Abstract: Systems and methods for end to end encryption are provided. In example embodiments, a computer accesses an image including a geometric shape. The computer determines that the accessed image includes a candidate shape inside the geometric shape. The computer determines, using the candidate shape, an orientation of the geometric shape. The computer determines a public key of a communication partner device by decoding, based on the determined orientation, data encoded within the geometric shape. The computer receives a message. The computer verifies, based on the public key of the communication partner device, whether the message is from the communication partner device. The computer provides an output including the message and an indication of the communication partner device if the message is verified to be from the communication partner device. The computer provides an output indicating an error if the message is not verified to be from the communication partner device.

Abstract: A communication apparatus accepts an input of a passphrase by a user operation, sets an authentication scheme based on a passphrase length of the passphrase, and performs wireless connection with a partner apparatus using the set authentication scheme, wherein (i) in a case where the passphrase length is within a predetermined range, an authentication scheme of any of WPA (Wi-Fi Protected Access), WPA2, and WPA3, or a combination of at least two of WPA, WPA2, or WPA3, is set, and (ii) otherwise, an authentication scheme of WPA3 is set.

Abstract: Methods, apparatuses, or computer program products according to the present disclosure provide for service permissions scaling. In example embodiments, an apparatus receives a service request from an edge server. The apparatus may generate an authorization token based at least in part on a permissions data vector, where the authorization token is configured for access by one or more computing devices to determine whether to grant access by a first computing device associated with the requesting entity identifier to one or more resources associated with the one or more computing devices. The apparatus may then transmit the authorization token to the edge server. According to some embodiments, the authorization token may be configured for storing in an authorization token cache. In some embodiments, the authorization token may be retrieved from the authorization token cache.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes through the exclusion of certain merchants that may cause confusion. Indications of a plurality of different merchants, including merchant logos may be received. The indications may be processed to identify at least one similarity between a first merchant and a second merchant. A request for access to an account associated with a user and transaction data corresponding to the account may be received. Based on the similarity between the first merchant and the second merchant, at least one transaction corresponding to the first merchant may be removed to generate processed transaction record. An authentication question may be generated and a candidate response to the authentication question may be received. Based on the candidate response, access to the account may be provided.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for an approach to securing information stored in a distributed network. The system allows for generating distributed identifiers for information entries, wherein the distributed identifiers mask the information entries using a hash function and the distributed identifiers are dispersed across distributed ledgers. The system also allows for originating nodes to access the information entries within the distributed identifiers, while permitting other nodes and domains to reference the distributed identifiers themselves instead of referencing the information entries.

Abstract: An exemplary system and method are disclosed that provide the private querying of a biometric scan, such as a person's photo, against a private database such that the client issuing the private query learns only the identity of the query if it is in the database while the server performing the processing learns nothing of the biometric scan. The exemplary system and method conduct privacy-preserving searches over fuzzy databases via a fuzzy labeled set intersection (FLPSI) protocol. FLPSI protocol computes an intersection of noisy input sets to assess for closeness/similarity metrics in an efficient and optimized search.

Abstract: A shared computer device configured to receive a reservation request associated with a user at the shared computer device to reserve a predetermined period of time for usage of the shared computer device, receive an input from the user on the shared computer device during the predetermined period of time to sign in to and use the shared computer device to access and use a predetermined application, based on the signing in, downloading, from a server, predetermined personal information of the user stored in the server regarding the predetermined application and granting access to the user to use the predetermined application on the shared computer device during the predetermined period of time using the downloaded personal information of the user, and delete the personal information of the user from the shared computer device after the predetermined period of time expires.

Abstract: Disclosed herein are an apparatus and method for distributed consensus in an environment in which a fraction of Byzantine nodes is dynamically changed. The distributed consensus apparatus in a dynamic Byzantine fraction environment includes one or more processor and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to calculate a stochastic variable for the probability that a preset fraction of Byzantine nodes is changed using the probability that at least one of consensus candidate nodes corresponding to a preset consensus quorum is changed to a Byzantine node and to perform distributed consensus using the stochastic variable in the dynamic Byzantine fraction environment.

Abstract: A secure digital network environment is provided by integrating OTP keys as part of quantum-safe data systems solutions (QPN Solutions), including the use of one-time-pad (OTP) keys to encrypt data, support multi-factor authentication and secure all communications between devices in the secure digital network environment. The OTP keys are “pre-loaded” to endpoint (EP) devices to render them quantum-safe (QS) when connected into the secure digital network environment, or are otherwise provided through removable media to be loaded into user supplied appliances, devices and accessories to render them QS when connected into the secure digital network environment. The application of QPN Solutions refers to the application of QPN enabled technologies to provide a secure digital network environment includes risk assessment and management solutions for establishing and managing cyber security insurable risks and policies.

Abstract: According to an example embodiment, a management server includes a monitoring means for monitoring whether a file has been saved in a storage area managed by a file server, a determination means for determining, when the monitoring means detects that a file has been saved in the storage area, whether identification information on a user who has saved the file matches identification information on a specific user, and a privilege change means for changing, when the determination means determines that the identification information on the user who has saved the file matches the identification information on the specific user, an access privilege of the file.

Abstract: Some implementations of the disclosed systems, apparatus, methods and computer program products may provide for chatbots configured to perform tasks requiring end user identification on behalf of users. Such a chatbot may be authenticated through tokens with custom claims. The custom claims may include identifying or authenticating tokens received by the chatbot or server system and the chatbot may create and/or provide such tokens for authentication. The custom claim may be configured to provide user identifying data, allowing for the chatbot to be provided with end user credentials. Accordingly, chatbots may be utilized to perform sensitive tasks that require user credentials while continuing to provide security for users.

Abstract: This disclosure relates to, among other things, scalable data processing, storage, and/or management systems and methods. Certain embodiments disclosed herein provide for a data management architecture that allows for more secure storage of enterprise data, making it more secure, usable, and/or interoperable, facilitating data usage across information silos. Further embodiments provide for comprehensive data access authentication and/or authorization functionality between various services included in embodiments of the disclosed architecture.

Abstract: Methods and systems are described herein for generating and assigning resources based on timestamps. A plurality of permission messages associated with a plurality of authorization events may be received with each permission message including an authorization timestamp indicating a generation time of a corresponding permission message. In addition, a plurality of data records may be received with each data record including a corresponding plurality of parameters. Based on the permission messages and the data records, a resource multiplier is generated, and resources assigned to each data record are multiplied based on the resource multiplier.

Abstract: This application provides an online streamer image picture transmission method and computing device in live interaction. The method applied to a server, the method includes: receiving an online streamer image picture sent by a first online streamer end, and obtaining a target obfuscation key; performing encryption processing on the online streamer image picture based on the target obfuscation key and picture information of the online streamer image picture, to obtain an encrypted online streamer image picture; and in response to determining that a live interaction request for the first online streamer end and a second online streamer end is received, sending the encrypted online streamer image picture and the target obfuscation key to the second online streamer end.

Abstract: An apparatus includes one or more processors that are configured to determine a pixel-by-pixel bounds for a perturbed image, generate an adversarial example using an adversarial example generation technique, and modify the adversarial example to generate the perturbed image based on the pixel-by-pixel bounds. When an initial perturbed image does not reside within the pixel-by-pixel bounds, the one or more processors adjust the initial perturbed image to generate the perturbed image by a Weber-Fechner based adversarial perturbation to reside within the pixel-by-pixel bounds. The one or more processors provide the perturbed image to a computing device in an image-based Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA).

Abstract: Aspects of a storage device are provided that perform partial decryption of host encrypted data and encryption of host provided data using received or generated keys for data targeted for compute services. The storage device may include a non-volatile memory and a controller. The controller may receive encrypted data, receive a key associated with a portion of the encrypted data, and decrypt the portion of the encrypted data based on the key without decrypting a remainder of the encrypted data. The controller may also receive data, receive or generate a key associated with a portion of the data, encrypt the portion of the data based on the key without encrypting a remainder of the data based on the key, and store the encrypted portion of the data in the non-volatile memory for subsequent decryption. As a result, a balance between encrypted data storage and decrypted data security may be achieved.

Abstract: A method for secure pairing between a sensor and a concentrator using a mobile terminal includes generating and emitting a confirmation code by the concentrator; converting by the sensor of the confirmation code into a sequence of light signals executed by at least one light-emitting diode; converting by the mobile terminal of the sequence of light signals into a sequence code; sending the sequence code to the concentrator; comparing, by the concentrator, the sequence code and the generated confirmation code: if the sequence code does not match the generated confirmation code, generating a warning; if the sequence code matches the generated confirmation code, pairing and exchanging information between the sensor and the concentrator.

Abstract: A method for communicating over a wireless network includes broadcasting, by a Multi-Link Device (MLD) device, service data indicative of one or more services for wireless communication with a client device; wherein the service data indicates that a service type is differentiated based on a type of the client device; establishing a security association with the client device; and in response to establishing a security association with the client device, granting access by the client device to a subset of the one or more services based on the type of the client device.

Abstract: A novel structured random sample consensus protocol to greatly improve blockchain and distributed ledger technology throughput and scalability, while maintaining decentralization and high levels of security. The invention leverages small committees of fixed sizes, called “Clans,” threshold cryptography, and logical virtual districts, called “Tribes,” in order to deterministically random sample disparate nodes for sentiment analysis on a transactions validity, thereby only requiring a relatively small subset of nodes to validate any particular transaction or batch of transactions thus enabling much greater concurrency and parallel processing compared to other more linearized consensus algorithms, while maintaining high security.

Abstract: A packet processing method. A protection device receives a first access request packet. The first access request packet includes a packet sent based on a TCP/IP protocol. The protection device extracts a first fingerprint feature from a transport-layer packet header and/or a network-layer packet header of the first access request packet. The first fingerprint feature corresponds to an operating system type of a terminal device that transmits the first access request packet. The protection device recognizes the first fingerprint feature based on a fingerprint feature database to determine whether to allow the first access request packet to access a server. The protection device allows the first access request packet to pass through when the first access request packet is allowed to access the server. The protection device blocks the first access request packet when the first access request packet is not allowed to access the server.