Abstract: Embodiments provide a method for facilitating sharing of digital documents between a sharing party and a relying party. The method includes receiving, by a processing system, an access request for accessing at least one attribute of a digital document. The access request is initiated at a relying party interface in a document sharing application. The method further includes sending, by the processing system, the access request to a sharing party interface in the document sharing application for approval of providing access to the at least one attribute of the digital document by the sharing party to the relying party. The method further includes, upon receiving the approval from the sharing party interface, generating a machine-readable encrypted code for the at least one attribute of the digital document. The method further includes sending the machine-readable encrypted code to the relying party interface.

Abstract: A suspicious event analysis device includes: a display device; a communication circuit, arranged to operably receive multiple suspicious activities records related to multiple computing devices in a target network and corresponding multiple time stamps and multiple attribute tags through internet; a storage circuit, arranged to operably store a suspicious event sequence diagram generating program; and a control circuit, arranged to operably execute the suspicious event sequence diagram generating program to conduct a suspicious event sequence diagram generating operation, so as to identify multiple suspicious events related to the target network as well as multiple time records corresponding to the multiple suspicious events, and to generate and display a suspicious event sequence diagram corresponding to the multiple suspicious events according to the multiple suspicious events and the multiple time records.

Abstract: Implementations of the present specification disclose a method, apparatus, device, and a readable medium for identifying private data. A solution includes: obtaining a first length distribution vector and first character distribution statistical information of a first data set, the first data set being a set of private data samples; obtaining a second length distribution vector and second character distribution statistical information of a second data set, the second data set being a set of at least a part of data samples corresponding to a to-be-identified field; calculating a length distribution similarity and a character distribution similarity between the first data set and the second data set, and determining whether data corresponding to the to-be-identified field is private data of a same type as the first data set based on the length distribution similarity and the character distribution similarity.

Abstract: A method, computer program product, and computing system for coupling password-resetting content to an IT computing device. The password-resetting content is validated on the IT computing device. The password-resetting content is processed to reset one or more passwords associated with the IT computing device.

Abstract: A process of filtering a wireless service provided to at least one wireless device from a wireless network includes receiving identification of the at least one wireless device in a filtering server from an administrator and receiving filtering instructions from the administrator in the filtering server. The process further including receiving a request for an internet resource from at least one wireless device, comparing the request for the internet resource to the filtering instructions to determine whether the requested internet resource is allowable in view of the filtering instructions or not allowed based on the filtering instructions. The disclosure also provides a system as well.

Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may support the correlation of identities determined authoritative source systems with uncorrelated accounts within an enterprise using artificial intelligence techniques.

Abstract: Methods and devices are disclosed. A method, performed in a user application, of creating a trusted bond between a hearing device and the user application is disclosed, wherein the method comprises obtaining first authentication material; transmitting a first authentication request comprising a first authentication type identifier and first authentication data to the hearing device; receiving an authentication response comprising an authentication key identifier; storing an authentication key and the authentication key identifier, wherein the authentication key is based on the first authentication material; and connecting the user application to the hearing device using the authentication key and the authentication key identifier.

Abstract: Approaches for monitoring a host operating system. A threat model is stored and maintained in an isolated execution environment. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken.

Abstract: Technologies are described for managing metadata associated with external content. For example metadata can be obtained that describes content stored on external systems. The metadata can be obtained without locally storing the content items themselves. For example, the metadata can be retrieved from the external systems while the external content continues to be stored on the external systems. The metadata can also include indications of the actions that can be performed in relation to the external content. For example, actions can be obtained (e.g., locally determined and/or obtained from the external systems) and added to the metadata. The metadata can be stored and used locally. For example, the metadata can be used to locally perform the actions in relation to the external content. The metadata can also be used to locally initiate actions that are then carried out in the external systems.

Abstract: A system for real-time authenticated obfuscation of electronic data provides real-time visual obfuscation of the data by transforming displayed data into undecipherable data when viewed by an unauthorized user while maintaining access for an authorized user. The system may further provide application-level obfuscation of electronic data via cryptographic keys such that only authorized applications may decrypt the encrypted data. In this way, the system provides secure access control of electronic data within a networked environment.

Abstract: Example apparatus and methods may include: (1) a system and method for enrolling a single user's gait pattern using only accelerometer magnitude data; (2) an efficient and low-power method for continuously generating biometric match scores against the enrolled model at run-time using two phases: detection and authentication; (3) an adaptive method for continuously updating the user model by comparing temporary models generated at regular intervals to the canonical user model; and (4) accelerometer samples captured on a wearable and streamed to a mobile device for further processing.

Abstract: Applying data owner-defined data protection policies for identity data security within a blockchain environment is provided. A data sharing request for an identity data attribute corresponding to a data owner is received from a data consumer. A data protection policy defined by the data owner that corresponds to the identity data attribute requested by the data consumer is retrieved from a blockchain. The data protection policy is applied to the identity data attribute requested by the data consumer to determine amount of data sharing with the data consumer.

Abstract: Techniques are provided to implement a key management service using key proxies and generational indexes, which allows client applications to obtain data cryptographic services without having to utilize or otherwise have knowledge of cryptographic keys. For example, a key management service receives a data decryption request from a client application. The data decryption request includes encrypted data and a key proxy assigned to the client application. The key management service determines a generational index associated with the encrypted data. The generational index identifies a generation of a cryptographic key which is associated with the key proxy and which was used to create the encrypted data. The key management service obtains a cryptographic key from a secure key vault, which is mapped to the received key proxy and the determined generational index, decrypts the encrypted data using the obtained cryptographic key, and sends the decrypted data to the client application.

Abstract: A compromise detection system protects data centers (DCs) or other providers in the cloud. The compromise detection system can detect compromised virtual machines (VMs) through changes in network traffic characteristics while avoiding expensive data collection and preserving privacy. The compromise detection system obtains and uses periodically-obtained flow pattern summaries to detect compromised VMs. Agent-based detection on predetermined and compromised VMs can expose (using supervised learning) the network behavior of compromised VMs and then apply the learned model to all VMs in the DC. The compromise detection system can run continuously, protect the privacy of cloud customers, comply with Europe's General Data Protection Regulation (GDPR), and avoid various techniques that both erode privacy and degrade VM performance.

Abstract: The car sharing system includes a car share device and an encryption code updating unit. The car share device is configured to perform wireless communicate with a mobile terminal that is operable as a vehicle key. The encryption code updating unit updates a first encryption code, which was used during a previous connection of the mobile terminal and the car share device, to a second encryption code, which differs from the first encryption code, when the mobile terminal and the car share device are reconnected.

Abstract: Systems, methods, and computer-readable storage media for permission control in a social media platform. An exemplary system receives a social media profile of a user, encrypts/anonymizes the profile using asymmetrical encryption, then asks the user for permission before sharing any aspect of the user's profile with other entities. As the user engages with social media content on the social media platform, options are provided to the user which grant the user the opportunity to share specific portions of their profile with other entities, which sharing is done using a private key exclusive to the user.

Abstract: The present disclosure generally relates to a system, comprising a mobile device configured to register with a service provider via an application program, obtain network credentials of communication networks operated by the service provider at various locations, connect to a communication network via the network credentials when approaching a selected location of the service provider, and transmit, to a first computing device via the communication network, a first identifier that uniquely identifies the mobile device. The system also comprises the first computing device positioned at service provider's locations and configured to receive and transmit the first identifier to a second computing device. The system also comprises the second computing device configured to receive the first identifier, compare the unique identifier to a plurality of unique identifiers, and provide a service customized to a user of the mobile device based at least upon the comparison result.

Abstract: Methods and systems according to embodiments of the invention provide for a framework for privacy-preserving machine learning which can be used to obtain solutions for training linear regression, logistic regression and neural network models. Embodiments of the invention are in a three-server model, wherein data owners secret-share their data among three servers who train and evaluate models on the joint data using three-party computation (3PC). Embodiments of the invention provide for efficient conversions between arithmetic, binary, and Yao 3PC, as well as techniques for fixed-point multiplication and truncation of shared decimal values. Embodiments also provide customized protocols for evaluating polynomial piecewise functions and a three-party oblivious transfer protocol.

Abstract: In one embodiment, data at rest is securely stored. A data safe performing data plane processing operations in response to requests of received read data requests, received write data requests, and received read information responses, with the data safe being immutable to processing-related modifications resulting from said performing data plane processing operations. Performing these data plane processing operations does not expose any pilot keys outside the data safe in plaintext form nor in encrypted form. The pilot keys are used to encrypt information that is subsequently stored in a storage system. In one embodiment, the information encrypted and decrypted by the data safe includes data structure instances including feature-preserving encrypted entries generated using feature-preserving encryption on corresponding plaintext data items.

Abstract: A secure machine learning system of a database system can be implemented to use secure shared data to train a machine learning model. To manage the model, a first user of the database can share data in an encrypted view with a second user of the database, and further share one or more functions of an application that accesses the data while the data is encrypted. The second user can access functions of the application and can call the functions to generate a trained machine learning model and further generate machine learning outputs (e.g., predictions) from the trained model.