Abstract: A system for presenting a clinical process of a patient in a clinical facility having a network, a system backend communicable with the network, and at least one mobile device communicable with the system backend, the mobile device comprising a mobile processor and a display, the mobile processor configured to operate in at least one first user interface mode and at least one second user interface mode, where the mobile processor is configured to enable the operation of at least one built-in function when operating in the at least one first user interface mode and where the mobile processor is configured to disable the operation of the at least one built-in function when operating in the at least one second user interface mode.

Abstract: Certain aspects of the present disclosure provide techniques for entering user credentials through a proxy. One example method generally includes receiving, at a user device, a push request for user data from a cloud server and receiving a request file from an aggregation system. The method further includes injecting user credentials stored on the user device into the request file, wherein when injected the user credentials replace at least one dummy entry of the request file, and transmitting the request file to a data source associated with the request file. The method further includes receiving user data from the data source and transmitting the user data to the aggregation system.

Abstract: Techniques for validating digital certificate information before signing are described. A method of validating digital certificate information before signing may include generating a to-be-signed (TBS) certificate, providing the TBS certificate to a certificate pre-issuance validation service to perform one or more validations on the TBS certificate, and receiving a request to issue a signed certificate based on the TBS certificate following validation of the TBS certificate by the certificate pre-issuance validation service.

Abstract: An embodiment device comprises a first processing unit configured to process an initial data line and deliver a first processed data line, a first delay unit coupled to the output of the first processing unit and configured to deliver a delayed first processed data line delayed by a first delay, a second delay unit configured to deliver the delayed initial data line delayed by a second delay, a second processing unit coupled to the output of the second delay unit and configured to process the delayed initial data line and deliver a delayed second processed data line, and a comparison unit configured to compare the contents of the delayed first and second processed data lines and deliver a non-authentication signal if the contents are not identical, the first and second delays being equal to a variable value.

Abstract: Example methods and system for providing content are disclosed. One or more cryptographic keys may be generated. At least a portion of the one or more cryptographic keys may be used to generate a token associated with a user interface service. The token may indicate a valid origin domain. The token may be provided to a user device, which may use the token to request content from a content service. The content service may authorize the request based on a comparison of the valid origin domain and an origin identifier associated with the request.

Abstract: A method including encrypting, by a processor associated with a user device, authentication information associated with authenticating the user device with a service provider, the authentication information including first factor authentication information for determining a first factor and second factor authentication information for determining a second factor; detecting, by the processor, an attempt to access a service to be provided by the service provider; determining, by the processor based at least in part on detecting the attempt, the first factor based at least in part on decrypting the first factor authentication information and the second factor based at least in part on decrypting the second factor authentication information; and enabling, by the processor, authentication of the user device with the service provider based at least in part on utilizing the first factor and the second factor. Various other aspects are contemplated.

Abstract: Aspects include encrypting data based at least in part on a session key to generate encrypted data. The session key is encrypted based at least in part on a sender key to generate an encrypted session key. A request for an encrypted sender key index is transmitted to the key management system (KMS), the request includes an index of the sender key and an index of each of one or more additional keys. The encrypted sender key index is received from the KMS. An object that includes the encrypted data, the encrypted session key, the index of each of the one or more additional keys, and the encrypted sender key index is generated. Access to the data via the object is controlled based at least in part on whether a receiver has access to the sender key and to the one or more additional keys.

Abstract: Techniques are disclosed to provide enforceable pseudonymous reputation through chained endorsers. In various embodiments, a request associated with a chained endorsement operation is received via a communication interface. A client identity information is extracted from the request. Data comprising or associated with the client identity information is combined with a secret value. A one-way transform of the combined value is performed. A result of the one-way transform is returned to a client with which the chained endorsement operation is associated.

Abstract: A method is disclosed. A node in a plurality of nodes can perform an identity set generation process. The node can then determine a leader node. The node may diffuse an identity set from each node of the plurality of nodes to the plurality of nodes. The node can then determine a majority set including identities occurring in at least one half of the identity sets, wherein the leader node diffuses the majority set of the leader node to the plurality of nodes. The node can verify the majority set of the leader node. The node may then update the identity set based on the majority set of the leader node.

Abstract: Systems and methods provide decentralized MEC compute services. A network device receives, from a user device associated with a user account, an access request for Multi-access Edge Computing (MEC) services. The user account includes a MEC service token that indicates parameters for the MEC services. The network device validates a user of the user device to access MEC services for the user device; removes, after the validating, the MEC service token from the first user account; and grants, based on the removing, access to a MEC cluster by the user device, wherein granting access includes granting access according to the parameters.

Abstract: An unlock method and system for an air-conditioning unit. The unlock system includes: a display apparatus; an input apparatus; and a control apparatus in communication with the display apparatus and the unlock system is configured to perform the following operations: generating a dynamic graphic according to at least an identification code and an update code; generating an unlock password according to at least a certificate, the identification code and the update code; receiving an unlock password through the input apparatus; comparing the unlock password received from the input apparatus with the generated unlock password; and granting a corresponding permission if the acquired unlock password is consistent with the generated unlock password.

Abstract: The present disclosure relates to a trustworthy data exchange. Embodiments include receiving, from a device, a query, wherein the query comprises a question. Embodiments include identifying particular information related to the query. Embodiments include receiving credentials from a user for retrieving the particular information related to the query. Embodiments include retrieving, using the credentials, the particular information related to the query from one or more data repositories that are part of a distributed database comprising an immutable data store that maintains a verifiable history of changes to information stored in the distributed database. Embodiments include determining, based on the particular information related to the query, an answer to the query. Embodiments include providing the answer to the device.

Abstract: Disclosed herein are systems and methods executing a security server that perform various processes using alert elements containing various data fields indicating threats of fraud or attempts to penetrate an enterprise network. Using alert elements, the security server generate integrated alerts that are associated with customers of the system and assign a risk score for the integrated alerts, which the security server uses to store and sort the integrated alerts according to a priority, based on the relative risk scores. Analyst computers may query and fetch integrated alerts from an integrate alert database, and then present the integrate alerts to be addressed by an analyst according to the priority level of the respective integrated alerts. This allows to ensure that the right customer, is worked by the right analyst, at the right time, to maximize fraud prevention and minimize customer impact.

Abstract: Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a server may receive, from a client, a request to authenticate a user to a service. The server may access key-pair information that includes, for a server key-pair, a first component of a server private key and, for a client key-pair, a client public key and a first component of a client private key. The server may generate a partial signature value that is based on the first component, but not the entirety, of the server private key. The server may send, to the client, an authentication challenge that includes challenge information and the partial signature value. The server may then determine whether to authenticate the user based on an authentication response from the client.

Abstract: Improved pseudonym certificate management is provided for connected vehicle authentication and other applications. Temporary revocation of a certificate is enabled. With respect to Security Credential Management Systems (SCMS), pre-linkage values can be employed. The pre-linkage values can be encrypted using homomorphic encryption. Other embodiments are also provided.

Abstract: Secure communications can be established in which a request is received from a client computing device to instantiate a virtual key store (VKS) node. In response to the request, a cryptographically calculated uniform resource locator (URL) is generated. In addition, a crytopgraphic identity certificate is received from a certification authority server. Subsequently, a virtual desktop infrastructure (VDI) instance is instantiated and configured with the cryptographic identity certificate. Communications are then established between the client computing device and the VDI instance using the generated cryptographically calculated URL such that the VDI instance acts as a cryptographic proxy with at least one remote computing device.

Abstract: A method, system, and computer program product for running workflows and events using a stateless orchestrator includes: receiving first task data for a first task, where the first task data is information necessary for execution of the first task. The method may also include transmitting a request for a worker node to a provider, where the provider creates the worker node. The method may also include receiving a request from the worker node for the first task data. The method may also include transmitting the first task data to the worker node, where the worker node executes the first task. The method may also include, receiving results of the execution of the first task from the worker node. The method may also include, in response to the receiving the results, transmitting the results to a database.

Abstract: The invention relates generally to the field of content authentication, and more particularly, to a system and methods for verifying the authenticity of content output to a user. In certain preferred embodiments, the content is verified by identifying the source data of the content, distributing the content, and authenticating the distributed content. Where the content has not been changed, the system may authenticate the content using a cryptographic hash. When minor changes to the content are made, the system may use a perceptual hash to authenticate the content. Further, the system may utilize machine learning algorithms to identify patterns between the same content in, for example, multiple formats and sizes. Advantageously, the content that is uploaded to the system may be used to train machine-learning models that the system may use to authenticate content that has been converted but unmanipulated.

Abstract: An improved One Time Password (iOTP) is used in a two-factor authentication mechanism to decode a username, and the inherent security of the iOTP eliminates the need for a password. When the user is identified by the iOTP, a second challenge is sent. The second challenge may be confirmed by user biometrics or via a PIN code if the user's device does not support biometrics. Benefits of the subject invention include: (1) no username, which eliminates exposure to multiple domain attacks (i.e., attacks on other sites with the same username) that attempt to extract passwords from less secure sites (e.g., where a user used the same username and password across multiple sites); and (2) password-less access—the iOTP replaces both the username and password function, thereby eliminating the need for the user to manage multiple usernames and passwords.

Abstract: The disclosed technology provides for packaging a secure cloud workload at a workload provisioning service. A unique device identifier is received from an edge device. The unique identifier is associated with the edge device. A unique packaging key is cryptographically generated based on the received unique device identifier, a unique workload identifier corresponding to a secure cloud workload to be executed on the edge device, and a nonce. The secure cloud workload is encrypted to generate a packaged secure cloud workload using the cryptographically generated unique packaging key. The encrypted secure cloud workload is transmitted to the edge device. The edge device is capable of independently cryptographically generating the unique packaging key using the unique device identifier, the unique workload identifier, and the nonce. The edge device is also capable of decrypting the packaged secure cloud workload using the generated unique packaging key cryptographically generated by the edge device.

Abstract: Systems and methods are provided for object identifier translation using a key pairs platform in a virtualized or cloud-based computing system. A key pair refers to a pair of identifiers held by an entity. Each key pair includes at least one anonymized object identifier. Advantageously, the key pair system protects privacy and provides anonymity for objects by not disclosing the identity of the objects or the underlying data associated with the objects.

Abstract: Example methods are provided for a host to perform authentication offload in a virtualized computing environment that includes the host and a destination server. The method may comprise detecting, from a virtualized computing instance, a packet destined for the destination server. The method may also comprise: in response to determination that the detected packet is an authentication request, obtaining, from the virtualized computing instance, metadata associated with a client application for which authentication is requested; and sending the authentication request and the metadata to the destination server to cause the destination server to authenticate the client application based on the metadata.

Abstract: Methods and systems for establishing a chain of relationships are disclosed. An identity verification platform receives a first request for registration comprising an identification of a first user, identification of an entity, and a relationship between the first user and the entity; verifies the identity of the first user and the relationship between the first user and the entity; and verifies that the entity is legitimate. Once a relationship between a first individual, invited by the first user, and the entity is confirmed, the platform creates a custom badge representing the relationship between the first individual and the entity for display on the entity's website. The platform receives an identification of a selection by an end user of the custom badge and, responsive to receiving the identification of the selection, renders, on a domain controlled by the identity verification platform, a verification that the relationship between the first individual and the entity is valid.

Abstract: Systems and methods of automatically controlling a user's data footprint are provided. Data associated with a user may be analyzed to determine an action the user is preparing to take. Based on the analysis, a potential risk associated with the action the user is preparing to take may be identified. The potential risk associated with the action the user is preparing to take may be, for example, a data security risk, a data privacy risk, a physical risk, a risk of damage to property, and/or a financial risk. A notification indicating the potential risk associated with the action the user is preparing to take may be provided to the user. The notification may include one or more suggestions for mitigating the potential risk associated with the action the user is preparing to take.

Abstract: A method of exchanging information with network devices using web browsers includes executing an application on a client device to implement a local web server on the client device, loading in a web browser on the client device a webpage independent of the web browser and including a script for generating a first request to the local web server, accepting the first request from the web browser by the local web server, and sending requested information to the web browser by the local web server. In some embodiments, the method also includes generating a second request to a remote server by the web browser and using the script, where the second request includes the requested information sent to the web browser.

Abstract: Presented herein are techniques for GPS attack prevention in association with wireless communication devices. In at least one embodiment, a method may include receiving, at a mobile device from a first access point (AP), first location information and one or more of a first token or first neighbor information relating to neighboring APs. The mobile device may receive from a second AP, second location information and one or more of a second token or second neighbor information relating to neighboring APs. The first token may be compared to the second token to determine whether the first and second tokens are consistent, and/or the first neighbor information may be compared to the second neighbor information to determine whether the first and second neighbor information are consistent. It may be determined whether the first location information provided by the first AP and the second location information provided by the second AP are valid based on the comparison(s).

Abstract: A key management apparatus receives a key request including a first device identification information and a second device identification information, encrypts a common key using the first device identification information to generate a first encrypted common key, encrypts the common key using the second device identification information to generate a second encrypted common key, and transmits a key response including the first encrypted common key and the second encrypted common key. A first device receives the key response, decrypts the first encrypted common key using the first device identification information to obtain the common key, and transmits the second encrypted common key. A second device receives the second encrypted common key and decrypts the second encrypted common key using the second device identification information to obtain the common key.

Abstract: Methods are provided to authorize a secondary user device for a network service provided over a network. Responsive to receiving a request from a primary user device, a voucher may be transmitted over the network to the primary user device. A request for an authorization waiver may be received from the secondary user device over the network, wherein the request for the authorization waiver includes the voucher that was transmitted to the primary user device. Responsive to receiving the request from the secondary user device including the voucher, an authorization waiver may be transmitted to the secondary user device. Related methods of operating primary and secondary user devices are also discussed.

Abstract: Methods and systems for consensus-based online authentication are provided. An encryption device may be authenticated based on an authentication cryptogram generated by the encryption device. The encryption device may transmit a request for security assessment to one or more support devices. The support devices may individually assess the encryption device, other security devices, and contextual information. The support devices may choose to participate in a multi-party computation with the encryption device based on the security assessments. Support devices that choose to participate may transmit one or more secret shares or partial computations to the encryption device. The encryption device may use the secret shares or partial computations to generate an authentication cryptogram. The authentication cryptogram may be transmitted to a decryption device, which may decrypt the authentication cryptogram, evaluate its contents, and authenticate the encryption device based on its contents.

Abstract: One or more computing devices, systems, and/or methods are provided. A request for content associated with a device and/or a set of request information associated with the request for content may be received. A content item may be transmitted to the device. A set of client information associated with the device may be received. The set of client information may be analyzed to determine a fraudulence label associated with the request for content. Fraud detection information generated based upon the set of request information, the set of client information and/or the fraudulence label may be stored in a fraud detection database. A second request for content associated with a second device and/or a second set of request information associated with the second request for content may be received. A second fraudulence label may be determined based upon the second set of request information and/or the fraud detection database.

Abstract: A request is received from a computing device for substitute data, with access to the substitute data being contingent upon successful multi-factor authentication of the first service. Signature data based on the request is generated using a first key of public-private key pair. Credential proof and the signature is provided to a second service, which verifies the credential proof as a first factor of the multi-factor authentication and verifies, using a second key, the signature as a second factor of the multi-factor authentication. The substitute data is obtained as a result of authentication by the second service. The computing device is caused, by providing the substitute data to the computing device, to input the substitute data into the interface in place of data associated with the first entity.

Abstract: Techniques are disclosed to provide enforceable pseudonymous reputation through chained endorsers. In various embodiments, a request associated with a chained endorsement operation is received via a communication interface. A client identity information is extracted from the request. Data comprising or associated with the client identity information is combined with a secret value. A one-way transform of the combined value is performed. A result of the one-way transform is returned to a client with which the chained endorsement operation is associated.

Abstract: A method of improving data security or privacy in a computing environment includes providing a group identifier value to at least a first user of one or more users and associating a first pseudonym with the first user. The method further includes encrypting a first data set according to a private key and marking the encrypted first data set according to the group identifier and the first pseudonym. The method also includes performing a first operation on the encrypted first data set and transforming the encrypted first data set into an encrypted second data set according to the first operation performed and the first pseudonym, decrypting the encrypted second data set using the private key, and analyzing the decrypted second data set.

Abstract: Various embodiments of network access control (NAC) systems and methods are provided herein to control access to a network comprising a plurality of network endpoint nodes, where each network endpoint node includes a policy information point and a policy decision point. The policy information point within each network endpoint node stores a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions. Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node executes the smart contract to determine whether the client device should be granted access, denied access or have restricted access to the network, and executes consensus algorithm to select one of the network endpoint nodes to be a policy decision point leader.

Abstract: A method for providing performance assessment of terminal devices is provided. A user initiates, by way of a service application that runs on a user device of the user, a first request for obtaining risk scores or connectivity scores of the terminal devices. The first request may include terminal identifiers of specific terminal devices or information pertaining to a specific geographical area. The user device communicates the first request to a server. The server determines the risk scores or the connectivity scores based on the first request. The server transmits, to the user device, a first response that includes the risk scores or the connectivity scores. The user device displays the risk scores or the connectivity scores to the user based on the first response, thereby providing the performance assessment of the terminal devices.

Abstract: One or more computing devices employs a method that includes requesting a transient credential (e.g., a one-time PKI certificate) as a first identity credential for an application component instance based on a unique identifier associated with the application component instance. The method includes requesting a dynamically-created second identity credential for the application component instance of the application using a request signed (e.g., using the public key of the first identity PKI certificate) based on the transient credential. The method includes receiving the dynamically-created second identity credential and using the dynamically-created second identity credential in a cryptographic function by the application component instance; and managing the replacement of this credential in environments without persistent archival storage accessible by the device/application.

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

Abstract: A system trains a machine learning based model to predict the likelihood of an outcome for an entity, for example, a user. The system determines, for a particular prediction for a user, impact scores that indicate how each feature of the user impacted the prediction for that user. The feature impact scores are ranked to select features for the user that had the highest impact on the prediction. The system generates a description for the high impact features and provides the description, for example, for display via a user interface.

Abstract: A policy auditing service can be implemented, in accordance with at least one embodiment that obtains a set of parameters that indicates a snapshot of a policy configuration for an account, a query, and a security policy. The security policy may encode a security requirement or invariant. The policy auditing system may determine states that can be reached via mutative operations (e.g., role assumption) and use a policy analyzer service to determine whether assuming a role results in a grant of access that is at least as permissive as the security policy of the set of parameters.

Abstract: Disclosed is a data communication method of a V2X communication device. The data communication method of a V2X communication device comprises the steps of: transmitting a device discovery message; receiving, from an external V2X communication device, a discovery response message for the device discovery message; and performing a security authentication authenticating a second authentication token included in the discovery response message.

Abstract: A verification system, includes: an arithmetic/logic unit (“ALU”) to perform one or more mathematical operations and compare selected variables; a register to hold a value from a comparison of selected variables performed by the ALU; an instruction decoder to provide read and write commands to memory; an address bus to provide an address to memory for a read or write operation; and a data bus to provide or access data for a write or read operation to or from memory, wherein the ALU generates and provides a recipient identifier to a target computational device, the recipient identifier being related to an identity of the target computational device and/or a target device human operator, and write the recipient identifier to memory in response to a write command issued by the instruction decoder and, as a part of a transaction, the ALU receives, from a user computational device of a first user, the recipient identifier and a credential of the first user and/or user computational device, compares each of the rec

Abstract: Systems and methods of secure analytics using an encrypted analytics matrix are disclosed herein. An example method includes encoding an analytic parameter set using a homomorphic encryption scheme as a homomorphic analytic matrix, wherein the homomorphic analytic matrix is generated by extracting a set of term components from an analytic and the analytic parameter set using a term generator function; transmitting a processing set to a server system, the processing set including at least the homomorphic analytic matrix and a keyed hashing function; and receiving a homomorphic encrypted result from the server system, the server system having utilized the homomorphic encryption scheme and the keyed hashing function to evaluate the homomorphic analytic matrix over a datasource.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically manage exchanges of data using a cryptographically secure distributed ledger and homomorphic commitments. For example, and in response to an occurrence of a triggering event, an apparatus may obtain parameter values that characterize the data exchange, first commitment values representative of the parameter values, and a first digital signature. In response to a verification of the first digital signature, the apparatus may apply a second digital signature to commitment data that includes the first commitment values and a second commitment value representative of the first digital signature. The apparatus may transmit a signal that includes the commitment data and the second digital signature to a computing system, which generates an element of distributed ledger that includes the commitment data and the second digital signature in response to a verification of the second digital signature.

Abstract: The techniques described herein related to methods, apparatuses, and computer readable media configured to provide automatic mitigation of security threats. The automatic mitigation includes monitoring network switch traffic that is associated with a port of the network switch, a MAC address of a connected device, or both. Based on a set of switch traffic rules, it is determined whether the network switch traffic is indicative of a potential network security threat. When is indicative of a potential network security threat, the network switch traffic associated with the port of the network switch, the MAC address of the device, or both, is restricted. Identification information for a user associated with the port of the network switch is provided to an authentication process that the user associated with the port may access. Upon receiving a valid authentication from the authentication process, derestricting the network switch traffic associated with the port.

Abstract: Implementations of the present specification provide a blockchain-based identity verification method and related hardware. The method includes: An agent client generates an identity verification request based on identity verification input information of a business platform, the identity verification input information indicating an identity verification parameter for identity verification and an identity verification platform that executes the identity verification. The agent client sends the identity verification request to the identity verification platform. The identity verification platform performs identity verification on the identity verification parameter to obtain a result of the identity verification. The identity verification platform submits a transaction including a verifiable credential of a result of the identity verification to a blockchain.

Abstract: A multicast service processing method and an access point are disclosed. The method includes: generating, by an access point (AP), a first group addressed frame and an individually addressed frame based on a multicast packet, where the first group addressed frame is encrypted by a first multicast key, and the individually addressed frame is encrypted by a unicast key of a second terminal.

Abstract: A device may receive, from a network device, a user equipment (UE) parameter update request notification indicating an update to a UE parameter of a universal subscriber identity module (USIM), and may generate an encrypted UE parameter update request. The device may cause the encrypted UE parameter update request to be provided to the USIM to cause the USIM to update the UE parameter and to generate an encrypted UE parameter update response. The device may receive, from the network device, the encrypted UE parameter update response, and may verify an authenticity of content of the encrypted UE parameter update response based on whether the encrypted UE parameter update response is signed by the USIM. The device may provide, to the network device, a result indicating whether the UE parameter is updated and whether the authenticity of the content of the encrypted UE parameter update response is verified.

Abstract: An information processing apparatus includes: a connection unit that establishes connection to a user terminal by wireless communication; an acquisition unit that acquires terminal identification information transmitted from the user terminal via the wireless communication when the user terminal has read an image used for a request for entry to a control target area; and a determination unit that determines whether or not to permit a user carrying the user terminal to enter the control target area based on the terminal identification information.

Abstract: An application managed by a provider is configured to run according to a selected usage scenario of a group of usage scenarios. The group of usage scenarios include a hard-partitioned usage scenario in which instances of the application are hard partitioned in correspondence with tenants of the provider. The group of usage scenarios include a soft-partitioned usage scenario in which the instances of the application are soft partitioned in correspondence with the tenants of the provider. The configured application is executed.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieving data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data that includes encrypted data, the encrypted data including access data that is encrypted using a service public key of a key management node; selecting a relay system node from a plurality of relay system nodes that share a service private key of the key management node; transmitting the request to the relay system node; receiving a response provided from the relay system node, the response including result data and a digital signature, wherein the digital signature is generated based on the result data and the service private key of the key management node; and transmitting the response to a client.