Abstract: Systems and methods are provided for coupling data structures in different domains to provide cross-domain data access. One example computer-implemented method includes receiving, from a requestor, an access request including a case type and an indicator of a domain and determining a restriction associated with the domain. The method also includes compiling a first message key specific to the access request and transmitting the first message key to the requestor. The method further includes receiving an information request including a second message key and a query specific to a person, verifying the second message key based on the first message key, and coupling to a data structure in the domain. The method then includes, in response to verifying the second message key, submitting the query from the information request to the coupled data structure and providing a response to the query, from the data structure, to the requestor.

Abstract: An enterprise security system is improved by managing network flows based on an application type. When a network message having an unknown application type is received at a gateway, firewall, or other network device/service from an endpoint, the endpoint that originated the network message may be queried for identifying information for the source of the network message and the application type may be determined, or the endpoint may periodically communicate application type information to the network device in a heartbeat or other periodic communication or the like. The network message may be managed along with other network traffic according to the application type.

Abstract: A method and system for performing query analysis are described. The method and system include receiving a query for a data source at a wrapper. The wrapper includes a dispatcher and a service. The dispatcher receives the query and is data agnostic. The method and system also include providing the query from the dispatcher to the data source and to the service as well as analyzing the query using the service.

Abstract: A method for outsourcing exponentiation in a private group includes executing a query instruction to retrieve a query element stored on an untrusted server by selecting a prime factorization of two or more prime numbers of a modulus associated with the query element stored on the server, obtaining a group element configured to generate a respective one of the prime numbers, generating a series of base values using the prime factorization and the group element, and transmitting the series of base values from the client device to the server. The server is configured to determine an exponentiation of the group element with an exponent stored on the server using the series of base values. The method also includes receiving a result from the server based on the exponentiation of the group element with the exponent.

Abstract: Systems, methods, and computer-readable media for facilitating an authentication processing service are provided.

Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.

Abstract: An edge node has a central processing operable to gather sensor node data via a sensor and store at least part of the sensor node data locally in a public region of a persistent storage. The edge node backs up duplicate portions of the sensor node data to public storage regions of peer-edge nodes. The edge node receives private data from a host that is coupled to the edge computing node and the peer edge nodes, and stores the private data in a private region of the persistent storage. The private region is protected from the peer edge nodes using distributed key management.

Abstract: Systems and methods are disclosed that provide for secure communications between a user device and an authentication system. The systems and methods create a dynamic identification for the device that is stored in both the device and authentication system.

Abstract: An electronic device, in disclosed embodiments, includes an antenna, transceiver circuitry coupled to the antenna, a memory configured to store a first operation key and instructions, and a processor coupled to the transceiver and to the memory. The processor is configured to execute the instructions stored in the memory to cause the electronic device to, in response to receiving a first transmission containing an encrypted version of a second operation key that is encrypted by the first operation key, decrypt the encrypted version of the second operation key using the first operation key to recover the second operation key, store the second operation key in the memory, transmitting, by a transmitter of the electronic device, a second transmission that contains the first operation key and a command.

Abstract: Authentication tokens, systems, and methods are described. An illustrative method is disclosed to include receiving an electronic file including a digital image, receiving biometric information that is associated with a person, modifying the electronic file with the biometric information such that one or more pixels in the digital image are replaced with the biometric information, and storing the modified electronic file as a digital authentication token to be used in connection with authorized publications of original digital work.

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for sharing, on a distributed database, a database application to a first user of the distributed database, the database application generated by a second user of the distributed database. The training dataset includes a first database training dataset from the first user of the distributed database and a second database training dataset from the second user of the distributed database, the first database training dataset and the second database training dataset including non-overlapping dataset features. The database application further identifies a query from the second user to train the machine learning model on the training dataset and generates a trained machine learning model by training the machine learning model on a joined dataset according to the query. The database application generates outputs from the trained machine learning model by applying the trained machine learning model on new data.

Abstract: The present disclosure generally relates to a system, comprising a mobile device configured to register with a service provider via an application program, obtain network credentials of communication networks operated by the service provider at various locations, connect to a communication network via the network credentials when approaching a selected location of the service provider, and transmit, to a first computing device via the communication network, a first identifier that uniquely identifies the mobile device. The system also comprises the first computing device positioned at service provider's locations and configured to receive and transmit the first identifier to a second computing device. The system also comprises the second computing device configured to receive the first identifier, compare the unique identifier to a plurality of unique identifiers, and provide a service customized to a user of the mobile device based at least upon the comparison result.

Abstract: A system and method for securely displaying patient data within a plurality of display windows of a display user interface is provided. Generally, a user may activate an access computing device by logging into a user profile via a first user interface of a first computing device and scanning a predefined pattern of said access computing device using a camera of the first computing device. If the system recognizes the predefined pattern and the user profile has the appropriate permission levels, a computer readable signal containing login credentials may be sent to the access computing device, allowing the user to access data of the system. In some embodiments, a user may activate a display by logging into a user profile having appropriate permissions and scanning a predefined pattern of the display. The user may use user interfaces of the system to control a plurality of display windows within the display user interface.

Abstract: Provided is a computer implemented method for performing mutual authentication between an online service server and a service user, including: (a) generating, by an authentication server, a server inspection OTP; (b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP and using the same generation key as an OTP generation key and a calculation condition different from a calculation condition is applied or a generation key different from the OTP generation key is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP; and (c) generating, by the authentication server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.

Abstract: Methods, systems, and apparatus, including an apparatus for managing user data according to user consent settings are described. In some aspects, a method includes determining that a request for transmission by a client device to a recipient will include user data of a user of the client device. In response determining that the request will include the user data, the method includes requesting, from a consent management module of the client device, current user consent settings specified by the user which define at least one of (i) user data that can be transmitted from the client device, (ii) how user data transmitted from the client device can be used or (iii) which recipients can receive and retain user data from the client device. The method further includes receiving, from the consent management module, the current user consent settings and generating request data according the current user consent settings.

Abstract: In one embodiment, data at rest is securely stored. A data safe performing data plane processing operations in response to requests of received read data requests, received write data requests, and received read information responses, with the data safe being immutable to processing-related modifications resulting from said performing data plane processing operations. In one embodiment, performing these data plane processing operations does not expose any pilot keys outside the data safe in clear form nor in encrypted form. The pilot keys are used to encrypt information that is subsequently stored in a storage system. One embodiment uses pilot keys to encrypt data that is subsequently stored in a storage system. One embodiment uses data cryptographic keys to encrypt data, uses the pilot keys to cryptographically-wrap (encrypt) the data cryptographic keys, and stores the cryptographically wrapped data keys and encrypted data in a storage system.

Abstract: In one embodiment, data at rest is securely stored. A data safe performing data plane processing operations in response to requests of received read data requests, received write data requests, and received read information responses, with the data safe being immutable to processing-related modifications resulting from said performing data plane processing operations. Performing these data plane processing operations does not expose any pilot keys outside the data safe in plaintext form nor in encrypted form. The pilot keys are used to encrypt information that is subsequently stored in a storage system. In one embodiment, the information encrypted and decrypted by the data safe includes data structure instances including feature-preserving encrypted entries generated using feature-preserving encryption on corresponding plaintext data items.

Abstract: Some embodiments provide a method for enforcing policies for authorizing API (Application Programming Interface) calls to an application operating on a host machine. The method receives a request to authenticate a client attempting to gain access to the application, and authenticates the client based on a first set of parameters associated with the request. Using a second set of parameters associated with the request, the method evaluates a set of one or more policies associated with a set of one or more API calls to the application. Based on the evaluated policies, the method defines a third set of one or more authentication field parameters that control the API calls that the client is authorized to make to the application. The method sends an authentication reply message with the defined third set of authentication field parameters in order to control the API calls that the client is authorized to make.

Abstract: A method comprises one or more of measuring metrics of a node during boot up, storing the metrics, generating a signature record from the stored metrics, and broadcasting the signature record when said node initializes a network connection.