Abstract: Examples relate to identifying signatures for data sets. In one example, a computing device may: for each of a plurality of first data sets, obtain a data set signature; generate a first data structure for storing each data set signature that is distinct from each other data set signature; for each of a plurality of second data sets, obtain at least one data subset; generate a second data structure for storing each data subset; remove, from the first data structure, each data set signature that matches a data subset included in the second data structure; and for each data set signature removed from the first data structure, identify each first data set from which the data set signature was obtained; and for each identified first data set, obtain a new data set signature.

Abstract: A method of installing an application on a device configured with a plurality of personas is disclosed. The method includes receiving an indication to engage a first persona of the plurality of personas. The method further includes causing an indication of the first persona to be displayed. The method further includes receiving via an interface associated with the first persona, an indication to install a first application. The method further includes causing the first application to be installed. The method further includes causing the installed first application to be associated with the first persona.

Abstract: A malicious URL detection method, apparatus, and storage medium are provided. The method includes rolling back a virtual machine to an initiating state in response to detecting a trigger event of the virtual machine. In the initiating state, page content of a target URL is loaded using the virtual machine. Using the virtual machine, an application program linked to the page content is run. A system snapshot file of the virtual machine is obtained in at least one state of the initiating state, a state in which the loading of the page content is completed, or a state in which the application program is being run. Malicious URL detection is performed on the target URL based on the obtained system snapshot file.

Abstract: A random number sequence generation apparatus includes: a semiconductor laser device repeatedly generating a pulsed laser beam having a disordered phase; an interferometer including a first transmission line and a second transmission line, a first port connected to an input terminal side and to which the pulsed laser beam is input, a second port connected to an output terminal side and outputs the pulsed laser beam, and a third port connected to the input terminal side; a Faraday mirror connected to the second port and reflecting the pulsed laser beam; a photodiode connected to the third port and outputs an electrical signal in accordance with interference light of the pulsed laser beam that is reflected by the Faraday mirror and passes through one of the transmission lines; and an AD converter configured to generate a random number sequence on the basis of the electrical signal and a threshold.

Abstract: A system for and a method of regulating the data interconnections between applications running on an infrastructure are provided. The system/method records access permission data into metadata embedded in the source code of each such application that regulates the data that can be received or transmitted by that application. In addition to regulating the receipt or transmission of data, the metadata can serve to provide instruction to firewalls and other regulating systems in order to configure those systems to allow the applications to receive and transmit data for which permissions have been recorded.

Abstract: In an example, a method includes pairing a first electronic device and a data relay apparatus associated with a second electronic device to establish a secure wireless communication link therebetween. Each of the first electronic device and the data relay apparatus may be associated with an identifier and a verifier, each verifier being to verify the identifier of the other of the first electronic device or data relay apparatus. The pairing may include mutual verification of an identifier using the verifier, establishing shared key data and using the shared key data to establish a shared secret value for use in determining a derived key.

Abstract: Systems and methods for identity and access management are provided in a service mesh that includes a plurality of interconnected microservices. Each microservice is associated with a microgateway sidecar. The associated microgateway sidecar may intercept a request for the associated microservice sent over a communication network from a user device. Such request may include data regarding a context of the request. A token associated with the request may be enriched based on the context data and sent to at least one other microservice. A database of security policies for each of the microservices may be maintained. An authentication engine may generate a risk profile for the request based on the context data of the request and one or more of the security policies in the database. One or more of a plurality of available security workflows may be selected based on the risk profile.

Abstract: An intelligent transportation system, ITS, station (600) comprising: a host processor (640); and a memory (664) operably coupled to the host processor (640). The host processor (640) is configured to: perform precomputation of certificate data associated with an identity to be verified on a per identity basis; store precomputation data for a plurality of verified identities in the memory (664); and extract stored precomputation data from memory (664) and use the stored precomputation data to perform accelerated verification of subordinate certificates.

Abstract: The provision of additional network resources (e.g., in the form of a dedicated super slice), can be requested on demand a per needed basis when higher capacity or performance is requested to facilitate the delivery of a service, when the delivery of the service cannot be met by a network slice associated with the service. A request for using a super slice can be sent to a management gateway device (mGW). The mGW can send the request for authorization to access the additional resources to a management device that manages the additional resources. Authorization can be granted for the additional resources to be used to facilitate or enable tasks that allow for continued delivery of that service.

Abstract: A given node associated with a plurality of nodes registers a decentralized identity for the given node on a decentralized identity blockchain. The registered decentralized identity is controlled by the given node and defined by an identity record stored on the decentralized identity blockchain. The registered decentralized identity for the given node is used to access one or more resources of a given decentralized application.

Abstract: An appliance includes a processor, a medium, a registration application, and a monitoring application. The registration application includes instructions in the medium that, when read and executed by the processor, configure the registration application to write a transaction identifier to a start message, the transaction identifier identifying the appliance, write a dataset of interest identifier to the start message, and send the start message to a database. The dataset of interest identifies a group of appliances including the appliance. The monitoring application includes instructions in the medium that, when read and executed by the processor, configure the monitoring application to monitor operations executed on the appliance, write data resulting from the operations to a data message, and send the data message anonymously to the database. The data message is signed with a member key associated with the group of appliances.

Abstract: A flight data exchanging method includes receiving a control instruction for transmitting flight data of an aerial vehicle, encrypting the flight data, transmitting the flight data to a server, and receiving a transmission status of the flight data from the server.

Abstract: An authentication process for an endpoint device uses a pair of tokens. Tokens are generated at an authentication server that maintains a data store of token states, where the states are defined to include a “normal” state sequence along which a token is expected to advance. The endpoint device can store a token pair in non-volatile local storage. To authenticate, the endpoint device can provide its stored token pair to the authentication server, which can determine whether authentication succeeds based on the states of the tokens in the token pair. After successful authentication, the authentication server can provide a new token pair to the endpoint device and advance the token states along the normal sequence. When the endpoint device confirms receipt of the new token pair, which replaces the previous token pair, the authentication server can advance the state of the tokens again.

Abstract: A system for determining a calculation utilizing differential privacy including an interface and a processor. The interface is configured to receive a request to determine a result of a calculation using multitenanted data. The processor is configured to determine result data by performing the calculation on the multitenanted data; determine a deterministic modification in the event that the deterministic modification is needed to ensure privacy; modify the result data using the deterministic modification to determine modified result data; and provide the modified result data.

Abstract: A first device specifies a privacy specification. The privacy specification includes at least a safe zone and a precision parameter may also be specified. A second device, such as an untrusted server, uses the privacy specification to provide guidance to the first device on how to perturb sensitive data. The first device then uses the guidance to transform sensitive data and provides it to the second device. The data transformation permits the first device to share sensitive data in a manner that preserves the privacy of the first user but permits statistics on aggregated data to be generated by an untrusted server.

Abstract: Techniques for verifying message authenticity is provided. In some implementations, a verification request to verify authenticity of a first message is received from a user computing device. The verification request includes a first user identifier and verification information. A delivery message record is obtained. The delivery message record includes a plurality of entries associated with one or more messages sent to one or more user computing devices. Each entry includes a user identifier and feature information of a respective message of the one or more messages. At least one entry that has a second user identifier matching the first user identifier is identified. In response to determining that the feature information of the identified at least one entry matches the verification information from the verification request, a verification message is provided to the user computing device. The verification message indicates that authenticity of the first message is verified.

Abstract: A method and an information handling system for security management across a plurality of diverse execution environments. The method includes associating, based on a distributed computing framework, a secure execution environment interface with each diverse execution environment. The method includes receiving a general access policy to access at least one secure memory region associated with a respective one of the diverse execution environments. In response to a request to access a memory region associated with at least one diverse execution environment, the method includes prompting for entry of security credentials. In response to receiving and verifying the security credentials, the method establishes access to the secure memory region of the respective diverse execution environment. The method includes executing a subroutine to modify at least a subset of the secure memory region, and the method includes returning a result to a distributed application via the secure execution environment interface.

Abstract: A system and methods for creating a non-reputable digital record of an identification (ID) document (ID-document) of an ID-holder, by a verifier-server. The system includes at least one verifier-server of a verifier and ID-holder-computing-device. The method includes authenticating a captured ID provided by the ID holder and extracting PII fields from the captured ID; cryptographically protecting jointly and severally the extracted-PII-fields, wherein the cryptographically protecting includes individually hashing each one of the PII fields; and transmitting from the verifier-server, to the ID-holder-computing-device, a verification-result comprising PII-hash-pairs, the individually-hashed-PII-fields, and a verifier-server-signature, the verification-result being the non-reputable digital record. Also disclosed are systems and methods for using the digital record for secured interaction between the ID holder and a vendor.

Abstract: An online system develops a model to predict the identity of unknown users accessing the online system. The online system interacts with users who are known by the online system (e.g., because they are logged in), termed known users, and users who are unknown by the online system. The model attempts to predict the identity of unknown users. To train the model, a set of training data with training weights is generated. The training data includes a set of access events from known users. The set can include access events from unknown users who accessed the system and subsequently became identified (referred to as hindsight events). To account for a distribution in training data, the training data is applied to a scoring model to identify training data that resembles known events. A scaling model then scales the scores to generate training weights. The weights may be higher for access events with characteristics that resembles hindsight events.

Abstract: A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme in combination with an external secret. An initial master secret is generated and then transformed into a final master secret using an external secret. A plurality of shares are generated from the initial master secret and distributed to the storage devices. The data of each storage device is encrypted with a device-specific key, and this key is encrypted using the final master secret. In order to read the data on a given storage device, the initial master secret reconstructed from a threshold number of shares and the external secret is retrieved. Next, the initial master secret is transformed into the final master secret using the external secret, and then the final master secret is used to decrypt the encrypted key of a given storage device.