Abstract: Disclosed is an access point (AP) for a network that includes security features for interacting with devices on the network. The other devices on the network may be other APs, client devices, or a backend configuration server. The access point includes a private key that is used to verify signals to and from (the private key may be different for different functions). In the case of other APs, the private key is used to verify control signals sent between the APs to identify and prevent a hijacked AP from taking control of the network by sending false control signals. In the case of a client device, the client device may use the subject AP's private key to identify that the subject AP is a trusted member of the network that may receive data. In the case of the backend server, the subject AP may verify configuration updates via use of the private key to prevent loading of malicious firmware.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.

Abstract: A system includes a storage device having a first encryption protocol, and a controller having a second encryption protocol. A processor implements the first encryption protocol or the second encryption protocol based on a strength of each encryption protocol, a topology of the system, a federal information processing standard certification status, a virtualization support, a multi-key support, a multi-band support, and an enterprise key management server support. Storage transactions may be encrypted using the implemented encryption protocol.

Abstract: Systems, methods, apparatuses, and computer program products for securing user plane (e.g., MB2-U) interface between a group communication service application server (GCS AS) and Broadcast Multicast Service Center (BM-SC) are provided. One method may include transmitting a message via a control plane, to an application server, indicating whether to establish a security association on a user plane in an interface between the GCS AS and the BM-SC. The method may also include providing, to the GCS AS, a target internet protocol (IP) address and possible port as a target for the security association.

Abstract: The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

Abstract: This application is directed to a distributed data processing method performed at a server system coupled to a linear communication orbit. The server system has a plurality of function modules. Each function module is configured to collect data related to a core function from the linear communication orbit. Each function module includes an internal client configured to adaptively perform a set of data processing operations according to a schema definition, including generating a data collection request for collecting raw data items, sending the data collection request through the linear communication orbit, collecting the requested raw data items from a set of machines via the linear communication orbit, and performing analysis on the collected raw data items. In some embodiments, a central data management module of the one or more servers is configured to provide the schema definition to and receive result data reported from the function modules.

Abstract: Method of authentication including sending a login web page to a first device of a user including a scannable code having an envelope ID and a login challenge. The envelope ID generated by an identity manager is associated with a first envelope of data including a session ID. A confirmation login request is received from a second device associated with the user, and includes a second envelope of data comprising the session ID, a user ID, and a seal of the user ID registering the user ID with the identity manager. The confirmation login request to the login challenge is verified using the session ID, and the user is verified using the user ID and seal. User login is authorized upon successful verification of the login challenge and user, and a communication session having the session ID is established between the web server and the first device.

Abstract: A method of encryption and decryption of data over a network using an artificial neural network installed on each node of the network. The data protection elements—encryption keys, encryption algorithms, and encryption obfuscation—are generated or selected, respectively, at a new instance of communication across the network and no data protection elements are transmitted across the network. The artificial neural network is trained on a blockchain with the addition of each new block to the blockchain and is used to generate a finite set of encryption keys at each node simultaneously. Such encryption keys, encryption algorithms and encryption obfuscation are associated with the neural network on each node and are then used for decryption of the transmitted data.

Abstract: An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.

Abstract: Methods and apparatuses for retrieving blockchain data are disclosed. One method comprises: receiving a data retrieving request that comprises a target transaction identifier; identifying a transaction storage location that corresponds to the target transaction identifier as a target transaction storage location based on a pre-stored correspondence between transaction identifiers of transactions recorded on a blockchain associated with the blockchain network and transaction storage locations of the transactions; and retrieving data from the target transaction storage location in the blockchain.

Abstract: Systems, methods, and software can be used to provide secure inter-vehicle data communications. In some aspects, a method, comprising: receiving, at a security server and from a hardware security processor connected to a system bus of a vehicle, security confidence data of the vehicle, wherein the security confidence data include at least one of version information of a software code executing on a component of the vehicle, diagnostic data information of the vehicle, or data traffic pattern information of the vehicle; determining, at the security server, a security confidence score of the vehicle; receiving, at the security server, a query from a different vehicle; and in response to the query, transmitting the confidence score of the vehicle to the different vehicle.

Abstract: A system includes at least one processor to extract at least one data value from a record in a remote data store as a primary key that uniquely represents the record in the remote data store, encrypt the primary key using a secret key and an initialization vector to create a reversible public identifier that represents the primary key and the record in the remote data store, receive the reversible public identifier at a second instance after the first instance, query at least one data value different from the primary key in the remote data store using the reversible public identifier based on a GraphQL application programming interface (API) request, and transmit the at least one data value different from the primary key in the remote data store using the GraphQL API at a third instance after the second instance.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: Systems and methods for automatically grouping vulnerabilities into vulnerability groups are provided. Vulnerabilities are received in the vulnerability response system and are automatically grouped into one or more vulnerability groups based upon grouping fields defined in a vulnerability group rule.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Embodiments include generating a request for data from a data source, the request including plaintext data and encrypted data, the encrypted data including access data and a hash of the plaintext data, transmitting the request to a relay system component external to the blockchain network, receiving a result from the relay system component that is digitally signed using a private key of the relay system component, and verifying an integrity of the result based on a public key of the relay system component and a digital signature of the result.

Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.

Abstract: A computer-implemented method for scanning data including accessing a reference table including a grid of data cells arranged in columns and rows and containing reference data elements. Each of the rows may relate to one of a plurality of data subjects. The method may also include generating a list of reference subcombinations. The list of reference subcombinations may be generated by designating a primary column for uniquely identifying the data subjects and generating a plurality of first preliminary reference subcombinations. Each of the first preliminary reference subcombinations may include reference data elements gathered from the primary column and a second column of a single row of the reference table. The method may also include accessing a subject file having a plurality of data entries. Each of the data entries may include a plurality of logically-related and delimited subject data elements.

Abstract: Secure shared access to encrypted data in a data store is facilitated by using a data control server (DCS) to maintain a data storage reference table (DSRT) for shared data units present in a shared data pool hosted by least one data storage device, and accessible to a plurality of computing entities. The DSRT specifies for each shared data unit identifier information, location information for accessing the shared data unit in the shared data pool, and a hash value which has been computed for the shared data unit. The DCS selectively facilitates a decryption operation by providing hash values which serves as a basis for deriving a decryption key for decrypting shared data units which have been identified.

Abstract: A first communication device for transmitting data to a second communication device comprises a storage device for storing instructions and a processing circuit coupled to the storage device. The processing circuit is configured to execute the instructions stored in the storage device. The instructions comprise compressing a first packet to a first compressed packet according to a compressor instance, wherein the first packet is associated to a flow identity (ID); generating a first Protocol Data Unit (PDU) comprising the flow ID and the first compressed packet; associating a first sequence number (SN) to the first PDU; encrypting the first PDU to a first encrypted packet; generating a first Packet Data Convergence Protocol (PDCP) PDU comprising the first SN and the first encrypted packet; and transmitting the first PDCP PDU via a first logical channel (LC) to the second communication device.

Abstract: An electronic authorization system is typically configured for: receiving electronic activity requests from a plurality of source nodes; analyzing each of the electronic activity requests using a decisioning algorithm, wherein a decision boundary of the decisioning algorithm is dynamically altered while analyzing the electronic activity requests; for each of the electronic activity requests, determining an activity exposure level of the decision boundary based on (i) a distance to the decision boundary and (ii) an amount of information exposed regarding the decision boundary; for each of the plurality of source nodes, determining a source exposure level of the decision boundary based on the activity exposure levels of the decision boundary of the electronic activity requests; and in response to determining that a likelihood of decision boundary profiling by one or more first source nodes exceeds a defined threshold, performing an exposure remediation action.