Abstract: Techniques for signer-initiated electronic document signing via an electronic signature service using a mobile or other client device are described. Example embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of documents and corresponding electronic signatures. In some embodiments, when a signer user receives a hard copy (e.g., paper) signature document, the signer may capture an image of the signature document with a camera of a mobile device. The signer can then import the captured image into the ESS for signature, storage, and/or transmission to other parties.

Abstract: An information processing apparatus switches alteration detection processing depending on timing of execution of alteration detection to perform alteration detection processing for each file to be accessed to detect an alteration in an extended application, and switches alteration detection execution determination processing depending on a type of access to an extended application package.

Abstract: A mobile application development environment may be maintained in association with a computing platform. A request to produce a binary of a first mobile application may be processed. The binary and a package configurable to cause the binary to have code-sign credentials associated with a first organization when the binary is uploaded to a mobile application provider may be produced. The binary and the package may be provided to the first organization.

Abstract: A device for engaging users in an advertisement and promotions campaign and a method and system for mobile device users to engage in multiple promotional campaigns by a single registration.

Abstract: Content screening operations, which can include watermark extraction and the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted by different devices that are connected via connectors such as HDMI (High-Definition Multimedia Interface (HDMI), analog composite video, DVI (Digital Visual Interface), SDI (Serial Digital Interface), DisplayPort, or networked via Ethernet or wireless. Authentication and encryption methods are disclosed that can be used to establish the trust and secure communication between devices that conduct collaborative content screening. Delegation architecture may be based on ascertained screening capabilities of the sink device wherein the source device verifies that the sink device is capable and trusted to perform partial or whole screening operations delegated by the source.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.

Abstract: An apparatus is adapted for implementing a method of creating a data chain, which can be cryptographically proven to contain valid data. The method includes creating a data chain with no elements, validating the data chain for nodes before accepting the data chain, verifying the size of close group to add the data chain, adding a data block to the data chain, removing old copies of entries from the data chain only if a chained consensus would not be broken, else maintaining the entry and marking it as deleted, validating a majority of pre-existing nodes and validating a signature of the data chain via the data chain of signed elements. The apparatus is operable to support a data communication system and provides a technical effect of making a data processing system robust against data corruption, data loss, failure in data communication synchronization and similar practical operational issues.

Abstract: Disclosed are various approaches for signing documents using mobile devices. A request is sent to a certificate authority for a signing certificate. The signing certificate is then received from the certificate authority. The signing certificate is then stored in the memory. Next, a file is received from a client application executed by the processor of the computing device. Then, the file is signed with the signing certificate to create a signed file. The signed file is then returned to the client application.

Abstract: An air-gapped system enables the secure transfer and control of digital assets, such as those associated with crypto-currency. The system includes an Integration Server for receiving requests from an application interface, a Central Control Center for verifying the requests received and authorizing the requests using digital signatures, and multiple Distributed Data Centers, each including a cold Data Center Hardware Security Module (DC HSM). These DC HSMs securely store and manage cryptographic keys. Each Data Center also includes an offline Processing Unit coupling its DC HSM to a dedicated Remote Controlled Server. The Remote Controlled Server receives requests from the Integration Server and forwards them to the Processing Unit of a DC HSM using a Near-Field Communication (NFC) Interface between the two. Preferably, the NFC interface is physically shielded to resist side channel attacks.

Abstract: A system and method for distributing watermarked media content assets wherein a main track of a media content asset is provided with a first watermarking payload and at least one variant track is provided with a second watermarking payload. A plurality of composite segments of the media content asset are generated for distribution, wherein each composite segment includes a portion of the main track and corresponding portion of at least one variant track. The composite segments may be uploaded to a delivery node operative to deliver segments responsive to a unique watermarking signature provided by a client controller operating in conjunction with a watermarking session manager.

Abstract: Examples disclosed herein relate to performing an action based on a pre-boot measurement of a firmware image. In an example, at a firmware component in a system, a measurement of a firmware image may be determined prior to booting of the system, beginning from a hardware root of trust boot block, by a Trusted Platform Module (TPM) emulator engine that emulates a hardware-based TPM. A pre-determined measurement of the firmware image may be retrieved from a storage location within the system. The measurement of the firmware image may be compared with the pre-determined measurement of the firmware image prior to booting of the system. In response to a determination that the measurement of the firmware image is different from the pre-determined measurement of the firmware image, performing an action.

Abstract: Authentication tokens, systems, and methods are described. An illustrative method is disclosed to include receiving an electronic file including a digital image, receiving biometric information that is associated with a person, modifying the electronic file with the biometric information such that one or more pixels in the digital image are replaced with the biometric information, and storing the modified electronic file as a digital authentication token to be used in connection with authorized publications of original digital work.

Abstract: An information processing device according to the present invention includes: a storage unit that stores a first unique value calculated for each portion of a program in advance; and an inspection unit that inspects whether or not there is a tampering in the portion by newly calculating a second unique value for the portion and comparing the first unique value with the second unique value.

Abstract: A verification method implemented by a first system including a plurality of computers, the method includes: calculating a first hash value for an original document; calculating a second hash value for an original document by using the first hash value; calculating a first modified version's first hash value for the first modified version document; calculating a first modified version's second hash value that is a hash value obtained by combining the first modified version's first hash value and the original document's second hash value; in response to a second modified version document obtained by modifying the first modified version document, calculating a second modified version's first hash value for the second modified version document; and calculating a second modified version's second hash value that is a hash value obtained by combining the second modified version's first hash value and the first modified version's second hash value.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Embodiments include generating a request for data from a data source, the request including plaintext data and encrypted data, the encrypted data including access data and a hash of the plaintext data, transmitting the request to a relay system component external to the blockchain network, receiving a result from the relay system component that is digitally signed using a private key of the relay system component, and verifying an integrity of the result based on a public key of the relay system component and a digital signature of the result.

Abstract: Methods and systems for generating electronic signatures are disclosed. In some embodiments, the method includes: storing pixel features of a signing device; capturing, via an imaging device, a plurality of image frames including the pixel features of the signing device; identifying in the plurality of image frames, by a processor, first pixels matching the stored pixel features of the signing device; generating, by the processor, a first image including the identified pixels; and connecting, by the processor, the identified pixels to form at least one line drawing representing a signature.

Abstract: Techniques are disclosed for software development on utility devices. In an example, a utility device, responsive to validating a manufacturer signature, transitions to an isolated development mode. When in the isolated development mode, the utility device is restricted from joining a network and receives an application from a development computing system. The utility device validates a network signature and transitions to a network testing mode. When in the network testing mode, the utility device joins the network, registers with a head end system via the network, and executes the application. After a threshold amount of time has lapsed the utility device transitions to the isolated development mode.

Abstract: A system and method for a computer system for the secure storage, transmittance and access of genetic data includes a coordinator server including a coordinator program arranged to update secure access information, the coordinator server being in communication with a genetic data sequencing server, a genetic data analysing server, and a genetic data storage server, whereby the coordinator server communicates the secure access information in a manner to allow the genetic data storage server to act as a proxy server between the genetic data sequencing server and the genetic data analysing server.

Abstract: The current disclosure is directed towards providing methods and mechanisms enabling computationally efficient cross-chain messaging and message validation between subchains of a large-scale decentralized network. In one example, the current disclosure provides for determining if a message generated by a first subchain, received at a second subchain, represents a valid, consensually generated message of the first subchain, by comparing the received message with a public-key-share list of the first subchain stored in the second subchain. In one example, the current disclosure provides for a method comprising receiving a first message from a first subchain at a smart contract of a second subchain, wherein the smart contract of the second subchain comprises a public-key-share list of the first subchain, determining if the first message is valid based on the public-key-share list, and executing a transaction based on the first message responsive to the first message being determined valid.

Abstract: To provision a client application on a client device, a user may be provided with a QR code, a one-time password, or a manual entry page for starting a credential provisioning process via a credential provisioning service provided by a credential provisioning server in a secure network. The client application may include information on trusted servers operating in the secure network. The credential provisioning server may operate to perform a sequence of actions to verify user credentials and determine, based on rules applicable to the user, the client device, or a combination thereof, whether the client application is to be provisioned on a client device. If so, the credential provisioning server may operate to generate a key pair, obtain a signed certificate, encrypt them, and send them to the client device such that the client application can use them to establish a mutual secure connection with a trusted server.

Abstract: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator, includes receiving, at the DP accelerator, first data representing a set of training data from a host processor; receiving, at the DP accelerator, a watermark kernel from the host processor; and executing the watermark kernel within the DP accelerator on an artificial intelligence (AI) model. The watermark kernel, when executed, is configured to: generate a watermark, train the AI model using the set of training data, and implant the watermark within the AI model during training of the AI model. The DP accelerator then transmits second data representing the trained AI model having the watermark implanted therein to the host processor. In an embodiment, the method further includes receiving a pre-trained AI model and the training is performed for the pre-trained AI model.

Abstract: An interface server (e.g., Web Application Open Platform Interface (WOPI) server) is communicatively connected to an information management (IM) server and to an online application server which acts as a client of the interface server. When a user wishes to open, create, or edit a document in an online application hosted by the online application server, the interface server is called, instead of the IM server which manages the document at the backend of an enterprise computing network. The interface server is configured for obtaining a working copy of the document from the IM server and providing the working copy to the client. The client provides the working copy to the online application for display on the user device. When the work is done, the working copy is sync'd back through the interface server to the IM server as a new draft and deleted by the interface server.

Abstract: A determination can be made that an item of confidential information has been removed from a record. A determination can be made that the record has the item of confidential information. The item of confidential information can be represented by an original value. A replacement value can be calculated. The replacement value can be a value of a transformation function applied to the original value. The replacement value can be testable for an existence of a digital signature, the digital signature to be derived from the replacement value. The record, in which the original value has been replaced by the replacement value can be used for a test. The test can be of a characteristic of an application. An ability to derive the digital signature from the replacement value can be an indication that the item of confidential information has been removed from the field.

Abstract: Embodiments describe apparatuses, systems, and methods for analyzing digital certificates. A system may scan the internet to identify all publicly available digital certificates. The system may further determine external information for individual digital certificates that is not found within the digital certificate. The system may store the external information and internal information that is found within the digital certificates. The system may run one or more queries on the stored information to identify one or more vulnerable digital certificates among a set of digital certificates associated with a client. For example, the system may identify differences between the internal information and/or external information among the digital certificates of the set and/or may compare the internal information and/or external information for the digital certificates of the set to expected information. Other embodiments may be described and claimed.

Abstract: Embodiments of the present disclosure describe methods, apparatuses, storage media, and systems for a device disposed at an edge of a vehicular communication network or vehicles within a coverage area of the device. The device is to generate a list of vehicle security data to be distributed to vehicles currently within a coverage area of the device, based at least in part on a context related to the vehicles. The device is further to announce, on a control channel communicatively coupling the device and the vehicles, that the list of vehicle security data are available and a service channel to receive the list of vehicle security data. The list of vehicle security data are to be provided to the vehicles via the service channel. Other embodiments may be described and claimed.

Abstract: Allowing a user access to a computer-controlled resource by transmitting an authentication challenge to a computing device of the user, receiving an authentication response as a human-inaudible acoustic signal automatically transmitted from the computing device without input from the user, and allowing access to the computer-controlled resource responsive to the received authentication response.

Abstract: A method and apparatus for use in a trusted network environment together or separately employ an implicit attestation that a requesting computing resource is in a trusted state before access to a network resource is granted. The method includes: verifying that a requesting computing resource is in a trusted state; accessing the private key using the released key authorization value; and creating a digital signature for the requesting device from the accessed private key. The apparatus may implement the method.

Abstract: Systems and methods are provided herein for redaction of artificial intelligence (AI) training documents. Data comprising an unredacted document is received. The unredacted document comprises a plurality of objects arranged according to a first topology. The unredacted document is parsed to identify objects either directly or relationally containing user sensitive information using a predetermined rule set based on the first topology. The user sensitive information within the unredacted document is substituted with placeholder information to generate a redacted document having a second topology. The second topology is substantially identical to the first topology. In some variations, the redacted document is provided to an AI model for training.

Abstract: Various embodiments relate methods performed by a processor of a computing system. An example method includes receiving an agreement associated with a signing party. A hash of the agreement is generated. A biometric sample captured from a signing party is received. Each of a hash of the agreement and the biometric sample is signcrypted using each of a signing party public/private key pair associated with the signing party, and a recipient public key of a recipient public/private key pair to generate a biometrics-based electronic signature token. A smart contract based on the agreement is generated. The smart contract includes the terms of the agreement, and the biometric-based electronic signature token, the biometric-based electronic signature token providing biometric-based pre-authorization by the signing party of a payment to be initiated by the smart contract in response to detecting performance of at least one of the terms of the agreement.

Abstract: Disclosed is an electronic device including a communication module that performs communication with at least one external device, a memory that stores a list in which identification information for at least one security application involving user authentication is listed, a processor electrically connected to the communication module and the memory, wherein the processor transmits information for factory reset to at least one external device associated with the security application based on the identification information on the list when a factory reset event of the electronic device occurs. In addition, various embodiments understood through the disclosure may be possible.

Abstract: A computerized system and method for obtaining a post-quantum security scheme, generating a one-time use signing key split into shares, each share of the one-time use signing key is stored in one computerized device of the multiple computerized devices, generating shares of a verification key using a function receiving a share of the signing key, generating a data structure, where each node of the data structure is associated with a share of the verification key, signing a message using the shares of the one-time use signing key, revealing the share of the verification key, and reconstructing at least a portion of the data structure to validate that the revealed share of the verification key is associated with the correct node of the data structure.

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.

Abstract: A method of authentication using surface paper texture includes steps of capturing a topographic pattern image of a surface of a region of interest of the paper artifact and extracting a plurality of specific features from the captured topographic pattern image. The method further identifies the location of the specific features of the paper artifact from the captured topographic pattern image. A bit map of the identified location of the specific features is generated. Then, a reference image of a reference bit map printed on the region of interest of the paper artifact is captured. Finally, the method compares the generated bit map with the captured reference bit map to generate a score. The score of the comparison determines the level of authentication. The method provides an offline method of authentication.

Abstract: A tampering detection system according to an embodiment includes one or more first terminals connectable to any of one or more peers and one or more detectors. The first terminal includes an acquiring unit acquiring a block hash in a blockchain from the peer, and a transmitting unit transmitting a first transaction record that contains a first digitally signed message containing the block hash and data based on a transaction content of the first terminal and contains a digital signature for the first digitally signed message, to the peer. The detector includes a receiving unit receiving the blockchain from the peer and a detecting unit detecting blockchain tampering if the digital signature contained in the first transaction record in a block of the blockchain is invalid or if the blockchain contains no block hashes identical to the block hash contained in the first transaction record in the block.

Abstract: A data-driven approach to network performance diagnosis and root-cause analysis is presented. By collecting and aggregating data attribute values across multiple components of a content delivery system and comparing against baselines for points of inspection, network performance diagnosis and root-cause analysis may be prioritized based on impact on content delivery. Recommended courses of action may be determined and provided based on the tracked network performance analysis at diagnosis points.

Abstract: A system for providing an application includes an interface and a processor. The interface is configured to receive an indication to provide an application to a device. The processor is configured to provide the application to the device. The application is configured to: receive a request for a list of valid credentials; determine a list of stored credentials; provide the list of stored credentials to a database system; receive an indication of revoked credentials from the database system; and determine the list of valid credentials based at least in part on the list of stored credentials and the revoked credentials.

Abstract: A database management system stores an entry in a journal. Upon storage of the entry, the journal comprises a plurality of threaded leaf nodes and a hierarchy of interior nodes comprising hash values computed from the threaded leaf nodes. A first set of hash values is provided to prove that the entry is stored in a first version of the journal. A second set is provided to prove that the entries stored in the first version of the journal are unmodified and stored in a second version of the journal.

Abstract: The exemplary embodiments are related to a device, a system, and a method for implementing a mechanism that is configured to prevent the unauthorized execution of software. A user device is configured to execute a feature access function corresponding to an application feature included in an application. The feature access function is configured to receive one of a plurality of values each time the application is launched. During operation, the feature access function receives a value and determines whether a condition is satisfied. When the condition is satisfied, the value is returned which indicates that execution of the application feature is permitted.

Abstract: Big data analysis methods and machine learning based models are used to provide offer recommendations to consumers that are probabilistically determined to be relevant to a given consumer. Machine learning based matching of user attributes and offer attributes is first performed to identify potentially relevant offers for a given consumer. A de-duplication process is then used to identify and eliminate any offers represented in the offer data that the consumer has already seen, has historically shown no interest in, has already accepted, that are directed to product or service types the user/consumer already owns, for which the user does not qualify, or that are otherwise deemed to be irrelevant to the consumer.

Abstract: Examples described herein relate to a system consistent with the disclosure. For instance, the system may comprise a printing device including hardware to form markings on a print medium, a memory resource, and a controller to receive a print job to form the markings on the print medium, render a page description language of the print job to form the markings, determine an object type image of the print job, designate pixels of the determined object type image to form a covert dot pattern on the image, and adjust colors of the designated pixels to form the covert dot pattern on the markings.

Abstract: Systems and methods for enhancing security during access and retrieval of data with multi-cloud storage are disclosed. A method includes: receiving, by a computing device, data to be stored in a distributed computing environment; compressing, by the computing device, the received data; shredding, by the computing device, the compressed data into a plurality of data chunks; storing, by the computing device, the plurality of data chunks in a plurality of locations in the distributed computing environment; generating, by the computing device, a metadata file including a mapping of each of the plurality of data chunks and a corresponding location of the plurality of locations in the distributed computing environment in which the data chunk is stored; shredding, by the computing device, the metadata file into a plurality of file chunks; and storing, by the computing device, the plurality of file chunks in the distributed computing environment.

Abstract: Various embodiments of methods, systems and computer program products described herein are directed to a Security Engine. The Security Engine provides for post-attack security upgrades of an application by selecting specific security hardening passes to be applied to a pre-attack state of the application. According to various embodiments, the Security Engine receives a pre-attack state of a first instance of an application in response to an action by an attack source. The Security Engine selects one or more security hardening passes to be applied to the pre-attack state. The Security Engine sends an identification of the selected security hardening passes to be applied to a second instance of the application running at the pre-attack state.

Abstract: Embodiments described include systems and methods for adding watermarks using an embedded browser. To provide protection to sensitive information from a network application rendered via an embedded browser of a client application, the client application can generate an overlay with a digital watermark, and apply the overlay over the embedded browser. The client application can selectively generate such overlays, and can customize the format of the digital watermark according to the information rendered on the embedded browser. The watermark can remain with any information that is imaged from the embedded browser, and provides a deterrent against misuse of the information via image capture from a computer screen for instance. By adjusting properties (e.g., contrast) of such an image, the watermark can be made visible and detectable, thus allowing such imaging activities and information to be tracked.

Abstract: A method for providing evidential data includes establishing one or more first secret tokens; obtaining one or more data items from one or more sensors; modifying the data item(s) with at least one of the first secret token(s) to provide one or more modified data items; generating a respective first hash value for each of the modified data item(s); generating a second hash value for a data set including each of the first hash values but excluding the data item(s); transmitting a first message including the data item(s), the first hash value(s) and the second hash value; obtaining one or more transaction identifiers which include one or more static identifiers; transmitting an indication of the static identifiers; and establishing one or more second secret tokens after transmission of the first message, the second secret token(s) for combining with one or more second data items for generating a second message.

Abstract: A method for collecting data from a group of entitled members. The method may include receiving, by a collection unit, a message and a message signature; validating, by the collection unit, whether the message was received from any of the entitled members of the group, without identifying the entitled member that sent the message; wherein the validating comprises applying a second plurality of mathematical operations on first group secrets, second group secrets and a first part of the message signature; and rejecting, by the collection unit, the message when validating that the message was not received from any entitled member of the group.

Abstract: A system and method for file type identification involving extraction of a file-print of a file, the file-print being a unique or practically-unique representation of statistical characteristics associated with the distribution of bits in the binary contents of the file, similar to a fingerprint. The file-print is then passed to a machine learning algorithm that has been trained to recognize file types from their file-prints. The machine learning algorithm returns a predicted file type and, in some cases, a probability of correctness of the prediction. The file may then be encoded using an encoding algorithm chosen based on the predicted file type.

Abstract: Embodiments of the present invention provide a system for executing, securing, and non-repudiation of pooled conditional smart contracts over a distributed blockchain network. In particular, the system may receive an instrument request from a beneficiary entity, where the instrument request includes an instrument amount. The system can then identify a lead contribution amount that a lead entity is willing to provide to meet a portion of the instrument amount. A set of supporting entities can be identified as willing to provide supporting contribution amounts to meet the remainder of the instrument amount. A conditional contract can be sent to each supporting entity that, when signed, authorizes the system to transfer contribution amounts, which may be in the form of cryptocurrency, from blockchain addresses of the lead and supporting entities to a blockchain address of the beneficiary entity. Once the instrument amount has been secured, the system executes the transactions.

Abstract: A method of verifying a recording of a live audition is provided that includes creating, by an audition server, an audition token associated with the live audition. The method includes saving a first record of the audition token and sending the audition token to a user device of a performer. The method includes receiving, by the audition server from the user device, the recording of the live audition associated with a received token. The method includes comparing a second record of the received token to the first record and verifying the recording of the live audition when the second record matches the first record. A system for verifying a recording of a live audition is provided. A live audition computer-implemented system is provided that includes an organizer database, a candidate database, and a recording and verification module to verify the recording as a unique trial.

Abstract: Systems and methods of authenticating voice data using a ledger (blockchain). Examples include a scalable and seamless system that uses blockchain technologies to distribute trust of a conversation, authenticate persons in a conversation, track their characteristics and also to keep records of conversations. In some examples, smart phones, wearables, and Internet-of-Things (IoT) devices can be used to record and track conversations between individuals. These devices can each be used to create entries for the blockchain or a single device could be used to keep track of the entirety of the conversation. Fuzzy hashing may be used to compare newly created entries with previous entries on the ledger.

Abstract: Provided is an anonymous account authentication method, apparatus and storage medium. The method may include receiving, from a user, an anonymous account authentication request, requesting a resource owner to perform authentication on a use permission of a resource using an anonymous account, obtaining a first version number of the resource owner according to the anonymous account authentication request, the first version number representing an identification number of a current version of an authentication policy table, obtaining a linear policy table based on the first version number matching a second version number, the second version number representing an identification number of a current version of the linear policy table, obtaining an authentication policy set associated with the resource from the linear policy table, and performing authentication by using the authentication policy set, the authentication policy set comprising at least one authentication policy.