Abstract: A system includes a processing device and memory device to provide a data set to an artificial intelligence filter trained to detect sensitive data based on sensitive data rules and detect one or more sensitive data values in the data set. The one or more sensitive data values are replaced with one or more substitute values in the data set, and the data set is associated with a key value. The data set is sent with the one or more substitute values to a third-party service to obtain a result. The key value associated with the result is identified. The one or more sensitive data values associated with the one or more substitute values are determined based on the key value. The one or more substitute values are replaced with the one or more sensitive data values in combination with a portion of the result to create a modified result.

Abstract: Streaming data is received that is derived from at least one sensor (e.g., IoT sensors, etc.). At least one differential privacy algorithm is subsequently used to anonymize the received streaming data. The modified streaming data can then be provided (e.g., made available, stored, transmitted over a network, etc.) to at least one consuming computing device. Related apparatus, systems, techniques and articles are also described.

Abstract: An example system may include a processor and memory, wherein the processor is configured to perform one or more of gather hashed commitments inputs from a plurality of user peers until a current time of a blockchain network equals to a hashed commitments inputs end time (t1), collect plain text inputs until the current time of the blockchain network equals to a plain text inputs collection end time (t2), wherein the t2 is greater than the t1, and execute a chaincode of the smart contract to: compare generated hashes of the plain text inputs against previously stored hashes, in response to a match, store the plain text inputs into an input array, and perform a compute function on the input array.

Abstract: A method, computer system, and a computer program product for enhanced user authentication is provided. The present invention may include obtaining, from a user device, a user name associated with the user device. The present invention may also include obtaining, from the user device, a system name associated with the user device. The present invention may then include identifying, in a database of a security device in communication with the user device, a password associated with the obtained user name and the obtained system name. The present invention may then include, in response to a login prompt of the user device, automatically injecting the identified password from the security device in communication with the user device into the login prompt.

Abstract: Provided are a computer program product, system, and method for using trap cache segments to detect malicious processes. A trap cache segment to the cache for data in the storage and indicated as a trap cache segment. Cache segments are added to the cache having data from the storage that are not indicated as trap cache segments. A memory function call from a process executing in the computer system reads data from a region of a memory device to output the read data to a buffer of the memory device. A determination is made as to whether the region of the memory device includes the trap cache segment. The memory function call is blocked and the process is treated as a potentially malicious process in response to determining that the region includes the trap cache segment.

Abstract: A method comprising: generating, by a processing unit, a plurality of requests for a given webpage, each request having at least one unique parameter value of one or more parameters that can affect the response of a web server; sending, by the processing unit, the requests to the web server; receiving, by the processing unit, in response to each request, a corresponding response; and generating, by a processing unit, by analysis of the responses, a list of identifiers of approved scripts to be executed by web-browsers on a plurality of client devices.

Abstract: An apparatus for use in an identity management system includes a storage device; a network interface; and a processor, the storage device storing software instructions for controlling the processor to: process a request, received via a network interface, for an exclusive claim to a unique identifier associated with an individual; verify the individual's claim to the unique identifier is proper; if the individual's claim is verified, create a user account, wherein the user account is associated with the respective individual's claimed unique identifier; provide a look up service for responding to external queries regarding whether individual unique identifiers of the type claimed by the individual have been claimed; and provide proof of the identity of the individual based on the individual's exclusive claim to the claimed unique identifier in response to a request to provide said proof if authorized by the individual through the user account.

Abstract: A communication device may send a public key externally; receive a specific signal from a first external device; determine whether a radio field intensity of the received specific signal is equal to or greater than a threshold value; receive an authentication request from the first external device; in a case where it is determined that the radio field intensity is equal to or greater than the threshold value and the authentication request is received from the first external device, send an authentication response to the first external device; after the authentication response has been sent to the first external device, receive connection information from the first external device; and establish, by using the connection information, a wireless connection between the communication device and a second external device.

Abstract: In some aspects, an apparatus for encoding data for transmission to a receiver device having an initial common cryptographic key with the apparatus comprises a memory device and a hardware processor. The memory device is configured to store a plurality of parameters associated with a plurality of cryptographic protocols, the plurality of parameters comprising the initial common cryptographic key. The hardware processor is configured to generate a frame comprising a plurality of fields defining instructions related to one or more of a first cryptographic scheme, a first cryptographic key operation, and a first cryptographic key length that are derived from the plurality of parameters for use in a subsequent communication session with the receiver device.

Abstract: A method is provided for identifying a strength of an input picture password formed by performing a sequence of gestures relative to a picture. The method includes storing, in a memory device, a crowdsource history of picture passwords each of which include a picture and a sequence of gestures on the picture. The method further includes generating, by a processor-based demography-based pattern usage assessment generator, a demography-based pattern usage assessment by analyzing the crowd source history. The method also includes providing, by a user-perceptible indication device, an indication of the strength of the input picture password in accordance with the demography-based pattern usage assessment.

Abstract: Systems and methods for authenticating a user for a service provider system. A request to authenticate a user is received from a service provider system in an authentication management system. An authentication request is transmitted from the authentication management system to a registered device associated with the user. An authentication confirmation is received from the registered device in the authentication management system. An authentication verification is provided to the service provider system in response to receiving the authentication confirmation.

Abstract: The present disclosure relates to a method and system for managing and securing a distributed ledger for a decentralized peer-to-peer (p2p) network. The method receives an encrypted block and a group key generated by at least one peer node on the p2p network, wherein each peer node is IoT device and determines a virtual device block in a device chain on verifying the unique device ID, and address of a corresponding event chain associated with the virtual device block. Further, the method generates a transaction ID for a new transaction using the unique ID of the virtual device block and determines a valid event block in the event chain associated with the virtual device block for storing the new transaction and associated transaction ID. Further, the method updates the distributed ledger with the valid event block upon verification by one or more peer IoT devices of the p2p network.

Abstract: Systems, methods, and program products for managing digital production from one or more production devices with one or more sources providing inputs of production designs and/or production options are disclosed.

Abstract: A processor-implemented liveness test method includes: obtaining a color image including an object and an infrared (IR) image including the object; performing a first liveness test using the color image; performing a second liveness test using the IR image; and determining a liveness of the object based on a result of the first liveness test and a result of the second liveness test.

Abstract: An apparatus for mitigating a DDoS attack in a networked computing system includes at least one detector coupled with a corresponding router in the networked computing system. The detector is configured: to obtain network flow information from the router regarding current data traffic to at least one host; to compare the current data traffic to the host with stored traffic patterns associated with at least one prior DDoS attack; and to generate an output indicative of a match between the current data traffic and at least one of the stored traffic patterns. The apparatus further includes at least one mitigation unit coupled with the at least one detector. The mitigation unit is configured: to receive the output indicative of the match between the current data traffic and at least one of the stored traffic patterns; and to initiate a DDoS attack mitigation action in response to the received output.

Abstract: An electronic message delivery service receives a request to transmit an electronic message to a recipient. In response to the request, the electronic message delivery service determines first information from the electronic message usable to uniquely identify the electronic message. The electronic message delivery service obtains, based at least in part on the first information and a cryptographic key, cryptographic information that can be inserted into the electronic message. The electronic message delivery service inserts the cryptographic information and second information usable to validate at least a portion of the electronic message with the cryptographic information into the electronic message. The electronic message is transmitted to the recipient.

Abstract: A system for providing an application includes an interface and a processor. The interface is configured to receive an indication to provide an application to a device. The processor is configured to provide the application to the device. The application is configured to receive a request for credentialed information associated with a user from a requesting server; determine whether a stored credential satisfies the request for the credentialed information; and in response to a determination that the stored credential satisfies the request for the credentialed information: determine a response credential for responding to the request; determine that the user approves sharing the credentialed information indicated by the response credential; and provide the response credential to the requesting server.

Abstract: A method of communicating through a less secure messaging system provides an option of masking messages sent from a second party to a first party so that they are unreadable when received by the first party. For some embodiments, it may be that they are visible, but unreadable, other embodiments, not visible. In either case, an authorization may be provided by the first party to make the masked messages readable messages, for many embodiments until a session rule makes the readable message a masked message again.

Abstract: One or more security groups associated with a cloud provider are determined. One or more network polices associated with a container-orchestrator system are determined. One or more network security policies are generated based on the one or more determined security groups associated with the cloud provider and the one or more determined network policies associated with the container. The one or more network security policies are distributed to one or more VM instances of a cloud network. The one or more VM instances are configured to enforce network security based on the one or more network security policies.

Abstract: A data validation system in a communication network has a bidirectional control plane and an independent message production plane. A sending device and a validation device communicate via the control plane and the production plane. A signer device and a validation device access message data from the sending device via the production plane. A computer-based network key manager conveys key data to the signer device and validation device via the control plane. The signer device accesses a message from the message sending device, produces a signature, and attaches the signature to the message. The validation device accesses the message received at the receiving device and uses the key data to validate the signature.