Abstract: Various implementations described herein are directed to providing time-dependent authentication of a sending device. A message to a designated receiver is prepared. A portion of at least one secret identifier value of the sending device is retrieved. A portion of time information is retrieved. An authentication field is produced using the portion of the at least one secret identifier value and the portion of the time information. The authentication field is attached to the message. The message is transmitted to the designated receiver.

Abstract: A first storage device or first storage disk including first executable instructions that, when executed, cause a processor to at least: in response to determining a variable associated with a memory page that (1) has been loaded into local memory from a second storage device and (2) has been accessed from the local memory, has a first state, identify the memory page as a modified memory page, the memory page including second executable instructions. The first instructions also cause the processor to, in response to determining the second executable instructions of the modified memory page have been changed since a previous analysis of the modified memory page, perform anti-malware analysis of at least a portion of the modified memory page.

Abstract: A data management device (10) includes an insertion position determiner (121) to determine an insertion position of dummy data to be inserted into transmission target data, a dummy data inserter (122) to insert the dummy data in the insertion position of the transmission target data to create dummy-inserted data, an insertion position encryptor (123) to encrypt data indicating the insertion position with a public key (PUBa) to create insertion-position-encrypted data; and a deliverer (110) to deliver the dummy-inserted data and the insertion-position-encrypted data.

Abstract: Artificial intelligence, big data, and crowd sourcing techniques are utilized to efficiently and effectively determine permissions that should be granted to a party within an organization. In one example, the permissions granted to a party within an organization are determined using one or more algorithms to identify, weight, and correlate historical and current permissions to party attributes for parties within the organization and/or for similar parties in similar organizations. In one example, the activity of the party within the organization is then monitored and the permissions granted the party are automatically modified as needed to allow the party to perform their tasks in the organization as the party's responsibilities within the organization evolve.

Abstract: Described are techniques for secure workload configuration including a method comprising receiving a workload definition file at a worker node and from a master node, where the workload definition file comprises an encrypted immutable definition, a partially immutable definition with a predefined range of values and a first value modified by the master node, and a variable definition with a second value modified by the master node. The method further comprises decrypting, by the worker node, the encrypted immutable definition to generate a decrypted immutable definition. The method further comprises verifying, by the worker node, that the first value satisfies the predefined range of values. The method further comprises, in response to decrypting the encrypted immutable definition and verifying that the first value satisfies the predefined range of values, executing a workload based on the workload definition file in a virtual computing environment.

Abstract: There is provided mechanisms for handling access to a service in a network. A method is performed by a network controller. The method comprises obtaining an indication of the service is accessible in the network. The indication is received from a network switch operatively connecting a server of the service to the network. The indication causes a timer to start. The method comprises obtaining an indication of a client requesting to access the service. The indication is received from the network switch. The method comprises recording, only when the timer has not yet expired, identity information of the client in an access control list. The method comprises providing the access control list at least to the network switch upon expiration of the timer.

Abstract: A method for key agreement between a first party and a second party over a public communications channel, the method including selecting, by the first party, from a semigroup, a first value “a”; multiplying the first value “a” by a second value “b” to create a third value “d”, the second value “b” being selected from the semigroup; sending the third value “d” to the second party; receiving, from the second party, a fourth value “e”, the fourth value comprising the second value “b” multiplied by a fifth value “c” selected by the second party from the semigroup; and creating a shared secret by multiplying the first value “a” with the fourth value “e”, wherein the shared secret matches the third value “d” multiplied by the fifth value “c”.

Abstract: The present invention is generally related to client and computing platforms that may be used for conducting secure transactions.

Abstract: Systems and methods for encrypted content management are provided and include generating an asymmetric key pair for a user, including a user private key and a user public key. A symmetric encryption key is generated based on unique information known to the user. The user private key is encrypted using the symmetric encryption key to generate a user escrow key. Plaintext data is encrypted into ciphertext data using a content symmetric key and stored in a data storage unit. An ephemeral pair of keys is generated and includes an ephemeral public key and an ephemeral private key. A shared-secret key is generated based on the ephemeral private key and the user public key using a diffie-hellman exchange algorithm and the content symmetric key is encrypted using the shared-secret key. The encrypted content symmetric key and the ephemeral public key are stored in an encrypted content management storage unit.

Abstract: Methods and systems for obtaining a high trust digital signature from a signer utilizing a high trust signature mobile device are described. Some embodiments include receiving, at the high trust signature mobile device, a signature request regarding a document that requires a high trust digital signature. The signature request includes a one-time signer authentication code. The document that requires the high trust digital signature is displayed on the mobile device. Then a plurality of signer verification elements is obtained. Obtaining a plurality of signer verification elements includes obtaining from the signer a signer-specific password. Furthermore, it includes automatically applying the one-time signer authentication code obtained from the signature request. Then the signature request is replied to by providing the plurality of signer verification elements to a server system for verification. Once the signer verification elements are validated, the high trust signature is applied to the document.

Abstract: A method for providing external access into a secured networked virtualization environment, includes performing a leadership election amongst nodes of the secured networked virtualization environment to elect a leader node, assigning a cluster virtual IP address to the leader node and generating a reverse tunnel, using a processor, by the leader node to allow for an external entity to communicate with the secured networked virtualization environment.

Abstract: One or more embodiments of the disclosure include systems and methods that generate and utilize digital visual codes. In particular, in one or more embodiments, the disclosed systems and methods generate digital visual codes comprising a plurality of digital visual code points arranged in concentric circles, a plurality of anchor points, and an orientation anchor surrounding a digital media item. In addition, the disclosed systems and methods embed information in the digital visual code points regarding an account of a first user of a networking system. In one or more embodiments, the disclosed systems and methods display the digital visual codes via a computing device of the first user, scan the digital visual codes via a second computing device, and provide privileges to the second computing device in relation to the account of the first user in the networking system based on the scanned digital visual code.

Abstract: This relates to personal information management. Various embodiments disclosed herein relate to a personal information management device, a personal information management system, a personal information management method, and a computer-readable non-transitory medium that records the personal information, for example, a personal information management method based on a blockchain or by using a smart contract based on a blockchain, a portable electronic device and a system operating to manage personal information, and a computer-readable non-volatile recording medium having a computer code recorded therein, required for the personal information management.

Abstract: The present disclosure generally relates to a translucid access method and apparatus to a host allowing access to data contained within the host.

Abstract: A storage server communicating with a backend storage provider, such as a cloud-based provider, performs processes for backing up encrypted data in the backend storage in a data cache shared by multiple decentralized applications, to allow a user of a frontend client to revert to a prior version of an encrypted file if that encrypted file has been compromised by one of the decentralized applications, where the storage server performs no encryption of the data and is not exposed to encryption keys.

Abstract: A directive based access system and method manage access permissions in systems. In one embodiment, the directive based access system and method may be used to orchestrate effective secure access control and communications in multi-cloud distributed systems. In one implementation, the directive based access system and method may include a lineage traceability enforcement engine that uses a lineage traceability. The directive based access system and method may also be implemented using other mechanisms such as blockchain based Hyperledger based system.

Abstract: A transfer of master data is executed in a backend computing system. The master data includes user data and system data. The transfer of master data includes receiving user data associated with a particular user identifier in the backend computing system, transferring the received user data to an event stream processor, receiving system data associated with a particular log providing computing system in the backend computing system, transferring the received user data to the event stream processor, and executing a transfer of log data associated with logs of computing systems connected to the backend computing system.

Abstract: The present invention discloses an intelligent cloud server for cloud storage information management and encryption. In some embodiments, the intelligent cloud server can save and store documents without the need of first saving them in a local drive for upload. Upon storage, the document can be scanned and classified in a security level according to pre-determined settings and parameters. In some embodiments, depending on the classification, the system can encrypt portions of the document in order to facilitate the sharing and access of information in a secure way. Encryption keys and access to the encrypted portions are only provided upon authentication of the user, network, and/or need, according to corresponding protocols for the information.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Managing user access to data of a social media account, by providing a first user with access to data of a social media account of a second user based on determining that a first data access request by the first user conforms to an expected data access pattern.