Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieval of data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data from a data source, the request including plaintext data and encrypted data, the encrypted data including access data and a hash of the plaintext data; transmitting the request to one relay system component external to the blockchain network; receiving a result from the relay system component that is digitally signed using a private key of the relay system component; verifying an integrity of the result based on a public key of the relay system component; and transmitting the result to a user computing device in response to verifying the integrity of the result.

Abstract: Various techniques provide systems and methods for facilitating truly random bit generation. In one example, a method includes receiving a first truly random bit stream in a first memory that includes a plurality of memory cells. Each of the plurality of memory cells stores a respective one bit of the first truly random bit stream. The method further includes generating, by a logic circuit, each bit of a second truly random bit stream based on a respective pair of bits of the first truly random bit stream. The method further includes storing the second truly random bit stream in a second memory. Related methods and devices are also provided.

Abstract: A method and system for providing unencrypted access to encrypted data that may be stored on a device, sent as a message, or sent as a real-time communications stream. The method may include using public key cryptography to securely enable accessing the encrypted data stored on a device or communicated by a device. For instance, the method may include using a device vendor's public key to securely enable that vendor to enable only authorized parties to themselves decrypt previously-encrypted device storage, messages, or real-time communications streams. As an added layer of cybersecurity, the method may include a proof of possession verification process that authenticates the identity of an authorized party before any decryption data is provided.

Abstract: A method and system for providing unencrypted access to encrypted data that may be stored on a device, sent as a message, or sent as a real-time communications stream. The method may include using public key cryptography to securely enable accessing the encrypted data stored on a device or communicated by a device. For instance, the method may include using a device vendor's public key to securely enable that vendor to enable only authorized parties to themselves decrypt previously-encrypted device storage, messages, or real-time communications streams.

Abstract: This disclosure describes embodiments of an improvement to the static group solution because all the administrator needs to do is specify the criteria they care about. Unlike static groups, where the administrator needs to keep track of the status of individual users and move them between static groups as their status changes, smart groups allows for automatic identification of the relevant users at the moment that action needs to be taken. This feature automates user management for the purposes of enrollment in either phishing and training campaigns. Because the smart group membership is determined as the group is about to be used for something, the smart group membership is always accurate and never outdated. The query that determines the smart group membership gets run at the time when you are about to do a campaign or perform some other action that needs to know the membership of the smart group.

Abstract: An implicit certificate is based on a ring learning with errors (“RLWE”) public keys that are, in some examples, resistant to quantum-based computing attacks. Various methods are described that request, generate, verify, and use the implicit certificates. In some examples, the system provides an implicit certificate that enables communication between two parties that are identified at the time of certificate generation. In another example, the system provides a certificate that may be used to communicate with a variety of different parties. The implicit certificate generation algorithm yields a public key purportedly bound to U. Confirmation that the public key is bound to U is obtained after use of the corresponding private key. Binding of an entity to its associated public key and accessibility to the private key, are verified as a result of successful key use.

Abstract: An electronic device is provided, which may include a biometric module, a processing module and a light transmission module. The biometric module may recognize a biological feature, and convert the biological feature into a biological feature signal via an analysis algorithm. The processing module may encrypt an international mobile equipment identity number of the electronic device and the biological feature signal to generate an encrypted signal, and convert the encrypted signal into a visible light signal. The light transmission module may transmit the visible light signal to a controlled device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieval of data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data from a data source, the request including plaintext data and encrypted data, the encrypted data including access data and a hash of the plaintext data; transmitting the request to one relay system component external to the blockchain network; receiving a result from the relay system component that is digitally signed using a private key of the relay system component; verifying an integrity of the result based on a public key of the relay system component; and transmitting the result to a user computing device in response to verifying the integrity of the result.

Abstract: A server may perform server side authentication of a user device. The user device may generate a first authentication string by performing a hash function on a username, a password, and a first salt. The first authentication string may be registered with the server for subsequent login attempts. At login, the user device generates the first authentication string and transmits the first authentication string to the server. When the authentication strings match, the user device is authenticated. The user device may also update the first authentication string. The server may provide the first salt and a second salt to the user device. The user device may generate a first authentication string and a second authentication string from the first salt and the second salt, respectively. When the first authentication strings match, the server may update the user device's authentication string by replacing it with the second authentication string.

Abstract: Systems and methods for data localization and anonymization are provided herein. In some embodiments, systems and methods for data localization and anonymization may include receiving a communication request to send a message or establish a call between a first service provider and an end user device associated with an end user, determining that the communication request is associated with a requirement for securing personally identifiable information (PII) of the end user, and processing the communication request based on the requirement for securing the PII of the end user, wherein the requirement includes at least one of (A) localization of the communication request processing or (B) anonymization of any data records associated with the communication request that includes the PII of end user.

Abstract: Aspects of the technology implement a authenticating protocol that enables a Trusted Provider to vouch for a requesting entity when that entity seeks verification from an authenticating entity (FIG. 1). This is done without sharing the requesting entity's confidential or other personal information directly with the authenticating entity (FIG. 1). Instead, the Trusted Provider is able to use specific information about a requesting entity, such as contact information that forms an identity record (404), and generate a hash of the record (408). The hash is sent to an authenticating entity (410), which returns a secure token to the Trusted Provider (508). The secure token and identity record information are used to create a verification URL (414), which is shared with the requesting entity (416). The verification URL, when clicked, links back to the authenticating entity (FIG. 1), which validates the requesting entity (512, 514).

Abstract: A computing device communicates a request to a risk determination system to determine whether particular content is malware. The content is oftentimes a file containing a program to be run, but can alternatively take other forms, and an indication of the content is provided to the risk determination system. Additional information describing attributes of the computing device is also provided to the risk determination system. These attributes can include for the computing device hardware specifications, operating system specifications, anonymized information, information describing anti-virus or other anti-malware program settings, information describing programs running on the computing device, and so forth. The risk determination system analyzes the information describing attributes and/or activity of the computing device to determine a risk factor of the content, and from the risk factor determines whether the content is malware for the computing device.

Abstract: A system, method and computer-readable medium for data protection simulation and optimization in a computer network, including grouping data stored in data stores in the computer network into groupings according to an architectural or a conceptual attributes, storing, current values of risk metrics for each grouping, each of the metrics corresponding to sensitive domains, receiving a risk reduction goal corresponding to at least one risk metric in the risk metrics, the at least one risk metric corresponding to at least one sensitive domain in the sensitive domains, determining a simulated value of the at least one risk metric for each grouping in the groupings by simulating application of a protection mechanism to sensitive data in each corresponding data store, the sensitive data corresponding to the at least one sensitive domain, and ranking the groupings based on the at least one simulated value of the at least one risk metric for each grouping.

Abstract: A machine-assisted method for verifying a video presence that includes: receiving, at a computing device of an identity provider, an authentication request initially sent from a requester to access an account managed by a relying party, different from the identity provider; retrieving, from the authentication request, at least a portion of a video stream feed initially from the requester, to the computing device, the portion of video stream feed portraying a face of the requester; extracting the face of the requester from the portion of the video stream feed; providing a directive to the requester soliciting a corresponding gesture; and receiving a response gesture from the requester.

Abstract: A method of managing a token and a server for performing the same are provided. According to the embodiments of the present disclosure, it is possible to easily authenticate a counterpart device using a one-time key HN(T) for a D2D communication between a first device and a second device, without using a separate secure channel (e.g., secure sockets layer (SSL), transport layer security (TLS), or the like) in an environment where it is difficult to synchronize the first device with the second device without intervention of a server.

Abstract: A method includes receiving probe image data associated with a biometric authentication request on a mobile device. A first classifier is employed to generate a first probability metric of the probe image data being associated with the authorized user. The biometric authentication request is approved responsive to the first probability metric being greater than a first threshold. The biometric authentication request is denied responsive to the first probability metric being less than a second threshold. Responsive to the probability metric being between the first and second thresholds, a second classifier is employed to generate a second probability metric of the probe image data being associated with the authorized user. The biometric authentication request is approved responsive to the second probability metric being greater than a third threshold.

Abstract: A computer-based method is disclosed for assessing impact of a patch on a target business-critical application computer system. The method includes receiving information at a computer-based impact assessment system about end-user activities on the target business-critical application computer system over a specified period of time; identifying, with a computer-based fixed objects identifier, one or more software objects in the target business-critical application computer system fixed by the patch; identifying, with a computer-based entry point finder, one or more entry points associated with the fixed software object(s) at the target business-critical application system; and cross-referencing the information about the end-user activities on the target business-critical application system against the one or more entry points associated with the fixed software object(s) at the target business-critical application system.

Abstract: A method of providing private information from an electronic device, includes identifying private information for display on the display of the electronic device, determining if a private output connection is established, and, in response to determining that the private output connection is established, providing the private information via the private output connection.

Abstract: Disclosed are systems and methods for detection of malicious intermediate language files. In one exemplary aspect, the system comprises a database comprising hashes of known malicious files, a resource allocation module configured to select a set of resources from a file being analyzed, a hash calculation module, coupled to the resource allocation module, configured to calculate a perceptive hash of the set of resources; and an analysis module, coupled to the other modules, configured to identify a degree of similarly between the set of resources and a set of resources from known malicious files by comparing the perceptive hash with perceptive hashes of the set of resources from known malicious files, determine a harmfulness of the file being analyzed based on the degree of similarity and remove or quarantine the file being analyzed when the harmfulness exceeds a predetermined threshold.

Abstract: A method for securing data in a storage grid is provided. The method includes generating a storage key from key shares of at least two storage clusters of a storage grid having at least three storage clusters and generating a grid key from the storage key and an external secret. The method includes encrypting data with the grid key to yield once encrypted data and encrypting the once encrypted data with the storage key to yield twice encrypted data. The method includes storing the twice encrypted data in a first storage cluster of the storage grid and storing the twice encrypted data in a second storage cluster of the storage grid, wherein at least one method operation is performed by a processor.