Abstract: A method and a system for authenticating a surrounding Web application by a Web application that is to be embedded, wherein it becomes possible for the Web application that is to be embedded to identify the surrounding Web application and for the surrounding Web application to authenticate itself, where a high security standard is provided through storage and evaluation of the necessary key material in the respective. Web server because the key material itself is not transmitted, but only authentication messages for the local use of the key material are instead transmitted.

Abstract: Providing joint access to an isolated computer object by both an isolated computer application and a non-isolated computer application. In one embodiment, a method may include executing a first computer application as a virtualized first computer application in an isolation layer, executing a second computer application as an actual second computer application in an operating system outside the isolation layer, creating a virtualized second computer object in the isolation layer in a location accessible to the virtualized first computer application, creating a gateway third computer object associated with the virtualized second computer object, storing the gateway third computer object outside the isolation layer in a location accessible to the operating system, and enabling joint access to the gateway third computer object by both the virtualized first computer application and the actual second computer application.

Abstract: A certification management system helps an organization develop and maintain a repository of current certification status of employees. The system may integrate multiple learning management systems and other enterprise level systems across the organization. The system facilitates identifying and enrolling targeted employees for any number and type of certification programs. The system may also implement and support reconfiguring certification programs, for example, during training, and enforcing recertification requirements according to maturing business needs. The system provides automated workflows that facilitate a formal, structured approach to the development and recognition of specific specialized skills at scale by infusing more consistency, rigor, and objectivity.

Abstract: A method includes generating a first media file that includes a plurality of first media file segments, generating a second media file as a copy of the first media file, the second media file includes a plurality of second media file segments, embedding a first watermark with the plurality of first media file segments, embedding at least one second watermark with the plurality of second media file segments, generating a manifest file based on a portion of the plurality of first media file segments and a portion of the plurality of second media file segments, the manifest file including a plurality of addresses each referencing a media file segment, and encrypting each of plurality of addresses.

Abstract: Method and apparatus for a system to harden digital consents. The system uses an evaluation of geographic locations, transaction times, and device identities to control the upload of consent data. Evaluations occur using numerous techniques including MAC address evaluation, IP address evaluation, meta-data evaluation, and physical location of restricted equipment such as ATMs and kiosks. Reliability of consent data entered into the system may be enhanced by strictly evaluating geographic locations, transaction times, and/or device identities.

Abstract: Disclosed are systems to apply customized permission settings to protect particular portions of a document, and, in particular, documents that are of bitstream datatypes, encoded or not encoded, e.g., an audio filetype such as the MP3 audio format. The custom access permission settings may be implemented by obfuscating the protected portions of the original bitstream and then embedding “secret,” e.g., hidden and/or encrypted, versions of the obfuscated portions in parts of the data structure of the original file, e.g., in the form of “layers” that are held within audio stream containers such as channels. The content of the individual encrypted audio stream containers may then be decrypted according to each recipient's permissions and layered on top of the obfuscated portions of the encoded media file before being rendered to the recipient.

Abstract: Methods, network controllers, and machine-readable and executable instructions are provided for network controller provisioned MACsec keys. A network controller can provision a first network device with a media access control security (MACsec) key for a MACsec flow. The network controller can provision a second network device with the MACsec key for the MACsec flow.

Abstract: Users desire a communications system that allows the users to apply customized privacy settings (and, optionally, encryption keys) differently to particular portions of a document—even if the document is of a ‘lossy’ file type, e.g., a JPEG image. The custom access permission settings may be implemented by obfuscating portions of the original file and then embedding “secret,” e.g., hidden and/or encrypted, versions of the obfuscated portions in parts of the data structure of the original lossy file in the form of “layers” (e.g., the bit-equivalent of PNG layers). The individual encrypted layers may then be decrypted according to each recipient's permissions and layered on top of the original lossy file ‘in memory’ before being displayed to the recipient. The use of multiple encrypted layers allows for the visual revelation of the content of the original lossy file without modifying the actual underlying image content of the original lossy file.

Abstract: The invention relates to a method for managing the use, in a terminal, of a plurality of security modules (SIM1, SIM2) managed by an entity (STK) capable of requiring the provision of security codes in order to unlock the modules. The method is characterized in that it comprises: a first phase of accessing the modules (PH1), including a step of receiving (ET13-1, ET13-2), by the entity, codes of the modules, a step of transmitting (ET14-1, ET14-2) the received codes to the security modules, followed by a step of storing (ET16), in a security module referred to as the main module, at least one code received by the entity relative to a module (SIM2) other than the main module; and a second subsequent access phase during which the unlocking of the main module is followed by a step of transmitting at least one code from the main module to at least one other security module (SIM2) corresponding to said at least one code.

Abstract: The disclosed embodiments include processes that manage a cryptographically secure generation and exchange of data between network-connected systems operating within a computing environment using a permissioned distributed ledger. For example, and based on secure interaction with a distributed smart contract maintained within ledger blocks of the permissioned distributed ledger, an apparatus and a counterparty system may generate local symmetric encryption keys that facilitate a secure communication session between the apparatus and the counterparty system. Using the symmetric encryption key, the apparatus may generate a cryptographically secure representation of generated or obtained data, which may be transmitted to the counterparty system across the secure communications channel.

Abstract: Disclosed are systems to apply customized permission settings to protect particular portions of a document, and, in particular, documents that are of bitstream datatypes containing multiple channels of audio, encoded or not encoded. The custom access permission settings may be implemented by obfuscating the protected portions of the original bitstream and then embedding “secret,” e.g., hidden and/or encrypted, versions of the obfuscated portions in parts of the data structure of the original file, e.g., in the form of “layers” that are held within audio stream containers such as channels. The content of the individual encrypted audio stream containers may then be decrypted according to each recipient's permissions and layered on top of the obfuscated portions of the encoded media file before being rendered to the recipient.

Abstract: A device may receive a message associated with initiating a secure socket layer session or a transport layer security session (SSL/TLS session). The device may identify a decryption profile associated with managing encrypted traffic associated with the SSL/TLS session. The device may determine a server indicator included in the message. The device may determine whether the decryption profile includes information associated with the server indicator. The device may selectively manage the encrypted traffic associated with the SSL/TLS session using a first decryption technique or a second decryption technique based on determining whether the decryption profile includes information associated with the server indicator, where the first decryption technique may be different from the second decryption technique.

Abstract: A network device decrypts a record, received from a client device, that is associated with an encrypted session between the client device and an application platform. The network device incorporates decrypted record data, from the decrypted record, into a payload field of a transmission control protocol (TCP) packet to be transmitted to another device, identifies a record header in the record, and determines, based on the record header, a record type associated with the decrypted record. Based on the record type, the network device marks the one or more TCP packets as including urgent data by setting a TCP urgent control bit in a header of the one or more TCP packets, and sets a second field, in the header of the TCP packet, to a second value that identifies an end of the urgent data, which corresponds to an end of the decrypted record data in the payload field.

Abstract: In an example embodiment, posterior distribution based percentiles for confidential data submitted to a computer system are computed. Then empirical percentiles are computed for the confidential data. A convex combination factor is computed based on a ratio between a number of valid entries in a cohort of the confidential data values and a combination of the number of valid entries in the cohort and the number of valid entries in a parent cohort of the cohort. Then, for each percentile of interest, a convex combination of the empirical percentile and the posterior distribution based percentile is calculated, using the convex combination factor to weight the empirical percentile.

Abstract: Data verification in federate learning is faster and simpler. As artificial intelligence grows in usage, data verification is needed to prove custody and/or control. Electronic data representing an original version of training data may be hashed to generate one or more digital signatures. The digital signatures may then be incorporated into one or more blockchains for historical documentation. Any auditor may then quickly verify and/or reproduce the training data using the digital signatures. For example, a current version of the training data may be hashed and compared to the digital signatures generated from the current version of the training data. If the digital signatures match, then the training data has not changed since its creation. However, if the digital signatures do not match, then the training data has changed since its creation. The auditor may thus flag the training data for additional investigation and scrutiny.

Abstract: In an example embodiment, an anonymized set of confidential data values is obtained for a plurality of combinations of cohorts having a first attribute type and a second attribute type. A matrix of the confidential data values having the first attribute type as a first axis and the second attribute type as the second axis is constructed. A set of candidate low rank approximations of the matrix is calculated using an objective function evaluated using a set of candidate data transformation functions, the objective function having one or more parameters and an error function. One or more parameters that minimize the error function of the objective function are minimized to select one of the candidate low rank approximations of the matrix. Then one or more cells that are missing data, of the selected one of the candidate low rank approximations of the matrix, are inferred.

Abstract: In an example, a submission of a confidential data value of a first confidential data type is received from a first user with one or more attributes. A plurality of previously submitted confidential data values of a first confidential data type for a cohort matching the one or more attributes of the first user are retrieved. Then, one or more intermediate cohorts are derived by generalizing each of the one or more attributes of the cohort up at least one level in a different taxonomy corresponding to each of the one or more attributes. One or more of the intermediate cohorts are selected, and a parameterized distribution is fitted to the previously submitted confidential data values that are contained within the selected one or more of the intermediate cohorts, outputting one or more estimated parameters for each of the selected one or more of the intermediate cohorts. A lower limit for the first confidential data type is then set based on the one or more estimated parameters.

Abstract: A system, apparatus, method, and machine readable medium are described for sharing authentication data.

Abstract: An apparatus and method by which a user device in a home network system transmits home-device-related information is provided. The method includes acquiring, from at least one home device, a unique user identifier (UUID) for a related home device, a peer ID (peer ID) which is managed by a connectivity server for managing a connection between the user device and the related home device and that identifies the related home device, a peer group ID for identifying a group of home devices that have registered with a service server for managing device information on the related home device, and a device token containing key information for authenticating the connection to the related home device, selecting a specific user device which will share the UUID, peerID, peer group ID and device token from among neighboring devices, and transferring the UUID, peerID, peer group ID, and device token to the specific user device on the basis of a predetermined sharing method.

Abstract: Methods and systems are provided for efficient and secure “Machine-to-Machine” (M2M) between modules and servers. A module can communicate with a server by accessing the Internet, and the module can include a sensor and/or actuator. The module and server can utilize public key infrastructure (PKI) such as public keys to encrypt messages. The module and server can use private keys to generate digital signatures for datagrams sent and decrypt messages received. The module can internally derive pairs of private/public keys using cryptographic algorithms and a set of parameters. A server can use a shared secret key to authenticate the submission of derived public keys with an associated module identity. For the very first submission of a public key derived the module, the shared secret key can comprise a pre-shared secret key which can be loaded into the module using a pre-shared secret key code.