Abstract: Methods, systems, and devices for enabling and validating data encryption are described. A data storage system (e.g., including a database and validation server) may receive an encryption request indicating a data object or data field. Prior to performing encryption, the validation server may perform one or more validations to determine whether the system supports encrypting the indicated data. The validation server may identify any formula fields that directly or indirectly (e.g., via other formula fields) reference the data object or field, and may determine whether each of these formula fields is encryption compatible. In some cases, the validation process may involve synchronously executing a first set of validators, marking the data as pending encryption, and asynchronously executing a second set of validators. Based on the results of the validation process, the system may or may not encrypt the indicated data, and may transmit an indication of the validation results.

Abstract: The present disclosure provides systems and methods for processing operation. An exemplary method for processing operation, implementable by a terminal, may comprise: displaying a target web page, wherein the target web page comprises a first control element and a second control element, the first control element is configured to acquire an account identifier for an account, and the second control element is configured to correlate the account identifier and an operation request for executing the operation request without logging in the account after the operation request is correlated with the account identifier; acquiring the account identifier in response to a trigger action on the second control element; and sending the account identifier and the operation request that is correlated by the second control element to a server corresponding to the target web page.

Abstract: A device, system and method for managing access authorization is provided. A request to alter access authorization of one or more devices assigned to a user is received at a computing device. The computing device determines at least one contextual condition associated with at least one of the one or more devices. The computing device determines, based on the at least one contextual condition, a subset of the one or more devices for which the access authorization is to be altered to include at least one other user. The computing device alters the access authorization of the subset of the one or more devices to include the at least one other user, such that the at least one other user is granted access to the subset of the one or more devices.

Abstract: The present disclosure provides a fluid-optical encryption system and a method thereof. The fluid-optical encryption system uses a fluid surface that changes topology over time to modulate the wave front of an electromagnetic signal in an encryption, decryption, authentication or other communication system. The electromagnetic signal can be pulsed or continuous, coherent or non-coherent, and can be optical or in another wavelength range such as micrometer or infrared. The information carrying signal is either transmitted through the fluid system or reflected off the surface of the fluid system. The fluid system time dependent change can be induced by mechanical vibration in the fluid container, distorting the fluid container, acoustic waves through the fluid, or by surface tension changes at the boundary of the fluid cause by electrowetting or electrostatic effects. The fluid surface can exhibit patterns that oscillate or change periodically, or change in a chaotic manner.

Abstract: An example operation may include one or more of identifying a new block to be created for a blockchain via a new block creation cycle, executing chaincode stored in the blockchain, identifying one or more credentials assigned as one credential per registered member organization of the blockchain based on the chaincode, validating the one or more credentials and determining consensus is satisfied via a consensus service, and creating the new block responsive to the consensus being satisfied.

Abstract: An apparatus, a computer program product and a method for dimensionality reduction comprising: obtaining a set of Application Programming Interface (API) functions of a system invocable by a program, and a set of artifacts. Each artifact is associated with at least one API function and indicative of a functionality thereof. The method further comprising: clustering the API functions based on an analysis of the artifacts to create a set of clusters smaller than the set of API functions, such that each cluster comprises API functions having a similar functionality; and performing a dimensionality reduction to a feature vector using the set of clusters.

Abstract: A method of transmitting a message via a blockchain network is provided. A method may include encrypting, via a first identity-based encryption (IBE) function, a message to generate a ciphertext. The method may further include transmitting the ciphertext to each node of a plurality of nodes in a blockchain network. Further, the method may include decrypting, via a second IBE function, the ciphertext at each node of the plurality of nodes in the blockchain network after at least one condition is met.

Abstract: Mechanisms are provided for evaluating a trained machine learning model to determine whether the machine learning model has a backdoor trigger. The mechanisms process a test dataset to generate output classifications for the test dataset, and generate, for the test dataset, gradient data indicating a degree of change of elements within the test dataset based on the output generated by processing the test dataset. The mechanisms analyze the gradient data to identify a pattern of elements within the test dataset indicative of a backdoor trigger. The mechanisms generate, in response to the analysis identifying the pattern of elements indicative of a backdoor trigger, an output indicating the existence of the backdoor trigger in the trained machine learning model.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, to authenticate mobile traffic. One of the methods includes receiving a first request for a strategy from a client device over a network. The method includes providing a current strategy to the client device, the current strategy including characteristics used to authenticate requests from the client device based on the inclusion of the characteristics in the request. The method includes receiving, from the client device, a second request for access to a processing system. The method includes validating the second request according to one or more strategies, including the current strategy. The method also includes forwarding the second request to the processing system based on the validation.

Abstract: Methods, systems, and computer program products are provided. A network device receives, from a client device, a description of a dataset to be de-identified, and a list of one or more data de-identification techniques selected from groups consisting of a group of data masking techniques and a group of data pseudonymization techniques, and their configuration options supported by the client device. A first technique, from the at least one group of techniques and its configuration options supported by the client device and the network device are determined. The network device receives a dataset produced at the client device by applying the first technique and selected configuration options to corresponding attributes from the client device. The network device applies a de-identification technique to the dataset to produce a resulting set of de-identified data, wherein the de-identification technique is coordinated with the first technique and its configuration options to de-identify the dataset.

Abstract: Methods, systems, and computer program products are provided. A network device receives, from a client device, a description of a dataset to be de-identified, and a list of one or more data de-identification techniques selected from groups consisting of a group of data masking techniques and a group of data pseudonymization techniques, and their configuration options supported by the client device. A first technique, from the at least one group of techniques and its configuration options supported by the client device and the network device are determined. The network device receives a dataset produced at the client device by applying the first technique and selected configuration options to corresponding attributes from the client device. The network device applies a de-identification technique to the dataset to produce a resulting set of de-identified data, wherein the de-identification technique is coordinated with the first technique and its configuration options to de-identify the dataset.

Abstract: Method and apparatus for authenticating analog mixed-signal integrated circuits using process-specific functions (PSF) comprising: presenting wafer having plurality of dies, each die having circuit with identical design but having inherent physical differences due to process variation in their manufacture, each circuit designed to enhance the effects of the inherent differences; defining selected number of inputs/stimuli for authenticating and identifying each integrated circuit; defining expected response for each circuit, wherein the expected response for each circuit is the same due to the identical design; defining statistical window for analog response by the circuit to the inputs/stimuli; applying the inputs/stimuli to each circuit; receiving analog response corresponding to the applied inputs/stimuli, wherein the analog response falls outside statistical window when there are functional or physical changes to the circuit; separating from plurality of dies each die providing a response outside the stati

Abstract: An approach for securing a DHCP server against unauthorized client attacks in a SDN environment is presented. In an embodiment, a method comprises: determining a count of sub-interfaces implemented on an interface card of a virtual machine; setting a count of unique client identifiers for the virtual machine to zero; determining whether a dynamic host configuration protocol (DHCP) request has been received from the virtual machine; in response to determining that a DHCP request has been received from the virtual machine, incrementing the count of unique client identifiers; determining whether the count of unique client identifiers exceeds the count of sub-interfaces implemented on the interface card of the virtual machine; and in response to determining that the count of unique client identifiers does not exceed the count of sub-interfaces implemented on the interface card of the virtual machine, forwarding the DHCP request to an uplink port.

Abstract: A device for removing security on content using biometric information includes a memory configured to store content on which security has been set based on first biometric information of a user; and a controller configured to obtain second biometric information of the user, which is of a different type than the first biometric information, and remove the security on the content based on the second biometric information, in response to a user input for executing the content.

Abstract: Approaches described herein allow an appliance to receive a message from a client device when the client device is attempting to connect to a service other than the appliance. For instance, a client device might connect to a service on a private network, however if the client device is not on the private network, it may encounter an appliance such as a gateway. The appliance is configured to return a message to a client device indicating that it is an appliance, and the client device returns a certificate to the appliance that allows the client to indicate a first purpose of a connection and a second purpose of the connection. In approaches described herein, the second purpose is used by the appliance to perform an action related to providing the service with a certificate that allows for the first purpose, which can include information to create a secure connection between the service and the client device.

Abstract: A repeater serving as a relay device determines, when receiving a frame by a port, whether the received frame is a session request or not. When the received frame is a session request, the repeater then determines whether the repeater is in a prohibition state or not. When the repeater is in the prohibition state, the received frame is discarded. When the repeater is not in the prohibition state, the repeater then determines whether the repeater is in a determination state or not, and, when the repeater is in the determination state, the repeater transitions to the prohibition state for a preset prohibition period that to is set by a setting unit, for discarding the received frame.

Abstract: Methods, systems, and media for detecting anomalous network activity are provided. In some embodiments, a method for detecting anomalous network activity is provided, the method comprising: receiving information indicating network activity, wherein the information includes IP addresses corresponding to devices participating in the network activity; generating a graph representing the network activity, wherein each node of the graph indicates an IP address of a device; generating a representation of the graph, wherein the representation of the graph reduces a dimensionality of information indicated in the graph; identifying a plurality of clusters of network activity based on the representation of the graph; determining that at least one cluster corresponds to anomalous network activity; and in response to determining that the at least one cluster corresponds to anomalous network activity, causing a network connection of at least one device included in the at least one cluster to be blocked.

Abstract: An online service may maintain or create data for a user, and a user may be allowed to exert control over how the data are used. In one example, there may be several categories of data, and the user may be able to specify who may use the data, and the purpose for which the data may be used. Additionally, a user may be able to see how many of his “friends” (or other contacts) have extended trust to a particular entity, which may aid the user in making a decision about whether to extend trust to that entity. User interfaces may be provided to allow users to specify how their data are to be used.

Abstract: Protecting a fragment of a document includes automatically detecting the fragment without user intervention based on the content of the fragment and/or the context of the fragment within a set of documents, selectively encrypting the fragment to prevent unauthorized access, and providing an alternative view of the fragment that prevents viewing and access of content corresponding to the fragment unless a decryption password is provided. Automatically detecting the fragment may include detecting numbers and alphanumeric sequences of sufficient length that do not represent commonly known abbreviations, detecting generic terms, detecting proper names, detecting terms signifying a type of content, detecting mutual location of terms and sensitive content, and/or detecting user defined terms. The generic terms may correspond to password, passcode, credentials, user name, account, ID, login, confidential, and/or sensitive. The proper names may be names of financial organizations and security organizations.

Abstract: The improved detection of malicious processes executing on a networked computing device is provided. An agent running on the networked computing device monitors the communications transmitted to devices outside of the network to determine whether the process is likely using a periodic beacon signal to communicate with an external control center associated with a potentially malicious party. The agent maintains a dictionary data structure of objects, identifiable by the process identifier and the remote device's address, to track a given process/destination group's communication history. The communication history is updated when new messages are identified for periodic patterns to be identified for the messages, which may be used to identify a process as potentially malicious.