to authenticate one or more users includes receiving a first three-dimensional pattern from a user. The first three-dimensional pattern is sent to a server computer. At a time of user authentication, a second three-dimensional pattern is received from the user. The second three-dimensional pattern is sent to the server computer. An indication is received from the server computer as to whether the first three-dimensional pattern matches the second three-dimensional pattern within a margin of error. When the first three-dimensional pattern matches the second three-dimensional pattern within the margin of error, the user is authenticated at the server computer. When the first three-dimensional pattern does not match the second three-dimensional pattern within the margin of error, user is prevented from being authenticated at the server computer.

Abstract: An online system receives a content item including a link to a landing page and determines a likelihood the landing page violates an online system policy based on a structural similarity between the landing page and a web page violating the policy. To determine the likelihood, the online system determines a hierarchical structure associated with the web page violating the policy and an additional hierarchical structure associated with the landing page. The hierarchical structure represents a structure of at least a portion of the web page and the additional hierarchical structure represents a structure of a corresponding portion of the landing page. The online system compares the hierarchical structure and additional hierarchical structure. Based on the comparison, the online system computes a measure of dissimilarity between the hierarchical structure and additional hierarchical structure and determines a likelihood the landing page violates the policy based on the measure of dissimilarity.

Abstract: Network circuitry authorizes User Equipment (UEs) for wireless services from wireless networks. The network circuitry stores lists of network identifiers that are associated with UE types. The network circuitry receives an authorization request that indicates a network identifier and a UE type. The UE type comprises model, operating system, user application, and/or radio frequency. The network circuitry retrieves a networks list for the UE type and compares the network identifier from the authorization request to the network identifiers on the network list. The authorization circuitry authorizes the UE responsive to a match between the network identifier from the authorization request and a network identifier on the network list.

Abstract: Techniques for securing displayed data on computing devices are disclosed. One example technique includes upon determining that the computing device is unlocked, capturing and analyzing an image in a field of view of the camera of the computing device to determine whether the image includes a human face. In response to determining that the image includes a human face, the technique includes determining facial attributes of the human face in the image via facial recognition and whether the human face is that of an authorized user of the computing device. In response to determining that the human face is not one of an authorized user of the computing device, the technique includes converting user data on the computing device from an original language to a new language to output on a display of the computing device, thereby securing the displayed user data even when the computing device is unlocked.