Abstract: Providing an objective measure of trust in data provided by an Industrial Internet of Things (IIoT) device and/or a plurality of IIoT devices at a particular location so as to provide an aggregated objective measure of trust in data provided by the particular location.

Abstract: A device for securely operating a field device includes: the field device, which includes at least one human-machine interface having a display device and a keyboard for operating the field device, and a communications interface for connecting a local operating device having a secure connection to a trusted server via a communications network, the secure connection being based upon an authentication feature of a local operator. The field device during use as intended does not have a secure connection to a network for process control. The field device provides and stores a query key. The field device is connected, at least logically, to the local operating device. The trusted server has a private key for providing a signed response key. The signed response key is based upon the query key.

Abstract: A system provides authorization of resource requests based on cryptographic computations and federated hash verifications. In particular, the system may receive requests for resources or processes from external devices. In response, the system may require that the external device complete additional authorization steps (e.g., a cryptographic computation) before being granted access to the resources or processes. The system may further federate the cryptographic computations across multiple external devices, thereby distributing the computing load that would otherwise be processed by internal systems. In this way, the system may prevent unauthorized or unintended access to the system's resources or processes.

Abstract: Embodiments identify documents with invisible or hidden information such as tracking codes and extract the tracking codes, which may be leveraged for different applications. Aspects may protect an individual's right to privacy by extracting “invisible” codes from a document. Other aspects preserve the authenticity of documents by converting the information of an extracted tracking code into other metadata which may accompany the document and copies of the document. In an embodiment, a blockchain ledger may be used to verify the authenticity of a document using information from the original tracking code.

Abstract: A system performs digital notarization using a biometric identification service. A signature requesting service receives a request to validate a digital item with a signature for a person. The signature requesting service provides a payload that identifies the digital item and/or the person to an identity service. The identity service obtains one or more digital representations of biometrics for the person, determines an identity for the person, and returns a data structure including the payload and one or more identity attestations regarding the determined identity. The identity service encrypts at least a portion of the data structure using a private encryption key. A public encryption key for the identity service can then be used to decrypt the portion to verify that the data structure was generated by the identity service after determining the identity. In this way, validation can be verified to the full trust level of the identification service.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: In various embodiments, a personal data processing system may require guardian consent (e.g., parental consent) for a data subject in order to collect, store, and or process the subject's personal data. The system may prompt the data subject to initiate a request for guardian consent or the system may initiate a request for guardian consent without initiation from the data subject (e.g., in the background of a transaction). In some embodiments, the system may require guardian consent when a data subject is under the age for valid consent for the particular type of personal data that will be collected as part of a particular transaction. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects and/or from guardians on their behalf (e.g., in the case of a minor data subject).

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of automatic classification and modeling. The innovation can include determining a failure history of networked architecture, the failure history including data immediately prior to failure. The innovation can include machine learning the failure history to determine failure indicators. The innovation can include generating a black hole model based on the failure history and the machine learning. The innovation can include monitoring a networked architecture. The networked architecture has a set of elements comprising software elements and hardware elements interconnected in a common environment. Each element of the set of elements is monitored. The innovation can include determining an element is trending towards a failure. The trend is determined by a black hole model. The innovation can include enabling security features to prevent the element from failure.

Abstract: Thwarting one-time password (OTP) theft. In one embodiment, a method may include receiving, at a messaging application executing on the mobile device, a text message from a website that includes an original OTP. The method may also include encrypting, by the messaging application, the original OTP included in the text message to thwart theft of the original OTP from the text message.

Abstract: A content distribution system that groups assets sharing the same required security capabilities in digital rights management service instances. Assets are encrypted with the help of media keys, effectively grouping media keys sharing the same required security capabilities. Digital rights management service instances are organized to cover different geographical areas, and asset groups are configured to migrate according to a configurable distribution range.

Abstract: The method provided in the embodiments of this application includes: obtaining, by a server, a first key (Ksm) shared with a gateway; receiving, by the server, an encrypted first random factor (Rand-M-Encry), a first data digest (Data-Hash), and encrypted first data (Data-Encry) that are sent by a terminal; decrypting, by the server, the Rand-M-Encry by using the Ksm, to obtain a second random factor (Rand-M?); performing, by the server, an operation on the Rand-M? and Kpsa-xi by using a second preset algorithm, to generate a third key (K?sx); decrypting, by the server, the Data-Encry by using the K?sx, to obtain second data (Data?); performing, by the server, an operation on the K?sx and the Data? based on a first preset algorithm to obtain a second data digest (Data-Hash?); and if the Data-Hash? is the same as the Data-Hash, determining, by the server, that authentication of the terminal succeeds.

Abstract: The present disclosure provides for a system ensuring the integrity of received data. The system includes a processor, a trusted platform module, and a memory storing instructions. Upon a request from the processor, the trusted platform module generates an asymmetric key pair including a private key and a public key. The trusted platform module provides the public key and an encrypted private key to the processor. The processor generates a checksum of received content data and sends the checksum to the trusted platform module. The processor also loads the encrypted private key into the trusted platform module. The trusted platform module decrypts the encrypted private key, encrypts the checksum with the private key, and provides the encrypted checksum to the processor. The processor sends the content data together with the encrypted checksum to an external device. The external device may decrypt the encrypted checksum with the public key.

Abstract: An illustrative embodiment of a computer-implemented process for identifying a request invalidating a session excludes all marked logout requests of a Web application, crawls an identified next portion of the Web application and responsive to a determination, in one instance, that the state of the crawl is out of session, logs in to the Web application. The computer-implemented process further selects all crawl requests sent since a last time the crawl was in-session, excluding all marked logout requests and responsive to a determination that requests remain, crawls a selected next unprocessed request. Responsive to a determination, in the next instance, that state of the crawl is out of session and the selected request meets logout request criteria, the computer-implemented process marks the selected request as a logout request.

Abstract: According to one embodiment, a threat detection system comprising an intrusion protection system (IPS) logic, a virtual execution logic and a reporting logic is shown. The IPS logic is configured to receive a first plurality of objects and analyze the first plurality of objects to identify a second plurality of objects as potential exploits, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects. The virtual execution logic including at least one virtual machine configured to process content within each of the second plurality of objects and monitor for anomalous behaviors during the processing that are indicative of exploits to classify that a first subset of the second plurality of objects includes one or more verified exploits. The reporting logic configured to provide a display of exploit information associated with the one or more verified exploits.

Abstract: Systems and methods for detecting anomalous data files and preventing detected anomalous data files from being stored in a data storage. In particular, the systems and methods detect anomalous data files by dividing each data file into blocks of data whereby entropy values are obtained for each block of data and this information is collated and subsequently used in a machine learning model to ascertain the security level of the data file.

Abstract: A method for automatically improving security of a network system includes: collecting security relevant information from network devices of the network system, the security relevant information including security settings and operational information of the network devices; analyzing the security relevant information for determining weak security settings of a network device, the weak security settings being not necessary for a regular operation of the network system; determining hardened security settings for the network devices based on the weak security settings, the hardened security settings restricting a possible operation of the network device but allow a regular operation of the network system; and applying the hardened security settings to the network device.

Abstract: A method for verifying proof of assertion of a value using a hash-oriented transaction scheme includes: receiving a confirmation request; identifying a confirmation message, wherein the confirmation message includes at least one or more chain values and is one of: included in the confirmation request or stored in a block included in a blockchain and identified using a reference identifier included in the confirmation request; identifying a declaration message, wherein the declaration message includes at least an asserted value and an identity hash value; generating a check hash value by hashing at least the asserted value and the one or more chain values; verifying the check hash value using the identity hash value; and transmitting a result of the verification of the check hash value in response to the received confirmation request.

Abstract: Typically, when a user switches sessions between devices, the user authenticates the sessions by providing user account information, password, and/or pin code input or other credentials. However, when the user is frequently switching sessions between devices, authenticating sessions may result in the user reducing or even stopping switching across mobile devices. Systems and methods according to this disclosure provide automatic session roaming across mobile devices using proximity authentication. Upon detecting an indication to initiate session roaming, the source device automatically roams the session on the source device to a target device based on a proximity of the source device to the target device. The session is handed off from the source device to the target device as an authenticated user session.

Abstract: A method, system and computer-usable medium for identifying communications received from potentially untrustworthy entities. More specifically, in one embodiment the invention relates to a computer-implemented method comprising: receiving an electronic communication for a receiving entity from a sending entity; accessing social media profile information for the sending entity from a social media network; and analyzing the social media profile information of the sending entity pursuant to determining whether the received electronic communication is from a potentially untrustworthy entity. Certain embodiments use the determination as to whether the received electronic communication is from a potentially untrustworthy entity to assess whether the received electronic communication is a reconnaissance communication, such as a phishing email.

Abstract: Presented herein is a Security Edge Protection Proxy (SEPP) fully defined as a 5G network function (NF) that registers and is discoverable by consumer NFs. Inter-Public Land Mobile Network (PLMN) roaming connectivity polices enable the SEPP in the visiting PLMN to select the SEPP per producer NF-Type in the home PLMN, and to select a direct route between PLMNs or an indirect route via one or more an Internetwork Packet Exchange (IPX) providers.