Abstract: A system and method provide automatic access to applications or data. A portable physical device, referred to herein as a Personal Digital Key or “PDK”, stores one or more profiles in memory, including a biometric profile acquired in a secure trusted process and uniquely associated with a user that is authorized to use and associated with the PDK. The PDK wirelessly transmits identification information including a unique PDK identification number, the biometric profile and a profile over a secure wireless channel to a reader. A computing device is coupled to the reader. An auto login server is coupled to the reader and the computing device and launches one or more applications associated with a user name identified by the received profile.

Abstract: A display apparatus with increased security performance, for using the resources of a restricted secure world (SW), and/or an operation method thereof. The display apparatus may include a display, and a controller including at least one processor configured to perform one or more instructions to separately run a normal operating system (OS) and a secure OS, which are respectively executed in a normal world (NWD) and an SWD corresponding to a TrustZone.

Abstract: A method includes creating a sample of the generated work, generating a unique identifier, associating the unique identifier with the registration, generating a physical copy of the unique identifier, attaching the physical copy to the sample, taking an image of the sample with the physical copy attached to the sample, and registering the image. The method may further include encrypting a representation of the generated work with a public key. The method may further include transmitting a licensed identifier to a remote data computer system, receiving an occurrence from the remote data computer system, and executing a compensation routine based on the occurrence.

Abstract: An application executing on an endpoint accesses remote resources using a gateway. In response to a requested remote access, the application may be marked with a descriptor that specifies a target action and a pattern of occurrences of the target action. When a second observable action on the endpoint includes the pattern of events following the first observable action, a reportable event may be generated indicating a compromised state of the endpoint. The gateway can then regulate usage of the remote resource based on the reportable event.

Abstract: A mobile device can detect an idle state and, in response, initiate an access monitoring function to covertly monitor activity involving a human interaction with the mobile device. The covert monitoring is undetectable by a user of the mobile device. The mobile device can then detect a human interaction with the mobile device and, in response, cause the mobile device to covertly capture and log one or more human interactions with the mobile device. An authorized user of the mobile device is enabled to review the log of human interactions with the mobile device.

Abstract: A blockchain sharding method combining spectral clustering and a reputation value mechanism includes: obtaining, every other account grouping cycle Ta, account transaction data recorded during operation of a blockchain to generate an account transaction graph; obtaining an adjacency similarity matrix W and a degree matrix D based on the account transaction graph; generating a Normalized Laplace matrix L based on the adjacency similarity matrix W and the degree matrix D, performing dimension reduction on L to obtain a feature matrix F, and then clustering the feature matrix F with a clustering dimension of k by row through a K-means clustering method; and dividing blockchain accounts into k groups based on an obtained clustering result, and allocating accounts in the k groups to k blockchain shards.

Abstract: A system provides for a client to receive enhancement data without having personally identifiable information leave its systems. The system receives access to a client configuration and a data graph to perform configuration defined filtering and aggregation steps to produce a set of client files. These files contain a hashed version of PII from the data graph. They are then used by the client to match the identity of its population of objects to keys, the keys also being included in the set of client files. The client associates corresponding keys with objects in its own data graph, then requests enhancement data using only the keys. The data is returned using the matched keys without the use of personally identifiable information.

Abstract: Technologies are described for managing metadata associated with external content. For example metadata can be obtained that describes content stored on external systems. The metadata can be obtained without locally storing the content items themselves. For example, the metadata can be retrieved from the external systems while the external content continues to be stored on the external systems. The metadata can also include indications of the actions that can be performed in relation to the external content. For example, actions can be obtained (e.g., locally determined and/or obtained from the external systems) and added to the metadata. The metadata can be stored and used locally. For example, the metadata can be used to locally perform the actions in relation to the external content. The metadata can also be used to locally initiate actions that are then carried out in the external systems.

Abstract: Apparatuses, methods, and systems are disclosed for supporting a notification procedure during 5G registration over a non-3GPP access network. One apparatus includes a transceiver that communicates with a mobile communication network (“MCN”) via a trusted non-3GPP access network (“TNAN”) and a processor that receives a message that starts an EAP session with an access gateway in the TNAN. Here, the EAP session facilitates the establishment of a NAS signaling connection between the apparatus and the MCN and to encapsulate NAS messages exchanged between the apparatus and an AMF in the MCN. The processor receives an EAP notification request from the access gateway before the EAP session is completed. Here, the EAP notification request including at least one access parameter. The processor sends an EAP notification response and completes the EAP session.

Abstract: The present invention relates to a highly flexible, scalable multi-blockchain, hierarchical data-sharing and data-storing system, at least comprising a third-party blockchain system, a data-sharing blockchain system, and an application-layer client, wherein the data-sharing blockchain system performs data aggregation and hierarchical storage on shared data uploaded by the third-party blockchain system through accessing the data-sharing blockchain system, so as to allow the application-layer client to require the shared data from the data-sharing blockchain system. The disclosure herein creates a single reliable data-sharing blockchain apparatus based on blockchain systems, so as to facilitate aggregation of data coming from different blockchain systems, reduce node complexity and block data redundancy when data are acquired from multiple parties, and define different sharing rules for different data contents, thereby being adaptive to scenarios where data are shared among parties.

Abstract: A Software-Defined Networking (SDN)-based “upstream” approach is a controller-based solution that provides secure key distribution and management for multi-site data centers. The approach uses an SDN Multi-Site Controller (MSC) that acts as an intermediary between SDN controllers at sites in a multi-site data center and manages the distribution of keys to sites. The approach is not dependent upon any particular routing protocol, such as the Border Gateway Protocol (BGP), and is well suited for multicast stream encryption by allowing the same key to be used for all replicated packets sent to downstream sites from an upstream source site. The approach distributes keys in a secure manner, ensures that data transferred between sites is done in a secure manner, and supports re-keying with error handling.

Abstract: A system and method provide automatic access to applications or data. A portable physical device, referred to herein as a Personal Digital Key or “PDK”, stores one or more profiles in memory, including a biometric profile acquired in a secure trusted process and uniquely associated with a user that is authorized to use and associated with the PDK. The PDK wirelessly transmits identification information including a unique PDK identification number, the biometric profile and a profile over a secure wireless channel to a reader. A computing device is coupled to the reader. An auto login server is coupled to the reader and the computing device and launches one or more applications associated with a user name identified by the received profile.

Abstract: Implementations include a computer-implemented method for mitigating cyber security risk of an enterprise network, the method comprising: receiving an analytical attack graph (AAG) representing paths within the enterprise network with respect to at least one target asset, the AAG defining a digital twin of the enterprise network and comprising a set of rule nodes, each rule node representing an attack tactic that can be used to move along a path of the AAG; integrating the AAG with a knowledge graph comprising a set of asset nodes, each asset node representing a digital asset that can be affected by one or more of the attack tactics; determining, based on integrating the AAG with the knowledge graph, a plurality of security controls, each security control having an assigned priority value; and selectively implementing the security controls in the enterprise network based on the assigned priority values of the security controls.

Abstract: In various implementations, a system includes a mobile device and a computing server system. The mobile device executes instructions including generating profiles via the application program, where each profile contains information of an individual, identifying at least one of the profiles to transmit to recipients, obtaining an update to the profiles, and transmitting the update to the recipients. The computing server system transmits a profile template to the mobile device, receives the profiles generated in connection with the profile template, validates data fields of the received profiles generated based on the profile template, stores the received profiles that are validated, receives the update, updates the profiles accordingly, generates an identifier of the profiles, and transmits the identifier and data associated with the profiles to a computing device of the recipients.

Abstract: The present disclosure describes systems and methods for determining a subsequent action of a simulated phishing campaign. A campaign controller identifies a starting action for a simulated phishing campaign directed to a user of a plurality of users. The simulated phishing campaign includes a plurality of actions, one or more of the plurality of actions to be determined during execution of the simulated phishing campaign The campaign controller responsive to the starting action, communicates a simulated phishing communication to one or more devices of a user. The campaign controller determines a subsequent action of the plurality of actions of the simulated phishing campaign based at least on one of a response to the simulated phishing communication received by the campaign controller or a lack of response within a predetermined time period and initiating, responsive to the determination, the subsequent action of the simulated phishing campaign.

Abstract: Techniques for creating, sharing, and using bundles (also referred to as packages) in a multi-tenant database are described herein. A bundle is a schema object with associated hidden schemas. A bundle can be created by a provider user and can be shared with a plurality of consumer users. The bundle can be used to enable code sharing and distribution without losing control while maintaining security protocols.

Abstract: Systems and methods are disclosed for identifying resources responsible for events. In one embodiment, a method may include determining a number of unique actors in a plurality of actors that have accessed the resource. The method may further include identifying from the plurality of actors a set of affected actors that has been affected by an event and identifying from the set of affected actors a subset of resource-affected actors that accessed the resource prior to being affected by the event. The method may further include determining a number of resource-affected actors in the subset of resource-affected actors and, based on the number of unique actors and the number of resource-affected actors, determining an event score for the resource. The event score may be a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors.

Abstract: A digital steganography system comprises a message sender in electronic communication with a message receiver through a social media platform. The message sender uses a compute device configured to conceal a secret digital message in the semantic components of a digitally synthesized image which is uploaded onto the social media platform and published in a social media post. As part of the message encoding process, the compute device for the message sender coverts the digital message into binary code, applies encryption and error-correction algorithms, and then implements image synthetization operations to yield the digitally synthesized image. The message receiver is provided with a compute device configured to identify the social media post, automatically download the synthesized image, and apply an inverse set of the image synthetization operations to yield binary code which is subsequently decoded and decrypted in order to extract the original covert message.

Abstract: In an approach to improve service routing, embodiments route a service request to an execution environment. Embodiments provide a plurality of execution environments, wherein in each execution environment executable services are deployable, provide a service registry maintaining a plurality of execution environments, and receive, by the service registry, a service routing request. Further, embodiments determine a required trust level for a service relating to the service routing request by using a trained machine-learning system for outputting a trust level class when receiving service context data of the service relating to the service routing request as input, determine, using the service registry, a set of execution environments matching the output trust level class, and select, by the service registry, one execution environment of the determined set of execution environments.

Abstract: Methods and systems for securely managing personal data associated with image processing include an image sensor configured to capture an image, a local computer system local to the image sensor, and a backend computer system remote from the image sensor. The local computer system has a processor with a trusted execution environment (TEE) that detects anomalies in images from the image sensor, extracts personal data from the image, and encrypts the personal data. The local computer system then sends the extracted, encrypted personal data to the backend computer system, where a backend TEE decrypts the extracted, encrypted personal data, and performs data processing by comparing the decrypted personal data to other personal data that is stored in a backend database in the backend computer system.