Abstract: Examples include blocking an interface of a sponsor networking device from receiving data packets and receiving at the sponsor networking device an authentication packet from a first networking device. The first networking device is physically connected to the interface. Examples also include automatically setting by the first networking device, a unique local address for the first networking device; receiving, at the sponsor networking device, a local data packet from the first networking device, and translating, by the sponsor networking device, the local data packet to an off-fabric data packet.

Abstract: A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in response to a read request. Accordingly, each response generated by the smart tag will include a different TAC. It follows that interactions between the smart tag and a reading device can be authenticated as unique interactions if the TAC is validated as a unique and correct TAC.

Abstract: Embodiments are directed towards collecting, aggregating and indexing unique and non-unique user data from a plurality of users. The result for a query of this indexed aggregation of user data is provided in a plurality of sub-sets of aggregated user data. Each subset of aggregated user data corresponds to a particular portion of the plurality of users. Also, each of these particular portions of the users is set at least large enough to provide general anonymity for the individual users. User data may be collected by one or more user data suppliers and provided to a user data aggregator. In some embodiments, user data may be collected as unique user data, non-unique user data, or any combination thereof. In some embodiments, user data may be aggregated by zip code, expanded zip code, and/or one or more attributes.

Abstract: The present invention discloses methods and systems for redundantly securing data using an array of independent networks. Methods include the steps of: upon receiving a storage request and secret data for securely storing the secret data, independently requesting random data from each of at least one independent partner network out of an array of at least two independent partner networks; independently receiving the random data from each of at least one independent partner network, wherein respective random data is also stored on a respective independent partner network; cumulatively calculating complementary data as an encrypted form of the secret data with a complement function using the random data; and sending the complementary data to an independent storage partner network for storage, wherein the independent storage partner network is part of the array, and wherein the independent storage partner network is independent from at least one independent partner network.

Abstract: A method and system for bringing together online and offline advertising uses partner-encoded anonymous links that are associated with consumer data. The partner-encoded anonymous links allow processing without personally identifiable information (PII) in a secure environment. Data is matched using identifiers that are encrypted for use in connection with individual match distribution partners. The method and system allows a marketer to utilize offline data to precisely target advertisements without the use of PII, and to perform analytics concerning the use of the online advertisements to more precisely determine the effectiveness of multichannel marketing efforts.

Abstract: An example operation may include one or more of initiating, by a file verification device, verification of a source file or a redacted source file, executing one of a smart contract or chaincode to verify the chameleon hash signature and the auxiliary data hash signature, and providing a notification whether the verification was successful or unsuccessful. In response to initiating verification of the source file, the method further includes the file verification device receiving stored source file segments and stored auxiliary data segments, generating a chameleon hash signature, and generating an auxiliary data hash signature. In response to initiating verification of the redacted source file, the method further includes receiving stored redacted file segments, stored auxiliary data segments, and stored modified auxiliary data, generating a chameleon hash signature, and generating an auxiliary data hash signature.

Abstract: Network and/or application resources can be dynamically instantiated based on service attributes and/or network capabilities. In one aspect, a customized and/or localized core slice can be selected that can deliver the requested service with target performance parameters. According to an aspect, dynamic selection, control, and/or management reporting can be provided for core network slices. Moreover, optimal core network slice selection can be performed to reduce network transport costs and efficiently deliver various services using an optimal core slice that matches a service profile being requested by an end user and/or device.

Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for a single sign-on for services. The method includes: receiving, on a computer processor, user identification captured by a biometric device of a user; forwarding, by the computer processor, the user identification to an authentication server; receiving, on the computer processor, a user JSON Web Token (user-JWT), user principle name, active directory domain name, and user domain name password, upon authentication of the user by the authentication server; performing, by the computer processor, an active directory join operation with an active directory using the user principle name, the active directory domain name, and the user domain name password; launching, on the computer processor, a browser that communicates with the authentication server; and receiving, on the computer processor, an HTML page constructed with JavaScript code with clickable icons for provisioned services from the authentication server.

Abstract: An example operation may include one or more of determining, by a file redaction device, redacted segments of a source file, receiving, by a signature update device, the redacted source file segments, a stored trapdoor key, and stored auxiliary data segments, determining modified auxiliary data from the redacted source file segments, the trapdoor key and the auxiliary data segments, executing chaincode to obtain a modified auxiliary data signature and identifiers of the redacted source file segments, and storing the modified auxiliary data signature and identifiers of the redacted source file segments to a shared ledger of a blockchain network. Each stored auxiliary data segment including a random string of data corresponding to a segment of the source file.

Abstract: Implementations of this specification provide a method and an apparatus for creating a blockchain account and verifying blockchain transactions. An example method performed by a blockchain platform includes receiving a transaction, the transaction including at least an initiator field that specifies an account to be created, a receiver field that specifies a pre-determined field value, and a data field that specifies a user-defined key control rule. The user-defined key control rule includes at least one 3-tuple, and each 3-tuple includes a key identifier, an action identifier, and a permission setting. The blockchain platform seals the transaction into a block, and sends the sealed transaction to at least one other full node in the blockchain network.

Abstract: A client device accesses an online system using an authentication process when it is connected to a public network and not a private network. The client device requests access using an authentication broker via the public network. The authentication broker determines an authentication system and transmits identification information for the client device to the authentication system via the private network. The authentication broker receives an authentication vector generated by the authentication system via the private network, and receives a verification response from the client device via the public network. The verification response corresponds to a verification challenge generated based on the authentication vector by the authentication broker.

Abstract: A method for validating data structures includes generating and storing, at each of multiple intervals, a signature for each of multiple data structures, including a parent data structure and a child data structure. The method also includes, in response to a request to validate the child data structure, retrieving active state signatures of the parent and child data structures, and comparing the active state signatures. The method further includes, when the active state signatures are inconsistent, comparing the active state signature of the child data structure to a first prior state signature of the parent data structure; and when the active state signature of the child data structure is consistent with the first prior state signature of the parent data structure, notifying a user that the child data structure is a match for the parent data structure but out of sync therewith.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: recording position data for a mobile device over time, the position data being associated to an identifier of the mobile device; outputting to a user an identification code associated to the identifier; receiving input data from a user, the input data including the identification code and user identifying information from a user; responsively to the receiving the input data from a user associating the identification code and the user identifying information; based on the associating processing the position data and user profile data associated to the user identifying information; sending a message to the user based on a result of the processing.

Abstract: Techniques for obtaining electronic signatures via word processing applications are described. One approach utilizes a code module, also referred to as a “markup module,” that executes within a word processing application and that facilitates the preparation of a document for electronic signature. A user can operate the word processing application together with the markup module in order to add signature tag markers to the document and to provide recipient information about intended signers, such as names and email addresses. Once the document has been prepared, the code module transmits the document (including the added signature tag markers) and the recipient information to a digital transaction service. The digital transaction service then manages the signing of the document, such as by notifying the recipient, receiving the recipient's signature and securely storing the signature in association with the document.

Abstract: The invention relates to a method and an apparatus for encrypted communication between a client and a server, wherein the communication comprises request messages, each with request elements, and response messages, each with response elements. Request elements and response elements can comprise data. It is an object of the invention to hamper or prevent unauthorized access to the data during communication and also during storage and processing on the server. In this case, it is assumed that the communication channel and also the server itself are not trustworthy and neither client nor server provide measures or are adaptable in order to counter said risks of unauthorized access, for example by means of cryptographic methods.

Abstract: Systems and methods for dynamic application level encryption are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for dynamic application level encryption include: (1) receiving a plurality of data classification rules; (2) classifying data using the data classification rules; (3) identifying at least one protection option of a plurality of protection options for protecting the data in at least a rest state, an in-transit state, and an in-memory state; and (4) applying the at least one protection option to the data at rest.

Abstract: A system and method for responding to changes in social traffic in a geographic area receives, via an electronic communications interface, information describing a geographic area and one or more attributes of people expected to be in the geographic area. A geofence is defined based on the information describing the geographic area, and a cohort of people expected to be in the geofence is defined based on the one or more attributes. Information from a sensor regarding an attribute of a person at a geographic location is received via an electronic communications network. Based on the attribute, a determination is made whether or not the person is a member of the cohort of people expected to be in the geofence. An alert may be triggered based at least in part on whether or not the person is a member of the cohort of people expected to be in the geofence.

Abstract: Methods and apparatus for ensuring protection of transferred content. In one embodiment, content is transferred while enabling a network operator (e.g., MSO) to control and change rights and restrictions at any time, and irrespective of subsequent transfers. This is accomplished in one implementation by providing a premises device configured to receive content in a first encryption format and encodes using a first codec, with an ability to transcrypt and/or transcode the content into an encryption format and encoding format compatible with a device which requests the content therefrom (e.g., from PowerKey/MPEG-2 content to DRM/MPEG-4 content). The premises device uses the same content key to encrypt the content as is used by the requesting device to decrypt the content.

Abstract: A system and method for encryption and decryption of data is disclosed. The decryption system provides access to remotely stored data items, each of the data items being independently accessible. At least a subset of the remotely stored data items are encrypted and each encrypted data item has an associated access condition. Upon a client requesting access to a remotely stored data item, the decryption system is arranged provide non-encrypted data items and for encrypted data items provide a decrypted data item if the associated access condition is met.

Abstract: A method for verifying trusted communication between an agent device and an application providing apparatus using a registry apparatus. The registry apparatus maintains a device registry comprising authentication information for uniquely authenticating at least one agent device. The method includes the steps of obtaining from the device registry the authentication information for the agent device identified by a device identifier specified in an the authentication request from the agent device, performing verification of the agent device using the authentication information obtained from the device registry, and if the verification is not successful, transmitting to at least one of the agent device and the application providing apparatus revocation information for denying the trusted communication between the agent device and the application providing apparatus.

Abstract: Techniques for sorting encrypted data within a software as a service (SaaS) environment. Data is encrypted on a per symbol basis with a symbol based encryption module. Sort and search functionality preserving encryption that allows other modules to sort tokens and to search for tokens is provided. Encrypted tokens that have been encrypted by the symbol based encryption module are stored in a database. Access to the encrypted tokens is provided through the SaaS environment.

Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web application may execute in a web browser at a client computing device. The web browser may generate a document comprising a secure display element. The web browser may request to render the document at the client computing device. A cryptographic tool of the web browser may decrypt the first encrypted value to generate a first clear value. The web browser may render the document at an output device of the client computing device using the clear value. The web browser may also be programmed to prevent the web application from accessing the first clear value.

Abstract: An approach is provided in which a system analyzes a first set of data to derive a first distribution output that is based on a first conjugated distribution corresponding to the first set of data and a domain class model. The system utilizes the first distribution output as a baseline input to generate a second conjugated distribution corresponding to a second set of data and the domain class model. Next, the system derives a second distribution output of the second set of data based on the second conjugated distribution. The second distribution output identifies at least one personally identifiable information (PII) data field corresponding to the second set of data that was not identified as a PII data field in the domain class model. In turn, the system tags at least a portion of the second set of data as PII based on the derived second distribution output.

Abstract: A non-transitory computer-readable storage medium storing a control program that causes a computer to execute a process including receiving specified information generated in response to reception of an acquisition request of data from a terminal device that decrypts an encrypted data corresponding to the data, and identification information on the terminal device, determining whether or not the specified information is stored, in a storage unit, in association with the received identification information on the terminal device that has sent the acquisition request, the storage unit storing the specified information to be generated in association with the identification information on a terminal device for which a data acquisition is permitted for each of the plurality of pieces of data, and transmitting information that permits decryption of the encrypted data corresponding to the data to the terminal device when the specified information is stored in association with the received identification information.

Abstract: An authentication control method, system, and computer program product, includes performing an initial calibration to login to a registered device by detecting a plurality of biological signals, biometric signals, and idiosyncratic signals of a user and selecting a combination of the plurality of biological signals, biometric signals, and idiosyncratic signals to use in an initial calibration-authentication score, computing a login-authentication score at a time of the login based on a user input of signals corresponding to the signals of the initial calibration-authentication score, and allowing the login to the registered device if the login-authentication score is within a predetermined threshold of the initial calibration-authentication score.

Abstract: A system includes a read/write controller removably coupled to a storage drive. Responsive to detection of a coupling between the read/write controller and the storage drive, the read/write controller retrieves key information from the storage drive, uses the key information to locate adaptives associated with the primary storage medium, and loads the adaptives into volatile memory to configure read/write settings for access to the primary storage medium.

Abstract: A method, an apparatus, and a system for authenticating a WI-FI network, where a terminal sends, to an associated authentication center when the WI-FI network exists in an area in which the terminal is located, a request message that carries a user identifier, receives access verification information allocated to a user represented by the first user identifier from the associated authentication center, sends, to a WI-FI authentication center, a login request that carries the access verification information, receives authentication information obtained and fed back by the WI-FI authentication center carrying a user identifier corresponding to the access verification information, and determines that the WI-FI network is a secure network when the user identifier carried in the authentication information is the same as the user identifier carried in the request message.

Abstract: An information processing apparatus, including a function of mandatory access control, includes a storage unit that stores a security policy for managing access by the mandatory access control, an obtaining unit that obtains information on vulnerability of an application, and an updating unit that updates the security policy by a function of a kernel thread in accordance with the information obtained by the obtaining unit.

Abstract: Described is a system for secure database searching. The system comprises a client-server architecture which allows a client to securely search a database of records possessed by a server. A database query is generated by the client and transmitted to the server. The database query is processed by the server using a privacy-preserving search protocol. An encrypted match result is produced by the server without decrypting the database query. The encrypted match result is sent to the client, and the client decrypts the encrypted match result to obtain a set of block identifiers representing blocks of records in the database that match the database query. The client obtains a block of encrypted records containing match results using only the set of block identifiers. The match results are decrypted by the client using a key obtained from the server. The unencrypted match results to the database query are then output.

Abstract: The present disclosure describes a system for saving metadata on files and using attribute data files inside a computing system to enhance the ability to provide user interfaces based on actions associated with non-executable attachments like text and document files from untrusted emails, to block execution of potentially harmful executable object downloads and files based on geographic location, and to a create a prompt for users to decide whether to continue execution of potentially harmful executable object downloads and files. The system also records user behavior on reactions to suspicious applications and documents by transmitting a set of attribute data in an attribute data file corresponding to suspicious applications or documents to a server. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: Techniques are described for sampling across trusted and untrusted distributed components. In accordance with embodiments, a first computing device receives a request from a second computing device, the first request including an operation identifier (ID) and a sampling ID that was generated by transforming a telemetry scope ID from a first value in a first domain to a second value in a second domain. The transformation may serve to anonymize and compress the telemetry scope ID. The first computing device determines whether or not to sample by comparing a ratio between the sampling ID and a size of the second domain with a sampling rate associated with the first computing device. The first computing device records telemetry about its processing of the first request in response to determining to sample and does not record any telemetry about its processing of the first request in response to determining not to sample.

Abstract: A computing device stores code associated with a computing function in a protected computing environment, such as a trusted execution environment, wherein the computing function is attested by a code measurement service associated with the protected computing environment. The computing device links the computing function to a secret stored in a hardware security module (HSM), the secret to enable execution of the computing function in the protected computing environment.

Abstract: Network and/or application resources can be dynamically instantiated based on service attributes and/or network capabilities. In one aspect, a customized and/or localized core slice can be selected that can deliver the requested service with target performance parameters. According to an aspect, dynamic selection, control, and/or management reporting can be provided for core network slices. Moreover, optimal core network slice selection can be performed to reduce network transport costs and efficiently deliver various services using an optimal core slice that matches a service profile being requested by an end user and/or device.

Abstract: Embodiments include apparatuses, methods, and systems including a wireless display system to provide digital right management secure content to a display receiver device. The display transmitter device may determine to provide a decryption and presentation license for the display receiver device based on the DRM credential and the DRM scheme of the display receiver device. The display transmitter device may further pass through the secure DRM content to the display receiver device based on provision of the decryption and presentation license, wherein the secure DRM content is passed through the display transmitter device without transcription by the display transmitter device. Other embodiments may also be described and claimed.

Abstract: A provisioning system provisions a mobile software application to one or more remotely-located mobile computing devices. The remotely-located mobile computing devices may each have a native operating system. The mobile software application may include executable program code and a structured document such that the executable program code and structured document together instantiate at least a portion of the functionality provided by the mobile application. Moreover, in some embodiments, when the requested and sent mobile application is executed by a requesting mobile device, the structured document is parsed into a Document Object Model tree structure which when updated, updates at least in part the running state of the mobile application.

Abstract: Systems and methods are provided executing jobs immediately upon receipt of a notification. The systems and methods may include receiving, at a cloud compute service, a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating, by the cloud compute service, a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.

Abstract: A method for execution by a dispersed storage and task (DST) client module includes obtaining a data identifier for slice location identification. A source name corresponding to the data identifier is identified. A plurality of data segments are identified based on the source name. A set of slice names are generated for each of the plurality of data segments. A set of DST execution units are identified based on the sets of slice names. A set of query requests are generated for each data segment for transmission to the set of DST execution units. Query responses are received from the set of DST execution units. A storage record is generated that includes storage location information of the query responses. Migration of at least some encoded data slices associated with the sets of slice names is facilitated when the storage record compares unfavorably to a storage record requirement.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic end-to-end integrity for data repositories in an on-demand services environment, where a database system-implemented method includes receiving, by the database system, a content file and metadata to be submitted to a data repository of the database system. The content file may include content, where the metadata may include identifying data associated with at least one of the content and a user associated with the content. The method may include verifying, by the database system, the identifying data of the metadata. The verification of the identifying data represents authentication of at least one of the user and the content. The method may include submitting, by the database system, the content file and the metadata to the data repository, upon authentication of at least one of the user and the content via successful verification of the identifying data.

Abstract: Techniques for in-line filtering of insecure or unwanted mobile components or communications (e.g., insecure or unwanted behaviors associated with applications for mobile devices (“apps”), updates for apps, communications to/from apps, operating system components/updates for mobile devices, etc.) for mobile devices are disclosed. In some embodiments, in-line filtering of apps for mobile devices includes intercepting a request for downloading an application to a mobile device; and modifying a response to the request for downloading the application to the mobile device. In some embodiments, the response includes a notification that the application cannot be downloaded due to an application risk policy violation.

Abstract: An execution of a data object is identified by a computing device. In response to identifying the execution of the data object, it is determined that the data object has requested a sensitive action of the computing device before interacting with a user of the computing device. In response to determining that the data object has requested the sensitive action, the data object is classified as a high-risk data object.

Abstract: Providing an electronic message includes constructing a first digital signature of the message and a personal secret known only to a sender of the message, constructing a second digital signature of the first digital signature and the message, and sending to a receiver the message, the first digital signature, and the second digital signature. The personal secret may be initially generated by the sender. The personal secret may be a pseudo-random number. The receiver may archive the message, the first signature, and the second signature. In response to a challenge, the message and the first and second signatures sent with the message may be compared using first and second signatures reconstructed by the sender. In response to at least one of the message and the first signature not matching, the message may be repudiated. Otherwise, the message may be validated. The sender may be a cell phone.

Abstract: The technology disclosed describes systems and methods for optimizing delivery of form factor specific content for users in different environments, such as desktop computer browsers and mobile device applications. The technology further discloses systems and methods for providing support for developers whose goal is to render specific implementations of a user interface to deliver distinct user interface experiences.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: recording position data for a mobile device over time, the position data being associated to an identifier of the mobile device; outputting to a user an identification code associated to the identifier; receiving input data from a user, the input data including the identification code and user identifying information from a user; responsively to the receiving the input data from a user associating the identification code and the user identifying information; based on the associating processing the position data and user profile data associated to the user identifying information; sending a message to the user based on a result of the processing.

Abstract: Disclosed are a system and techniques for identity and electronic signature verification that utilizes blockchain technology. An enterprise system enables computing devices to engage the enterprise and prospective users for the purposes of executing a document or a smart contract. Users may obtain a computer application from an enterprise system and may utilize the computer application to retrieve a document or select a smart contract. The identity of all users who execute the document may be verified based on an authentication by a trusted independent system. Information related to the respective signers, the document or smart contract, and the authentication may be stored as transactions in a blockchain. The transactions may be stored in the blockchain under a user's address, a document or smart contract address, or a digital wallet, if available.

Abstract: Examples herein involve fault tolerance in a shared memory. In examples herein, a metadata store of a shared memory indicating versions of data partitions of a resilient distributed dataset and a valid flag for the partitions of the resilient distributed dataset are used to achieve fault tolerance and/or recover from faults in the share memory.

Abstract: Technologies for performing security monitoring services of a network functions virtualization (NFV) security architecture that includes an NVF security services controller and one or more NFV security services agents. The NFV security services controller is configured to transmit a security monitoring policy to the NFV security services agents and enforce the security monitoring policy at the NFV security services agents. The NFV security services agents are configured to monitor telemetry data and package at least a portion of the telemetry for transmission to an NFV security monitoring analytics system of the NFV security architecture for security threat analysis. Other embodiments are described and claimed.

Abstract: The disclosed method and system allow a user to conveniently access a webpage using a short code without typing a web address. To solicit a user to see a webpage, the user will be given a short code that is easy to remember instead of a full web address. Later, the user will send the code to a directing server, where a corresponding relationship between the short code and the intended web address has been previously recorded, and the user will be directed to the webpage. The supply of easy-to-memorize short codes is limited by the possible number of combinations of a few digits; however, this method and system can be universally used without feeling the lack of available codes because each short code is designed to be valid only in a limited geographic area and for a limited time frame.

Abstract: A system and method for performing runtime de-obfuscation of obfuscated malicious software code in a virtual machine is described. According to one embodiment, the method involves enumerating a first physical page associated with a first virtual address space of a first piece of analyzed software code. Herein, the first virtual address space is a portion of a virtual address space associated with the virtual machine. Thereafter, the first physical page is set a non-writable permission. Hence, upon detection of a write to the first physical page by the first piece of analyzed software code, a determination can be made that the first piece of analyzed software code may be categorized as malicious software code.

Abstract: Methods and apparatus for providing authentication of information of a user are described. Upon validation of this information, a first hash function is applied to the user's information to create a hash. A public attest key is generated by combining the hash of the user's information with one or more public keys. An attestation address is generated based on the public attest key. A signed transaction which includes the attest key is communicated for storage in a centralized or distributed ledger at the attestation address.

Abstract: A method of providing access to content at a first device, the method comprising: receiving an item of content, wherein at least part of the item of content is encrypted, the encrypted at least part of the item of content being decryptable using at least one decryption key; in a first software client: obtaining a transformed version of the at least one decryption key; performing a decryption operation on the encrypted at least part of the item of content based on the at least one decryption key to obtain an intermediate version of the at least part of the item of content, wherein said performing the decryption operation uses a white-box implementation of the decryption operation that forms part of the first software client and that operates using the transformed version of the at least one decryption key; and performing an encryption operation on at least a portion of the intermediate version based on at least one encryption key to obtain re-encrypted content, wherein said performing the encryption operation