Abstract: A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.

Abstract: A system for authenticating a user at a relying party application using an authentication application and automatically redirecting to a target application includes a processor. The processor is configured to 1) make an API call that comprises (i) an authentication challenge that corresponds to an authentication request and (ii) a call back URL that is specified by a relying party application; 2) retrieve at least one of a target application link or a null value from a table; 3) authenticating the user based on an authentication challenge response to the at least one authentication challenge; and 4) invoking the target application link from the table to automatically redirect from the authentication application to the target application specified in the target application link.

Abstract: Provided is a process including: obtaining, with a network controls engine, network traffic, wherein: the network traffic is sent across the network between source computing devices and destination computing devices; at least one of the source or destination computing devices are on a network carrying the network traffic; and the network has a plurality of computing devices causing the network traffic and which are assigned addresses on the network; applying, with the network controls engine, a plurality of rules to the network traffic to identify rules with criteria satisfied by the network traffic; and causing, with the network controls engine, one or more actions prescribed by one or more identified rules with criteria satisfied by the network traffic.

Abstract: A system, apparatuses, and methods for device and network security are discussed herein. In an example, a security device for providing security to user-entered inputs includes a universal serial bus (“USB”) port configured to receive a connector of an input device and a USB connector configured to connect to a port of a user device. The apparatus also includes a processor configured to receive a string of characters from the input device that correspond to inputs made by a user into a web browser or application on the user device. The processor adds at least one security character to the string of characters to generate a watermark string, and transmits the watermark string to the user device. The processor is configured to format the at least one security character such that only the string of characters are displayed in the web browser or the application at the user device.

Abstract: One embodiment provides a method, including: connecting a USB device to a secure device; provisioning, at the secure device, the USB device, wherein the provisioning comprises encrypting, using a private key, a hash value associated with a device descriptor associated with the USB device into a product field of the device descriptor: introducing the provisioned peripheral device into a client device; determining, using a processor of the client device, that the USB device is an authorized USB device, wherein the determining comprises: decrypting, using a public key that corresponds to the private key, the hash value; producing, by running a hash function on the device descriptor minus the hash value, a new hash value; and identifying that the hash value is equivalent to the new hash value; and enabling the USB device to gain access to a system of the client device. Other aspects are described and claimed.

Abstract: A device is provided comprising a first memory for storing a first key, a second memory for storing a second key, the device being capable of conducting a first cryptographic algorithm, wherein the first cryptographic algorithm uses the first key, the device being capable of conducting a second cryptographic algorithm, wherein the second cryptographic algorithm uses the second key, and a selection unit, which is programmable to use either the first cryptographic algorithm or the second cryptographic algorithm. Also, a method for operating such device is provided.

Abstract: A method for managing a consent receipt under an electronic transaction, comprising: receiving a request to initiate a transaction between the entity and the data subject; providing a privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; accessing the privacy policy associated with the entity; storing one or more provisions of the privacy policy associated with the entity; providing a user interface for consenting to the privacy policy associated with the entity; receiving a selection to consent to the privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; generating, by a third-party consent receipt management system, a consent receipt to the data subject; and storing the generated consent receipt.

Abstract: A computer-implemented method, computer system, and computer program product are directed to improving computer security of a device using value based information flow tracking. Embodiments automatically capture raw data values from a data source of the device and store in memory the captured raw data values in a collection of sensitive data. Embodiments determine whether computed values of functions of a data flow are included in the collection of sensitive data. Based upon the determining, embodiments prevent values of the collection of sensitive data from being transmitted from a sink of the device. Embodiments may determine whether string representations of computed operand and return values of numerical or arithmetic operations of the functions of the data flow are included in the collection of sensitive data.

Abstract: Embodiments of the present disclosure provide a privacy transaction processing method, an electronic device and a storage medium, and relates to a field of blockchain technologies. The method includes: obtaining a business transaction request to be executed; if the business transaction request is a privacy business transaction request, obtaining a corresponding privacy key, in which the privacy key is an organization privacy key of a privacy organization to which the privacy business transaction request belongs; decrypting and executing the privacy business transaction request according to the privacy key to generate privacy business transaction data, in which the privacy business transaction data comprises at least associated information of privacy content data and the privacy business transaction request; and storing the privacy business transaction data in a blockchain, and storing the privacy content data locally.

Abstract: Disclosed examples include at least one processor; and memory including instructions that, when executed by the at least one processor, cause the at least one processor to install a configuration profile; activate an internal virtual private network service; and cause the internal virtual private network service to activate a local proxy.

Abstract: An integrated circuit device includes a shuffler, a logic unit and registers each including two or more bit storages. The shuffler receives an address indicating one of the registers and data bits, selects target bit storages at which the data bits are to be stored from among bit storages of the registers depending on a shuffle configuration and the address, stores the data bits into the target bit storages, and transfers the data bits from the target bit storages depending on the shuffle configuration. The logic unit receives the data bits transferred from the shuffler and operates using the received data bits. The shuffle configuration is adjusted when a reset operation is performed.

Abstract: Systems and methods for secure enrollment of physical unclonable function devices include providing a device with an enrollment controller. The enrollment controller receives an enrollment request from an enrollment system and authenticates the request. If the request is authentic, the enrollment controller generates challenges in a pseudorandom order determined by a random seed that is shared with the enrollment system. The enrollment controller issues the challenges to interrogation circuitry coupled to a PUF array and records the responses. The responses are transmitted in encrypted form, and in the pseudorandom order, to the enrollment system. The responses are encrypted using a random number shared with the enrollment system. The enrollment system and the enrollment controller can independently generate the encryption key using the shared random number and/or other securely shared information.

Abstract: Techniques for providing multi-access edge computing (MEC) services security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) by parsing Application Programming Interfaces (APIs) are disclosed. In some embodiments, a system/process/computer program product for MEC services security in mobile networks by parsing APIs in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an API message associated with a new session, wherein the mobile network includes a 5G network or a converged 5G network that includes a multi-access edge computing (MEC) service; extracting mobile network identifier information from the API message at the security platform; and determining a security policy to apply at the security platform to the new session based on the mobile network identifier information.

Abstract: A key distribution system includes a representative user terminal 2p, a server apparatus 3, and an (n+1)-th user terminal 2n+1. The representative user terminal 2p uses a public key for the (n+1)-th user terminal 2n+1 and information for identifying the (n+1)-th user terminal 2n+1 to encrypt key information with a predetermined encryption function in Certificate-less Encryption to obtain ciphertext. The server apparatus 3 sends the ciphertext to the (n+1)-th user terminal 2n+1 when the (n+1)-th user terminal 2n+1 is added. The (n+1)-th user terminal 2n+1 uses a complete secret key for the (n+1)-th user terminal 2n+1 and the information for identifying the (n+1)-th user terminal 2n+1 to decrypt the ciphertext with a predetermined decryption function to obtain the key information.

Abstract: A method of determining a level of potential risk associated with a potential vulnerability identified in a software application. The method includes generating simulated loss events, determining a plurality of impacts for the simulated loss events, determining the level of potential risk based on the plurality of impacts, and providing a graphical user interface based on the level of potential risk.

Abstract: Provided is an information processing device including a real name information acquisition unit that acquires real name information from a real name server that stores a user ID and personal information in association with the real name information. The information processing device further includes an anonymous information acquisition unit that acquires anonymous information from an anonymous server that stores an anonymous ID in association with the anonymous information. The information processing device further includes a screen generation unit that generates a display screen including the real name information and the anonymous information.

Abstract: Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security mechanisms for network environments. For example, a method includes collecting power consumption data of a plurality of devices operating within a network and determining trust scores for the plurality of devices based, at least in part, on the collected power consumption data. The trust score for a device provides a measure of trustworthiness of the device exhibiting normal operating behavior within the network. Each device is assigned to one of a plurality of trust tiers based on the determined trust scores, wherein each trust tier specifies an authentication level for devices assigned to the trust tier. One or more authentication procedures are applied to authenticate a given device operating within the network based on the authentication level specified by the trust tier to which the given device is assigned.

Abstract: A method for a data owner to enforce attribute-based and discretionary access control over a cloud-based data store by specifying an access policy, creating a plurality of users with attributes that satisfy the access policy, and revoking one or more of the plurality of users by embedding their respective identities as revoked into a ciphertext, whereby only those of the plurality of users whose attributes satisfy the access policy and that are not revoked can decrypt the ciphertext.

Abstract: A work authorization system comprising a credential provider which is installed on a data processing unit of an automated analyzer instrument comprising a device for entering data, a server comprising an interface for receiving data from the credential provider and information for authentication of a user, a database containing all relevant data necessary for authentication of the user and a device for sending messages.

Abstract: A method is disclosed. An authentication node may receive a plurality of encrypted match values, wherein the plurality of encrypted match values were formed by a plurality of worker nodes that compare a plurality of encrypted second biometric template parts derived from a second biometric template to a plurality of encrypted first biometric template parts derived from a first biometric template. The authentication node may decrypt the plurality of encrypted match values resulting in a plurality of decrypted match values. The authentication node may then determine if a first biometric template matches the second biometric template using the plurality of decrypted match values. An enrollment node may be capable of enrolling a biometric template and storing encrypted biometric template parts at worker nodes.