Abstract: A method and protocol for triple-blind identity mapping that sufficiently address the need to reduce accidental or nefarious attempts to re-identify the underlying identities pseudonymized by current hashing methods are disclosed. The system abates the privacy exposure risk derived from the simple exchange of hashed information, because the referenced actors do not come into possession of the input values required to produce a repeatable function.

Abstract: A system and method that detects and mitigates zero-day exploits and other vulnerabilities by analyzing event logs and external databases, forcing reauthentication of at-risk and comprised systems and accounts during an identified threat or potential security risk.

Abstract: A method includes receiving an indication of a request from a client device. The request is for establishing an access session to perform one or more actions on data of a data processing platform. The method includes receiving data indicative of a context of the access session request and establishing a challenge session associated with the request that indicates one or more challenges required of a user associated with a client device to successfully respond to in order to establish the requested access session, a number or a type of the one or more challenges being determined based on the context, and establishing an access session to enable the user to perform the one or more actions on the data of the data processing platform if responses to all challenges in the challenge session are successful.

Abstract: An encoder receives first data encapsulating second data in a hidden compartment along with a decoder identifier corresponding to either of a first decoder or a second decoder. The encoder then generates an embedding corresponding to the first data. The first decoder decodes the embedding to result in a representation of the first data when the decoder identifier corresponds to the first decoder. The second decoder decodes the embedding to result in a representation of the second data when the decoder identifier corresponds to the second decoder. The decoded embedding can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: Captures or recordings of sensitive information or data displayed on screens or displays are detected by generating unique identifiers of users and embedding linked codes including such identifiers into the information or data. When the information or data is accessed by a user and displayed on a screen, and an image of the information or data is captured by a camera of a mobile device or other system, the camera detects a code within the images and requests to access a page or other networked resource associated with a link embedded in the code. Upon detecting a request to access such a page, the request may be attributed to the user. Upon detecting a unique identifier within an image depicting sensitive information, the image may be attributed to the user.

Abstract: Post quantum secure network communication is provided. The process comprises sending, by a client in a first computing cluster, an outbound message to a quantum safe cryptographic (QSC) proxy server in the first computing cluster, wherein the outbound message is addressed to a target server in a second computing cluster. The QSC proxy server initiates a QSC transport layer security (TLS) connection with an ingress controller in the second computing cluster, wherein the ingress controller comprises a QSC algorithm. The QSC proxy server transfers the message to the ingress controller via the QSC TLS connection, and the ingress controller routes the message to the target server in the second computing cluster via a non-QSC connection.

Abstract: Disclosed is a method for defending against a malicious data traffic, the method includes: monitoring, by a defender device, data traffic flowing through a network device; generating a first control signal, by the defender device, in response to a detection that the data traffic includes a predefined amount of malicious data traffic, to cause a delivery of the data traffic to the defender device; terminating the malicious data traffic in the defender device. Also disclosed is an apparatus implementing the method, a computer program product and a system.

Abstract: Methods, computer program products, and systems are presented. The methods can include, for instance: generating a plurality of deep transfer learning networks. Further, the methods can include, for instance: encoding one or more transfer layers.

Abstract: Methods, devices, and non-transitory computer-readable storage media for network dataset processing are provided. An initial user interface in a terminal is generated. The initial user interface is configured to access a network dataset. A network dataset selected from the at least one network dataset is used as a target network dataset in response to selecting the at least one network dataset. A target virtual private network (VPN) node corresponding to the target network dataset is determined in response to an access operation on the target network dataset. An accelerated access channel between the terminal and the target network dataset is established through the target VPN node. The initial user interface is switched to an accelerated user interface. The network data processing information is displayed on the accelerated user interface. The network data processing information indicates that the accelerated access channel is used for accessing the target network dataset.

Abstract: Provided is a method for method for encrypting log file data in a multitenant database. The method comprises receiving a request to secure data of a tenant in a multitenant database. The method further comprises obtaining a symmetric encryption key that is specific to the tenant. The method further comprises encrypting data of the tenant using the symmetric encryption key. The data that is encrypted is stored in the multitenant database. The method further comprises encrypting a set of log file entries using the symmetric encryption key. The set of log file entries are associated with data of the tenant.

Abstract: A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: Systems and methods support transferring control of a workspace that operates on an Information Handling System (IHS). An authorization policy is established on the IHS that is modifiable only by an arbiter of a remote orchestration service. The authorization policy specifies authorized administrators of the workspace. The authorization policy is modified to specify the arbiter and a first remote orchestrator as authorized administrators of the workspace. Administration of the workspace by the first orchestrator is allowed based on credentials that validate it as an authorized administrator specified by the policy. A notification is received of a transfer of orchestration of the workspace to a second remote orchestrator. The authorization policy is modified to specify the arbiter and the second orchestrator as authorized administrators of the workspace.

Abstract: A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A first key management entity (KME) in a mobile edge network engages in quantum key distribution (QKD) with a second KME in a far network to generate a secret cryptographic key that is shared between the first KME and the second KME. The first KME determines a key identifier (ID) for associating with the cryptographic key, and sends the key ID to the second KME for association with the secret cryptographic key at the second KME. The first KME receives a session request from a first session endpoint for a session across at least one of the mobile edge network or the far network. The first KME sends the key ID and the cryptographic key to the first session endpoint for establishing an encrypted session across the at least one of the mobile edge network or the far network.

Abstract: A device or space existed in a physical space is registered in the form of a digital object in a virtual space, a digital twin service is provided through connection between an offline device or space and the digital object in the virtual space.

Abstract: According to an embodiment, a quantum cryptography storage system includes a plurality of storage, a distribution control device, and a distribution device. The plurality of storage devices are connected via a communication network. The distribution control device determines a distribution mode of shares into which data is distributed, based on quantum key distribution network (QKDN) information. The generation device generates an encryption key and a decryption key by using a quantum key shared by using a QKDN. The distribution device distributes the data into the shares, based on the distribution mode. When receiving a share encrypted using the encryption key via the communication network, each of the plurality of storage devices that stores the shares in a distributed manner decrypts the share encrypted with the decryption key and stores a share decrypted.

Abstract: A method for security and safety of an industrial operation includes receiving sensor information from a plurality of sensors of an industrial operation. Sensor information from at least a portion of the plurality sensors is used for functionality of a plurality of components of the industrial operation. The method includes monitoring data traffic of the industrial operation, and deriving a baseline signature from the sensor information. The baseline signature encompasses a range of normal operating conditions. The method includes identifying an abnormal operating condition of the industrial operation based on a comparison between additional sensor information from the plurality of sensors and the baseline signature and identifying an abnormal data traffic condition.

Abstract: A system for probe-based risk analysis for multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computational graph module configured to probe connection destinations for a response, analyze any received responses, and determine a verification score needed before granting access based at least in part on the analysis of the received responses. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A cryptographic method and system. A plurality of ciphers is identified in a message received by a recipient, such message encrypting a digital asset. A private key associated with the recipient is obtained. The private key corresponds to a public key associated with the recipient. The method includes solving for x in the equation: [(f0(R0?1N?0 mod S)+P?+f?(Rn?1N?n mod S))/(h0(R0?1N?0 mod S)+Q?+h?(Rn?1N?n mod S))]*h(x)?f(x)=0 mod p, where (i) P?, Q?, N?0, and N?n correspond to the ciphers in the received message; (ii) R0, Rn and S are data elements of the private key; (iii) f(·) is a polynomial function defined by coefficients f0, f1, . . . f? that are also data elements of the private key; and (iv) h(·) is a polynomial function defined by coefficients h0, h1, . . . h? that are also data elements of the private key. The value of x is assigned to the digital asset, which is then stored in non-transitory memory or packaged in a message sent over the data network.

Abstract: A continuous glucose monitor for wirelessly transmitting data relating to glucose value to a plurality of displays is disclosed, as well as systems and methods for limiting the number of display devices that can connect to a continuous glucose transmitter. In addition, security, including hashing techniques and a changing application key, can be used to provide secure communications between the continuous glucose transmitter and the displays. Also provided is a continuous glucose monitor and techniques for authenticating multiple displays, providing secure data transmissions to multiple displays, and coordinating the interaction of commands and data updates between multiple displays.