Abstract: According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

Abstract: A method and system are described for enhancing the security of calls made by a member of a controlled environment to an outside party, particularly when the outside party communicates via a cellular phone. An application is provided for the cellular device, which must communicate and register with a calling platform of the controlled environment. Certain elements of personal verification data are obtained by the user of the cellular device and stored at the calling platform for later reference. Calls from the inmate to the cellular device cause the calling platform to issue a notification to the user via the application. The user verifies his/her identity using the application, after which the call can be connected. As a further security measure, certain conditions can be required and periodically checked during the call to ensure the user remains verified.

Abstract: This disclosure relates to improved sketch-based image retrieval (SBIR) techniques. The SBIR techniques utilize a neural network architecture to train a domain migration function and a hashing function. The domain migration function is configured to transform sketches into synthetic images, and the hashing function is configured to generate hash codes from synthetic images and authentic images in a manner that preserves semantic consistency across the sketch and image domains. The hash codes generated from the synthetic images can be used for accurately identifying and retrieving authentic images corresponding to sketch queries, or vice versa.

Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may be configured to identify risks of the RTAP systems. For example, the device may compare a plurality of attack signatures, from configuration settings of an application protection system to a plurality of defects from a defect data store; determine that at least one configuration setting of the application protection system corresponding to an application does not include protections for at least one defect of the plurality of defects; and in response to determine that the at least one configuration setting of the application protection system does not include protections for the at least one defect, generate an alert corresponding to the at least one defect.

Abstract: A system and method for efficiently managing an executable environment involving multiple code-sign certificate chains. The system and method include receiving, by one or more processors and from a client device, a request for information to verify an authorization of a code bundle, the code bundle associated with a first signed code segment and a second signed code segment. The system and method include generating, by one or more processors, a list of certificates associated with the code bundle. The system and method include transmitting, by the one or more processors and to the client device, a message comprising the list of certificates, the message causing the client device to verify the code bundle based on the list of certificates.

Abstract: Structured documents are processed using convolutional neural networks. For example, the processing can include receiving a rendered form of a structured document; mapping a grid of cells to the rendered form; assigning a respective numeric embedding to each cell in the grid, comprising, for each cell: identifying content in the structured document that corresponds to a portion of the rendered form that is mapped to the cell, mapping the identified content to a numeric embedding for the identified content, and assigning the numeric embedding for the identified content to the cell; generating a matrix representation of the structured document from the numeric embeddings assigned to the cells of the grids; and generating neural network features of the structured document by processing the matrix representation of the structured document through a subnetwork comprising one or more convolutional neural network layers.

Abstract: A first electronic device of the present invention comprises at least one communication circuitry, at least one display, at least one memory configured to store instructions, and at least one processor operatively coupled with the at least one communication circuitry and the at least one display. The processor is configured to (1) access to a first server for a navigation service through an application for the navigation service linked with a first account for accessing to a second server, (2) receive a user input through the application, (3) transmit, via the first server to a second electronic device of a second user that is authenticated through the application linked with a second account for accessing to the second server, a message, (4) periodically transmit, via the first server to the second electronic device, information, and (5) display a positional relationship between the two electronic devices over an electronic map.

Abstract: A method of controlling a building system is provided. The method comprising: receiving an action request to adjust a building device from a user device; obtaining a token from a previous action request from the user device to adjust the building device when a token exists from a previous action request; transmitting the token for validation within the building device; and adjusting the building device when the token has been validated.

Abstract: Techniques disclosed herein relate to the pairing of a pairing initiator device and a pairing responder device for communication. The pairing initiator device and the pairing responder device range with each other to determine the distance between the pairing initiator device and the pairing responder device. Based on the distance being below a threshold distance, the pairing initiator device and the pairing responder device wirelessly pair with each other without further input from the user.

Abstract: Systems and methods of cryptographic key distribution in a plurality of networks, including: sharing, by a first device, a first portion of a first cryptographic key controlled by a server with a second device, sharing, by the second device, a first portion of a second cryptographic key with the first device, signing a first transaction on a first network with data exchange from a first threshold signature address controlled by the first device, to a third address when one or more details of the first transaction are validated by the server; and signing a second transaction on a second network with data exchange from the second threshold signature address controlled by the second device to a fourth address when one or more details of the second transaction are validated by the server.

Abstract: A video processing engine may receive a request for a video communication session, via a network to produce a video file key that is routed to the video camera. If the video camera is communicatively connected to a Wi-Fi 6 compatible wireless access point, it routes a high-quality video file to the Network Operation Center (NOC). Alternatively, using the video key file, the video camera generates message digests and watermarks that are embedded in a video camera generated high-quality video file and a degraded quality video file. The video camera routes, via the network, the degraded quality video file to the NOC, while the high-quality video file is uploaded to the NOC later. Subsequently, a video processing engine extracts the watermarks from the message digests of the video files and compares them to ensure that the high-quality video file correlates to the degraded quality video file.

Abstract: By analyzing a content of a first message, a confidentiality level of the first message is determined. An encryption rule for a first computational complexity level corresponding to the confidentiality level of the first message is selected. The first message is encoded according to the encryption rule. The encoded first message and the confidentiality level of the first message are caused to be sent to a recipient.

Abstract: Techniques are described for managing access to data stored in a blockchain, and for managing the communication of blockchain data to other entities. A private key may be generated and issued to an external entity to enable the external entity to access an internal (e.g., private blockchain). The external entity may be an external (e.g., public) blockchain, device, process, or user that is outside an internal network. The key may be associated with metadata that includes constraints, conditions, or rules governing access to the blockchain. An authorized entity may employ the key to request access to the blockchain via access management module(s), and the access management module(s) may employ the metadata to determine whether to approve the request. The access management module(s) may also employ rules governing outbound communication of data from internal blockchain(s) to external entities.

Abstract: A user authorization device (or UAD) physically connected to a user's router to aid in the authentication of the user. A bank server polls the user's router to verify that the UAD is connected to the router before granting the user the capability to perform transactions on the user's account that would be otherwise restricted. The bank server implements a set of policies designed by the user that require the UAD to be present for some transactions with the account to be performed. The presence of this device thus adds an extra layer of security to such financial transactions beyond the use of a username and password.

Abstract: This document generally describes computer systems, processes, program products, and devices for the rapid and automated collection, storage, and analysis of network events to provide improved and enhanced security analysis. The system can include an extensible framework for pipelines to process, normalize, and decorate network events created in response to network activity, which can permit the system to readily scale up and down to ingest large volumes and variations in network activity. For example, pipeline can match data in the network events with stored Indicators of Compromise (IoCs) and decorate the network events with the IoCs before the network events are stored and subsequently analyzed.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: provide a permission list; allocate an executable, the executable to have permissions according to the permission list; designate a child object of the executable; allocate a certificate for the child object; and after a system reboot, grant the child object permissions of the executable after validating the certificate.

Abstract: A method and system for securing instantiates. The method includes determining at least one signable file among a plurality of files of an instantiate, wherein determining the at least one signable file further comprises classifying each of the plurality of files with respect to whether the file is changed at runtime; signing each of the at least one signable file to create at least one first signature, wherein signing the plurality of files further comprises computing a cryptographic hash for each file, wherein each encrypted hash is signed using a private key; and verifying an identity of the instantiate using the at least one first signature, wherein verifying the identity of the instantiate further comprises comparing the at least one first signature to the at least one second signature, wherein each of the at least one second signature is a signature of one of the at least one signable file at runtime.

Abstract: Methods and apparatus to establish secure low energy wireless communications in a process control system are disclosed. An example field device includes a Bluetooth Low Energy (BLE) interface to receive a first initialization message from a remote device over an unpaired BLE connection. The first initialization message includes a plaintext message containing authentication content. The authentication content is generated based on a private authentication token available to the remote device using middleware. The field device also includes a BLE message analyzer to validate the plaintext message based on the authentication content using the authentication token stored by the field device.

Abstract: The present invention concerns the field of software verification, in particular to check whether the run-time integrity of a software application can be demonstrated.

Abstract: Generally discussed herein are systems, apparatuses, and methods for cyber resiliency. An apparatus can include one or more memory devices including a plurality of instruction sets corresponding to respective application variants stored thereon, one of the application variants including an unmodified version of an application, and one of the application variants including a modified version of the application including the application altered to be resistant to a specified type of cyberattack, processing circuitry to execute the application variants based on a same input, and generate an output, and a monitor to compare output from each of the application variants, and in response to detecting that the output from an application variant of the application variants is not equal to the output from other application variants of the application variants executing a time delayed version of the application variants or restoring the application variants to a known good operating state.

Abstract: A memory system, comprising: i) a first electronic device comprising a processor, ii) a second electronic device being external to the first electronic device and comprising a memory, wherein the memory stores a memory image over at least a part of a data set stored on the memory, and iii) a hash value related to the memory image. The first electronic device and the second electronic device are coupled such that the processor has at least partial control over the second electronic device. The processor is configured to, when updating the data set stored on the memory of the second electronic device, also update the hash value related to the memory image using an incremental hashing operation so that only those parts of the memory image are processed that have changed.

Abstract: Methods, systems, and apparatus, including computer-readable media encoded with computer program instructions, for a decentralized application ecosystem and data sharing platform. In some implementations, a system stores data for different individuals in different logical data storage areas. The system stores data indicating a set of predetermined data classifications, and for at least some of the data storage areas, the system determines and stores data classifications for data stored in an encrypted form in the data storage area. The system provides an application programming interface (API) that enables multiple different applications to access the data storage areas over a communication network. The system is configured to (i) provide access through the API to the data of data storage areas, conditioned on applications providing authorization tokens, and (ii) provide access through the API to the data classifications in the metadata that is not conditioned on providing authorization tokens.

Abstract: An electronic resource tracking and storage computer system is provided that communicates with a distributed blockchain computing system that includes multiple computing nodes. The system includes a storage system, a transceiver, and a processing system. The storage system includes an resource repository and transaction repository that stores submitted blockchain transactions. A new resource issuance request is received, and a new resource is added to the resource repository in response. A new blockchain transaction is generated and published to the blockchain. In correspondence with publishing to the blockchain, the transaction storage is updated with information that makes up the blockchain transaction and some information that was not included as part of the blockchain transaction. The transaction storage is updated when the blockchain is determined to have validated the previously submitted blockchain transaction.

Abstract: Vision sensor dynamic watermarking via noise characterization are disclosed herein. An example device can capture an image by a first device, where the image comprising a pixel group has baseline noise characterization caused by a base noise profile for the first device. The device can produce a noise watermark to create a watermarked image, where the noise watermark can be produced by altering the baseline noise characterization to produce modified noise characterization. The device can also transmit the watermarked image to a receiver.

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.

Abstract: A method of secure data export from an automotive ECU to a requesting entity includes receiving a signed request, the request transmitting a first public encryption key. The signature is verified using a second public key stored in the automotive ECU. Further, the requesting entity is authenticated. Only upon successful verification and authentication the automotive ECU generates a random symmetric key for encrypting the data to be exported. The symmetric key is encrypted using the first public key received in the request, and unencrypted data is deleted. The encrypted data is exported to the requesting entity, which decrypts the symmetric key using a first private key associated with the first public key, and decrypts the data encrypted with the symmetric key.

Abstract: Identity authentication method, system, and computing device are disclosed. The method includes: an identity authentication method is provided, which includes: a first device establishing a communication connection with a second device, and obtaining encrypted information through the Internet, where the first device is a device that is allowed to access the Internet, and the second device is a device that is not allowed to access the Internet; the first device encrypting identity information of an account that is logged into the second device by using the encrypted information, and sending the encrypted identity information to the second device; and the first device receiving a verification result that is returned by the second device, wherein the second device verifies the encrypted identity information based on verification information.

Abstract: A cork upon which a password or code is printed which provides access to a website with information about the product.

Abstract: A method includes identifying a plurality of vehicles within a geographic area; transmitting a first signal to a device of a customer, the first signal being configured to control each of the plurality of vehicles; receiving a selection of a vehicle from among the plurality of vehicles; and transmitting a second signal to the device in response to receiving the selection, the second signal modifying the first signal to be disabled from controlling the plurality of vehicles except the selected vehicle.

Abstract: Systems and methods relating to a platform for creating, monitoring, updating, and executing legal agreements for data files such as a collaborate digital media file using associated metadata. The platform enables music publishing agreements to be generated automatically by taking metadata from a DAW (digital audio workstation) that reflects the activity and contributions of each author associated with a file. Authorship metadata can be recorded on a ledger or blockchain by the platform. The platform enables calculation and disbursement of royalties to be automated by algorithmic determination of terms of an authenticated smart contract using authorship metadata for an associated media file generating the royalty. Authors may concurrently contribute from across a variety of different DAWs, local and remote, and computing resources may be distributed by the platform.

Abstract: Presentation of multimedia content comprising at least one advertisement and at least a portion of metadata pertaining to the at least one advertisement is detected. A spoken utterance of a user is detected. A computer-understandable meaning of the spoken utterance by performing natural language processing on the spoken utterance. Whether the spoken utterance pertains to a product or service indicated in the at least one advertisement can be determined by comparing the computer-understandable meaning of the spoken utterance to the at least the portion of metadata pertaining to the at least one advertisement and whether the computer-understandable meaning of the spoken utterance indicates that the user chooses to order the product or service indicated in the at least one advertisement can be determined. If both determinations are affirmative, an order for the product or service indicated in the at least one advertisement can be automatically placed.

Abstract: A blockchain maintenance record system for managing maintenance records of a system, the blockchain maintenance record system including: a part identification tag configured to be located on a part; an application operable through a mobile computing device, the mobile computing device being configured to read the part identification tag, wherein the application is configured to perform operations including; determining a part identity of the part by reading the part identification tag; detecting a location of the system; organizing the part identity of the part and the location of the part into a maintenance data package receipt; and uploading the maintenance data package receipt into a blockchain network.

Abstract: According to an example embodiment of the invention, there is provided a system for providing access to access restricted content to a user, the system including a communication arrangement operable to receive a content request message, the content request message including a content identifier, a processor configured to cause a first determination to be performed to yield a positive or a negative result, a validation module configured to, in response to the first determination yielding a positive result, obtain a first digital rights management key, the processor being further configured to cause a second determination to be performed to yield a positive or a negative result, and responsive to the first and second determinations yielding a positive result, the validation module is configured to cause access to the access restricted content to be provided to the user.

Abstract: Embodiments of the present subject matter relate to implementation of a decentralized platform for deploying at least one AI (Artificial Intelligence) model. A SaaS interface is configured in a network for publishing the at least one AI model and a genesis block of a blockchain is created for the at least one AI model. Upon achieving a consensus amongst a plurality of validators in the network, the blockchain is updated and broadcasted to the network participants. Further, the at least one AI model is used as a Non Fungible Token (NFT) on the blockchain. A smart contract is generated based on a corresponding differential creativity score for the AI model The smart contract is subsequently used for creating a new block on the public blockchain.

Abstract: Disclosed is a method for the secure storage, in a network, of a container image in a container registry, including sending a container image, this container image corresponding to an initial state of a client machine environment which can subsequently be used to execute this container, from a client machine of the network to a container registry of a server machine of the network remote from the client machine. The method also includes encrypting this container image, carried out in the random access memory of the client machine before sending to the server machine, so that the container image is already encrypted when received by the container registry for storage therein, and in that the encryption key of this container image is usable in the random access memory of the client machine, inaccessible in the mass storage of the client machine, and inaccessible on the server machine.

Abstract: A Quantum Digital Signature (QDS)-based mail system and a transceiving method are provided. The system is a three-layer structure formed by a physical layer, a key layer, and an application layer. The physical layer is a key generation terminal and is used to generate a key string for signature in real time; the key layer is used to store the key string generated by the physical layer and provide a required key to the upper layer, namely, the application layer when required; and the application layer is a transceiving software part in the mail system, and is used to extract keys generated by the physical layer from the key layer so as to encrypt information to be sent. The mail transceiving method comprises: a quantum key distribution (QKD) phase, a mail signature phase, and a signature verification phase.

Abstract: A system and method for easily managing a data center with multiple computing devices such as cryptocurrency miners from different manufactures is disclosed. A first computer includes a management application to manage the selected computing devices and periodically read and store status information from them into a database. Controls are presented to enable selection of one or more of the devices and to apply an operating mode, including manual, semi-automatic, automatic, and intelligent modes. Machine learning may be used to determine recommended settings for the selected set of computing devices.

Abstract: A system and method for providing proof of a digital identification of a user which may include activating, on a mobile computing device, a bank application and a digital identification service provider application, and which may allow the bank application to have access to user accounts after the bank application receives a digital identification from the digital identification service provider application in order to provide proof of identify with speed and security.

Abstract: Systems, methods, and computer readable media for staging a corpus of electronic communication documents for analysis, such as, for example, via a content analysis platform. The staging may include a staging platform accessing the corpus of electronic communication document. For each electronic communication document within the corpus, the staging platform may generate a fingerprint based upon the output of a hash function executed upon a set of characteristics corresponding to each segment within the electronic communication document. The staging platform may analyze the generated fingerprints to generated a plurality of threaded conversations that do not include electronic communication documents that fail to convey any new information. The systems and methods may also include detecting and flagging any segments within an electronic communication document that may have been mutated by its author.

Abstract: The present invention proposes a rapid, reliable data extraction method for extracting data from a database of data (3) that is watermarked according to a reversible watermarking method. The method according to the invention consists of obtaining, from a first extraction request received from a client terminal (1), a second extraction request (R2) for extracting watermarked data and a third request (R3) applied to the extracted data after it has been de-watermarked. In the presence in the first extraction request of initial selection conditions relating to watermarked properties, these are included in the second request after having been transformed. In the presence in the first extraction request (R1), of aggregation functions relating to a watermarked extraction property, these are included without modification in the third request (R3) so as to supply a result to the client terminal (1) in response to the first extraction request (R1).

Abstract: A client computing device may obtain access to protected resources with a proof-of-possession (Pop) token. The client computing device may request an access token from an authorization server via an application server. The request may include key material (e.g., token binding type, key, and key parameters) that the client computing device possesses or has access to, such as a public key of an asymmetric public/private key pair. In some embodiments, the public key may be a confirmation (CNF) key, which may be added to the access token and JWT signed by the authorization server. The private key may be retained by the client, who may then use the PoP token to prove possession of the private key.

Abstract: An information processing apparatus switches alteration detection processing depending on timing of execution of alteration detection to perform alteration detection processing for each file to be accessed to detect an alteration in an extended application, and switches alteration detection execution determination processing depending on a type of access to an extended application package.

Abstract: A mobile application development environment may be maintained in association with a computing platform. A request to produce a binary of a first mobile application may be processed. The binary and a package configurable to cause the binary to have code-sign credentials associated with a first organization when the binary is uploaded to a mobile application provider may be produced. The binary and the package may be provided to the first organization.

Abstract: Techniques for signer-initiated electronic document signing via an electronic signature service using a mobile or other client device are described. Example embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of documents and corresponding electronic signatures. In some embodiments, when a signer user receives a hard copy (e.g., paper) signature document, the signer may capture an image of the signature document with a camera of a mobile device. The signer can then import the captured image into the ESS for signature, storage, and/or transmission to other parties.

Abstract: Content screening operations, which can include watermark extraction and the application of content usage enforcement actions, may be organized such that some or all of the operations can be conducted by different devices that are connected via connectors such as HDMI (High-Definition Multimedia Interface (HDMI), analog composite video, DVI (Digital Visual Interface), SDI (Serial Digital Interface), DisplayPort, or networked via Ethernet or wireless. Authentication and encryption methods are disclosed that can be used to establish the trust and secure communication between devices that conduct collaborative content screening. Delegation architecture may be based on ascertained screening capabilities of the sink device wherein the source device verifies that the sink device is capable and trusted to perform partial or whole screening operations delegated by the source.

Abstract: A device for engaging users in an advertisement and promotions campaign and a method and system for mobile device users to engage in multiple promotional campaigns by a single registration.

Abstract: An apparatus is adapted for implementing a method of creating a data chain, which can be cryptographically proven to contain valid data. The method includes creating a data chain with no elements, validating the data chain for nodes before accepting the data chain, verifying the size of close group to add the data chain, adding a data block to the data chain, removing old copies of entries from the data chain only if a chained consensus would not be broken, else maintaining the entry and marking it as deleted, validating a majority of pre-existing nodes and validating a signature of the data chain via the data chain of signed elements. The apparatus is operable to support a data communication system and provides a technical effect of making a data processing system robust against data corruption, data loss, failure in data communication synchronization and similar practical operational issues.

Abstract: An air-gapped system enables the secure transfer and control of digital assets, such as those associated with crypto-currency. The system includes an Integration Server for receiving requests from an application interface, a Central Control Center for verifying the requests received and authorizing the requests using digital signatures, and multiple Distributed Data Centers, each including a cold Data Center Hardware Security Module (DC HSM). These DC HSMs securely store and manage cryptographic keys. Each Data Center also includes an offline Processing Unit coupling its DC HSM to a dedicated Remote Controlled Server. The Remote Controlled Server receives requests from the Integration Server and forwards them to the Processing Unit of a DC HSM using a Near-Field Communication (NFC) Interface between the two. Preferably, the NFC interface is physically shielded to resist side channel attacks.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.

Abstract: Disclosed are various approaches for signing documents using mobile devices. A request is sent to a certificate authority for a signing certificate. The signing certificate is then received from the certificate authority. The signing certificate is then stored in the memory. Next, a file is received from a client application executed by the processor of the computing device. Then, the file is signed with the signing certificate to create a signed file. The signed file is then returned to the client application.