Abstract: The present invention is a system for and method of enabling an initiating party to capture, store, and retrieve an image of at least one acknowledging party performing an acknowledgement requested by the initiating party where the acknowledging party(s) may be remotely located from the initiating party.

Abstract: Identity systems, methods, and media for auditing and notifying users concerning verifiable claims are provided.

Abstract: A technique includes converting a plurality of plaintext values to a corresponding plurality of pseudonym values. The conversion includes performing encryption of the plurality of plaintext values to provide a plurality of second values; perturbing the plurality of second values to provide the plurality of pseudonym values; and controlling the perturbing to cause an ordering of the plaintext values to be represented in the plurality of pseudonym values.

Abstract: Aspects described herein may allow for the generation of a message to be sent to an intended recipient of a request for a communication session prior the initiation of the communication session. The system may monitor applications and associated devices to determine the initiation of the communication session. Based on such a determination, the system may generate a message to be presented to a communication initiating user and to be sent to an intended recipient of the communication session. The system may determine data for the message based on an analysis of the data associated with the communication initiating user, and the system may apply a machine learning model to generate draft messages for the user. Messages may be generated to authenticate a user with an intended recipient of the communication session.

Abstract: A technique includes accessing data that represents a plurality of values that are associated with a plurality of ranges. The technique includes determining a pseudonym value for a given value, where the given value is associated with a given range and determining the pseudonym includes encrypting the given value to provide the pseudonym value; controlling the encryption to cause the pseudonym value to be within the given range; and tweaking the encryption based on an attribute that is associated with the given value.

Abstract: Methods, systems, and media for recovering identity information in verifiable claims-based systems are provided.

Abstract: This disclosure relates to data encryption and decryption. In one aspect, a method includes receiving, by a second peer end computing device, first data from a first peer end computing device. The second end computing device generates a random term based on a result range pre-agreed upon with the first peer end computing device. The result range includes a minimum result value and a maximum result value. The random term is a product of a random number and an agreed upon constant. The agreed upon constant is greater than a difference between the maximum result value and the minimum result value. The second peer end computing device performs a homomorphic operation based on the first data, local private second data, and the random term to obtain an encryption result. The second peer end computing device returns the encryption result to the first peer end computing device.

Abstract: Methods, systems, and media for authenticating users using biometric signatures are provided. In some embodiments, the method comprises: receiving, from a user device, an indication that the user device is to be connected to a communication network; in response to receiving the indication, causing a user interface to be presented on the user device that receives a username corresponding to a user of the user device; receiving, from the user device, a biometric sample corresponding to the user of the user device; determining whether the biometric sample matches a stored biometric sample associated with the username; and in response to determining that the biometric sample matches the stored biometric sample associated with the user name, causing the user device to be connected to the communication network.

Abstract: A device that includes a secure element or a secure environment receives a token for authenticating a user that has an account with a service provider. The device generates, based on the token, a set of keys that include at least a private key and a public key. The device performs a key authentication procedure to compare the set of keys and a configured set of keys and selects a public key, of the set of keys or the configured set of keys, based on a result of the key authentication procedure. The device causes a device identifier of the device and the public key to be provided to another device that uses the device identifier and the public key to perform an authentication procedure to authenticate the user. The device receives, from the other device, an indication of whether the device is connected to a network.

Abstract: Embodiments allow comparison of key figures (e.g., costs, lead times) between different entities in a privacy-preserving manner, utilizing secure multi-party computation (MPC) approaches implemented by a central service provider. The central service provider receives encrypted key figure data from each of multiple players in a peer group. In one embodiment the central service provider executes a secure computation protocol comprising a semi-homomorphic encryption scheme exhibiting an additive homomorphic property. The central service provider returns to each player, a statistical measure (e.g., top quartile, bottom quartile) allowing comparison with the other players' key figures while preserving privacy. Alternative embodiments may return to the players, a statistical measure calculated from a Boolean or arithmetic circuit implemented at the central server using other secure computation approaches (e.g., garbled circuits, secret sharing, or (semi or fully) homomorphic encryption.

Abstract: Implementations of the disclosure provide for binding data to a network in the presence of an entity. In one implementation, a cryptographic system is provided. The cryptographic system includes a memory to store encrypted data, and a processing device, operatively coupled to the memory, to identify a public key for a communications device in response to an indication of a presence of the communications device on a network. A first intermediate is determined in view of the public key for the communications device and in view of an acquisitioning public key. The acquisitioning public key associated with the encrypted data. A second intermediate public key is received from the communications device in view of the first intermediate public key. Thereupon, the encrypted data is decrypted using an encryption key derived at least from the second intermediate public key.

Abstract: Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine.

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

Abstract: Systems, methods, and apparatuses for generating a trusted chain code (“TCC”) message. The method includes receiving, by a computing system, an agreement message between a first entity and a second entity. The agreement message may be formatted as a smart contract whose execution causes a transfer of value in response to at least one of an occurrence of an event or a fulfillment of a condition. The smart contract includes chain code that corresponds to computer language to execute and corresponds to at least one of the occurrence of the event or the fulfillment of the condition. A chain code manifest is generated. The chain code manifest includes a hash of the chain code of the smart contract. A TCC message is generated including at least the smart contract and a digital signature on at least the chain code manifest. The TCC message is posted to a distributed ledger.

Abstract: In some embodiments, encrypted biometric data are stored in advance in a device that is possessed or carried by a user (for example, a smartcard, a communication terminal, or the like) based on a public key certificate, and a user authentication (first user authentication) is performed by a biometric matching in the device. A public key certificate matching the encrypted biometric data is used to perform a user authentication (second user authentication) for a transaction authorization in a service providing server. According to some embodiments, one time password, keystroke, dynamic signature, location information, and the like are employed as additional authentication factors to tighten the security of the first and second user authentications. According to some embodiments, an authentication mechanism including the first user authentication and the second user authentication is applied to control an access to the IoT device.

Abstract: A server computer toggles between a protected mode and an unprotected mode. In the protected mode, users are unable to access configuration information due to a Base Address Register (BAR) being cleared. However, a service provider can access a Trusted Platform Module (TPM) through an Application Program Interface (API) request. In an unprotected mode, the BAR is programmed so that users can access the configuration information, but the TPM is blocked. Blocking of the TPM is achieved by changing a configuration file, which changes an overall image of the card. With the modified image not matching an original image, the TPM blocks access to data, such as encryption keys. Separate interfaces can be used for user access (PCIe) and service provider access (Ethernet) to the server computer. The server computer can then be toggled back to the protected mode by switching the configuration file to the original configuration file.

Abstract: A method and system for providing information management of data from hosted services receives information management policies for a hosted account of a hosted service, requests data associated with the hosted account from the hosted service, receives data associated with the hosted account from the hosted service, and provides a preview version of the received data to a computing device. In some examples, the system indexes the received data to associate the received data with a user of an information management system, and/or provides index information related to the received data to the computing device.

Abstract: One embodiment describes a method for permuting data elements, comprising receiving a sequence of data elements, and carrying out a plurality of interchange operations each comprising randomly selecting a data element from the data elements in the sequence, interchanging the data element with another data element at a deterministically predefined position in the sequence of data elements, and applying a predefined permutation to the deterministically predefined position or to the sequence of data elements.

Abstract: A system for packaging digital media and distributing digital media to exhibitors is described, which system enables distribution by utilizing media content booking, media content packaging, encryption, and delivery components.

Abstract: Described herein is an efficient, dynamic Symmetric Searchable Encryption (SSE) scheme. A client computing device includes a plurality of files and a dictionary of keywords. An index is generated that indicates, for each keyword and each file, whether a file includes a respective keyword. The index is encrypted and transmitted (with encryptions of the files) to a remote repository. The index is dynamically updateable at the remote repository, and can be utilized to search for files that include keywords in the dictionary without providing the remote repository with information that identifies content of the file or the keyword.