Abstract: An electronic device is disclosed. The electronic device comprises: a camera; a storage unit; and a processor for capturing an image including authentication information of an external electronic device through the camera, acquiring first information related with a public key included in the image and storing the first information in the storage unit, and comparing second information with the first information so as to authenticate the external electronic device when the second information and identification information related with the public key are received from the external electronic device on the basis of a type of first information.

Abstract: The Social Data Tracking Datastructures, Apparatuses, Methods and Systems (“SDTD”) transforms brokerage order request, blockchain transaction request, agency action request inputs via SDTD components into brokerage order confirmation, transaction confirmation, agency action notification outputs. An order of a user for an order processing entity is obtained. A blockchain data node, which facilitates access to user-owned read data, associated with the order is determined. A blockchain identifier of the blockchain data node and a blockchain identifier of the order processing entity is provided to an access control node and the user-owned read data is obtained. The order is executed using the user-owned read data. A write access blockchain node, which grants the order processing entity permission from the user to create one or more blockchain data nodes, is determined. A new blockchain data node is created that facilitates access to the user-owned write data associated with the executed order.

Abstract: In one example in accordance with the present disclosure, a system may comprise a a combination engine to combine an encrypted device identification and a routing indicator resulting in a combined device identification. The system may also include an encryption engine to encrypt the combined device identification and a transmission engine to transmit the encrypted combined device identification.

Abstract: Examples of multi-user configuration are disclosed. An example method includes, at an electronic device: receiving a request; and in response to the request: if the voice input does not match a voice profile associated with an account associated with the electronic device: causing output of first information based on the request using a first account associated with the electronic device; if a setting of the electronic device has a first state, causing update of account data of the first account based on the request; and if the setting has a second state, forgoing causing update of the account data; and if the voice input matches a voice profile associated with an account associated with the electronic device: causing output of the first information using the account associated with the matching voice profile; and causing update of account data of the account based on the request.

Abstract: A process extraction apparatus includes a process extraction apparatus including a message group creator that, based on keywords each extracted from a respective one of multiple messages posted, the respective posting times of the multiple messages, and the respective posters of the multiple of messages, groups the multiple of messages into multiple message groups each including messages with similar characteristics, and an output unit that, based on the respective posting times of the messages included in each of the multiple message groups, outputs a precedence relationship between the multiple message groups.

Abstract: Verification of entities associated with a communication platform are described. An instruction to create a communication channel on a communication platform is received. The communication channel can be associated with an organization that is registered with the communication platform. Data associated with an entity (e.g., the organization and/or a user associated therewith) can be analyzed to determine whether to verify the entity. Based at least partly on a determination that the entity is verified, an indicator can be presented in association with the entity on a user interface associated with the communication platform and a first set of permissions can be associated with the entity. The first set of permissions can be different than a second set of permissions associated with unverified entities. Use of the communication channel and/or the communication platform by the entity can be controlled based at least partly on the first set of permissions.

Abstract: A trusted execution environment on a computing device within an enterprise, whether owned by the enterprise or the employee/user, allows invocation of trusted enterprise applications without hindering external or non-enterprise apps from running on the same computing device. Each of the trusted apps can interact with other trusted apps on the same enterprise computing device in a trusted manner such that other apps or untrusted network connections are prevented for access to the trusted apps. The computing device, however, also executes non enterprise applications which operate independently of the enterprise apps in the same address space using the same unmodified operating system as the enterprise apps on the computing device. The trusted execution environment therefore restricts interprocess communication to be only within the set of enterprise apps and also permits unimpeded operation of other apps under the same OTS (off the shelf) operating system.

Abstract: In some examples, a device includes a memory, a processor, and a controller separate from the processor to derive a security credential based on information comprising a key accessible by the controller. The controller communicates the derived security credential in a secure manner to a program code executable on the processor, and uses the derived security credential to protect data stored in the memory against unauthorized access.

Abstract: This key information generation system generates key information necessary when using a shared device and imparts this key information to a mobile terminal. Authentication is performed between a mobile terminal which has imported key information, and an authentication device provided to the device, and if said authentication is successful, the mobile terminal enables operation of the device via the authentication device. The key information generation system includes: an information management unit which manages, by associating with one another, individual information for the authentication device, a key information generating code, and usage information pertaining to the use of the authentication device; and a key information generation unit which specifies a key information generation code from the individual information and usage information managed by being associated with one another by the information management unit, and generates key information on the basis of the key information generation code.

Abstract: The description relates to password reset security. One example can receive a login request and a password for a cloud-based user account. The example can also retrieve stored authenticated user information associated with the password. The example can further send a notification of the login request to a contact address associated with the cloud-based user account. The notification can contain at least some of the stored authenticated user information.

Abstract: In various embodiments, a personal data processing system may require guardian consent (e.g., parental consent) for a data subject in order to collect, store, and or process the subject's personal data. The system may prompt the data subject to initiate a request for guardian consent or the system may initiate a request for guardian consent without initiation from the data subject (e.g., in the background of a transaction). In some embodiments, the system may require guardian consent when a data subject is under the age for valid consent for the particular type of personal data that will be collected as part of a particular transaction. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects and/or from guardians on their behalf (e.g., in the case of a minor data subject).

Abstract: In some examples, a scanner that is to verify a device includes a scanner input/output (I/O) interface to physically and communicatively connect to a device I/O interface of the device. The scanner includes a processor to send an input through the scanner I/O interface to the device, receive, at the scanner I/O interface, an output responsive to the input from the device, the output comprising a cryptographic value based on a cryptographic operation applied on data of the input, and determine whether the device is an authorized device based on the received output.

Abstract: A method for providing a multi-service platform to entities includes the storage of profiles for a plurality of entities involved in services with other entities, including point to point and business to business transactions, including entities not registered, that can be claimed by each entity, where each entity can provide for roles and hierarchies of authorized users of the platform for that entity, and where the platform is configured to provide, among other services, registration of procurement status for purchase orders in a digital ledger that provides for auditability and immutability.

Abstract: Embodiments of the present disclosure include systems and methods for securely entering, receiving, and storing sensitive data. A server system may determine if a request received from a user computing device communicatively coupled to the server triggers a requirement to receive sensitive data from the user computing device, generate a data structure for the sensitive data, designate a plurality of contact methods, determine a communication protocol for each of the designated plurality of contact methods, transmit a request for data unit information to the corresponding designated contact methods via the determined communication protocol for each data unit of the data structure, receive from each of the designated contact methods, the data unit information corresponding to the respective single data unit, and generate sensitive data by aggregating the received data unit information received from each of the designated contact methods.

Abstract: An access control apparatus is provided. The apparatus can be used to unlock a device, wherein the device has a computation unit and at least one operator control unit that is electrically connectable to the computation unit, wherein the apparatus has a first reception unit for receiving electrical signals from the at least one operator control unit, a transmission unit for transmitting the electrical signals to the computation unit, a second reception unit for receiving at least one access message transmitted by means of an electromagnetic signal, an authorization unit for generating a switching signal if the result of the check on the access message is that unlocking of the device is permitted by means of the access message, and an unlocking unit for unlocking a transmission of electrical signals from the first reception unit to the transmission unit on the basis of the switching signal.

Abstract: The present disclosure provides systems and methods for on-device machine learning. In particular, the present disclosure is directed to an on-device machine learning platform and associated techniques that enable on-device prediction, training, example collection, and/or other machine learning tasks or functionality. The on-device machine learning platform can include a context provider that securely injects context features into collected training examples and/or client-provided input data used to generate predictions/inferences. Thus, the on-device machine learning platform can enable centralized training example collection, model training, and usage of machine-learned models as a service to applications or other clients.

Abstract: The present disclosure provides a system and method for allocating computer resources for detection of malicious files. In one aspect, the system comprises: a hardware processor configured to: form at least one behavior pattern grouping selected commands with shared parameters, apply a hash function on the at least one of the formed behavior pattern to obtain computed parameters, calculate a degree of harmfulness based on the obtained computed parameters using the hash function and a model for detection of malicious files, wherein the degree of harmfulness is a number value characterizing a probability that a malicious activity will be manifested by a time of computing said degree of harmfulness and wherein the model is a machine learning model trained using computed parameters of previous behavior patterns on which the hash function was applied to output degrees of harmfulness, and allocate the computing resources based on the calculated degree of harmfulness.

Abstract: Disclosed are a data protection method and device and a storage medium. The method includes that a database execution engine receives data request information sent by a client; a preset policy corresponding to an identity of the client carried in the data request information is acquired and the database execution engine performs a data protection operation for requested data according to the preset policy to obtain target data; and the database execution engine sends the target data to the client.

Abstract: Systems and methods are provided for efficient and automated control of software permissions and access to network resources across a complex enterprise environment. Systems may configure computer servers in response to an employment status change. Changes to employment status may include leave, termination or hiring. System may interface with a human resources data feed and detect changes to employment status. The system may enable, disable and/or delete a user's account on all appropriate computer servers. Systems may disconnect a software profile in response a detected employment change. Systems may create new software profiles in response to a detected employment change.

Abstract: In one aspect, a method of classifying a computer object as malware includes receiving at a base computer data about a computer object from each of plural remote computers on which the object or similar objects are stored. The data about the computer object received from the plural computers is compared in the base computer. The computer object is classified as malware on the basis of said comparison. In one embodiment, the data about the computer object includes one or more of: executable instructions contained within or constituted by the object; the size of the object; the name of the object; the logical storage location or path of the object on the respective remote computers; the vendor of the object; the software product and version associated with the object; and, events initiated by or involving the object when the object is created, configured or runs on the respective remote computers.

Abstract: The present embodiments relate to an image processing apparatus and a user authentication method of the image processing apparatus. The image processing apparatus according to an embodiment of the disclosure includes: a first authentication unit configured to receive first authentication data from a user terminal, and to determine whether the first authentication data matches pre-stored first reference data to authenticate the user terminal; and a second authentication unit configured to generate, when additional authentication is set up, second reference data, requesting the user terminal to send second authentication data, to receive the second authentication data from the user terminal, and to determine whether the second authentication data matches the second reference data to authenticate the user terminal.

Abstract: The present invention relates to a method for issuing a currency comprising the steps of: (a) confirming the validity of a currency issuing transaction and a currency issuer, when the currency issuing transaction for issuing the currency from the currency issuer is obtained, the currency issuing transaction including (i) currency receiver information, (ii) issued amount of the currency, (iii) a public key of the currency issuer, and (iv) a signature value of the currency issuer signing the (i), (ii), and (iii) with a private key of the currency issuer; and (b) registering the currency issuing transaction or a function value thereof on a public blockchain network, and obtaining a currency issuance public transaction ID indicating location information of the currency issuing transaction or the function value thereof on the public blockchain network, when the currency issuing transaction and the currency issuer are deemed valid.

Abstract: The present invention broadly comprises crowd-sourced computer-implemented methods and systems of collecting and transforming portable device data. One embodiment of the invention may be implemented as a system including an electronic device including a sensor configured to collect data, the device configured to begin collection of data based on a command from a user of the electronic device; and a server configured to issue a command to the electronic device to turn on the sensor and transmit data collected by the sensor to the server without any input by the user of the electronic device when a condition is met.

Abstract: Example implementations relate to a domain join. An example controller can remotely configure and authenticate a computing device within a computing network to join a domain. In response to the configuration and authentication, the controller can record to the computing device that the domain join has been requested but not fulfilled. The computing device can be joined to the domain based on the domain join request record and in response to a restart of the computing device and receipt of domain credentials at the computing device.

Abstract: A system, a method, and a program for providing a virtual code, a virtual code generating device, and a virtual code verifying device are provided. The method includes receiving, by a virtual code verifying means, a virtual code from a virtual code generating means, extracting, by the virtual code verifying means, a plurality of detailed codes included in the virtual code, and searching for, by the virtual code verifying means, a storage location of a real code based on the plurality of detailed codes.

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

Abstract: An approach is provided that receives a password that corresponds to a user identifier. A number of hashing algorithms are retrieved with the specific hashing algorithms that are retrieved being based on the received user identifier. The password is hashed using each of retrieved hashing algorithms resulting in a number of hash results. The hash results are combined with the combining of the hash result eventually resulting in a combined hash result. An expected hash result that corresponds to the user identifier is retrieved and compared to the combined hash result. The password is verified based on the results of the comparison.

Abstract: A network of storage units has a data path, which is at least a portion of the network. The network also has a dynamic time-varying or cycle-varying code generation unit and a code comparator unit that together make up an unlock signal generation unit; and a gateway storage unit. If the gateway storage unit does not store an unlock signal or the unlock signal generation unit does not generate and transmit an unlock signal, the gateway storage unit does not insert a data path segment in the data path. If the unlock signal generation unit is operated such that it generates an unlock signal, and it transmits that unlock signal to a gateway storage unit, and the gateway storage unit stores the unlock signal value, then the gateway storage unit inserts a data path segment into the data path.

Abstract: In an example, there is provided a method for attesting to a management state of a device platform configuration, based on a signed data structure that represents a device management status and a time-based value from a secure cryptoprocessor of the device. The signed data structure is sent to a management system for validation based on a comparison to the state of the cryptoprocessor at the time of signing the data structure.

Abstract: Disclosed is a fifth generation (5G) or pre-5G communication system for supporting data transmission rate higher than that of a fourth generation (4G) communication system such as long term evolution (LTE). The objective of the present disclosure is to detect a mismatch of an encryption parameter in a wireless communication system, and an operating method of a reception end includes the steps of: receiving, from a transmission end, a packet including information related to a serial number of the packet and an encryption parameter determined on the basis of the serial number; determining whether the encryption parameter determined by the reception end is mismatched, on the basis of the information related to the serial number and the encryption parameter.

Abstract: A method and apparatus that provides for marketing and selling of goods by a computer application that interconnects with a media source that displays the goods.

Abstract: A method for initiating a secure session using a smartphone as a physical token to provide strong authentication. The phone is used through a public and independent real-time notification service. The notifications are exchanged in an encrypted manner so that their content is only accessible to the mobile phone and the authentication server.

Abstract: Methods and devices are disclosed. A method, performed in a user application, of creating a trusted bond between a hearing device and the user application is disclosed, wherein the method comprises obtaining first authentication material; transmitting a first authentication request comprising a first authentication type identifier and first authentication data to the hearing device; receiving an authentication response comprising an authentication key identifier; storing an authentication key and the authentication key identifier, wherein the authentication key is based on the first authentication material; and connecting the user application to the hearing device using the authentication key and the authentication key identifier.

Abstract: An interaction security system for user verification utilizes co-location in order to more accurately identify a user location. The system identifies a user computer system location based a location determination component for the user computer systems. Moreover, the system identifies a resource accessory location of a resource accessory. The resource accessory location may be determined in a number of different ways, including, but not limited to, a location determination component of the resource accessory. The system may utilize a time requirement and/or a geo-location requirement in order to maintain verification of the user for a period of time and/or within a specific location. Moreover, the system may require the user to take an action with respect to the resource accessory before verifying the user location for an interaction.

Abstract: A primary input value is received from a first user on a first peer device. A symmetric user encryption key UK1 is generated for the first user from the primary input value on the first peer device. One or more random numbers are requested and received from a random number generator server. A user asymmetric encryption key pair that includes a public key PuK1 and a private key PrK1 is generated for the first user from the one or more random numbers on the first peer device. The public key PuK1 is stored in a non-volatile memory on a public-key server. The private key PrK1 is encrypted using the symmetric user encryption key UK1 using a symmetric encryption algorithm on the first peer device, producing an encrypted private key ePrK1=ESUK1(PrK1). The private key ePrK1 is stored in non-volatile memory on a data persistence server.

Abstract: A model training method includes: acquiring a plurality of user data pairs, wherein data fields of two sets of user data in each user data pair have an identical part; acquiring a user similarity corresponding to each user data pair, wherein the user similarity is a similarity between users corresponding to the two sets of user data in each user data pair; determining, according to the user similarity corresponding to each user data pair and the plurality of user data pairs, sample data for training a preset classification model; and training the classification model based on the sample data to obtain a similarity classification model.

Abstract: Embodiments provide a computer implemented method in a data processing comprising a processor and a memory including instructions, which are executed by the processor to cause the processor to implement the method of terminating a connection between a database server and a database client through an enforcement point, the method including: continuously monitoring, by the enforcement point, information related to a connection to a database, and parsing one or more queries; continuously comparing, by the enforcement point, the information with a predefined plurality of rules, and checking whether there is a rule violation; if there is a rule violation, assembling, by the enforcement point, a termination packet including an error message indicative of the rule violation; sending, by the enforcement point, the termination packet to the database client; and terminating, by the enforcement point, a connection between the enforcement point and the database client.

Abstract: A method to authenticate a first computer system over a network to a second computer system is disclosed. A login user interface (UI) is presented to a user of the first computer system while disconnected from the second computer system. The login UI presents at least one input field to receive login input from the user and a security indicator that has been previously selected by the user and that is local to the first computer system. Login input is selectively received from the user based on a determination that the user recognizes the security indicator as having been previously selected by the user. A connection is established between the first computer system and the second computer system over the network. The received user input is transmitted using the established connection to the second computer system for authentication of the first computer system.

Abstract: A method of authenticating a user includes obtaining a user authentication request for access to at least one application executed on an electronic device, identifying an actor and a task for authentication based on one or more context parameters associated with at least one of the electronic device or a user, providing a live challenge generated based on the identification, and identifying whether to access the at least one application based on whether the provided live challenge has been successfully performed.

Abstract: A system is disclosed for storage, processing, and accessing of data. The system includes a front end system and a back end system communicatively connected to the front end system. A front end system is configured to provide one or more user interfaces configured to store, process, and access data in a first data server, in response to user input, by sending messages to the back end system. The back end system includes the first data server and one or more processing servers. The one or more processing servers are configured to process messages received from the front end system by accessing in the first data server to perform one or more operations specified by the messages. The back end system also includes a blockchain server configured to maintain a record of changes made to data in the first data server by the one or more processing servers.

Abstract: Systems and methods for cyber risk analysis and remediation using network monitored sensors are provided herein. An example system includes one or more data collecting devices deployed within a network that collect entity information and monitor network traffic of the network that is related to security information. The network includes computing systems that are subject to a cyber risk policy having breach parameters defining one or more events that are indicative of a cyber security breach. A cyber security risk assessment and management system is used to automatically detect occurrence of one or more of the events that are indicative of a cyber security breach, automatically determine the breach parameters that apply for the one or more events that occurred, and generates a remediation of cyber security parameters for the network.

Abstract: The disclosure relates to a method of transmitting and receiving control information in a wireless communication system, and an apparatus therefor. According to an embodiment of the disclosure, the method may include receiving interruption configuration information via upper signaling from a base station (BS), when a format of an interruption indicator transmitted from the BS to a user equipment is determined based on the received interruption configuration information, searching for the interruption indicator, and identifying, based on the format of the interruption indicator, information included in the interruption indicator detected as a result of the searching.

Abstract: Threads of a process require a shared resource to perform their work. The threads have a shared object, which might include a lock and an expiration time. When the resource has not been acquired and any one of the threads attempts to access the shared resource, that thread locks the lock, acquires the shared resource, sets the expiration time, releases the lock, and then uses the shared resource to perform its work. When any one of the threads requires the resource and the resource has been acquired but the expiration time is within a time threshold, only that thread refreshes the resource, resets the expiration time, and uses the resource to perform its work. When any of the threads require the resource and the resource is available and not expired, the thread uses the shared resource.

Abstract: There is provided mechanisms for verifying a log entry in a communications system. A method is performed by a host server. The method comprises obtaining a log entry of a service access tracker. The log entry indicates access to a service during a client session, the service being tracked by the service 5 access tracker. The method comprises providing the log entry to a trusted third party for digital signing thereof using a digital trusted timestamping scheme. The method comprises verifying that the log entry has been digitally signed by the trusted third party. The method comprises providing a new aggregate comprising the digitally signed log entry and a previous aggregate 10 of previously digitally signed and aggregated log entries to the trusted third party for digital signing thereof using the digital trusted timestamping scheme. The method comprises verifying that the new aggregate has been digitally signed by the trusted third party.

Abstract: A decoding apparatus includes a plurality-of-bits decoding part configured to receive an input vector obtained by adding a message encrypted by a trapdoor function and an error vector including an element(s) conforming with a discrete Gaussian distribution, and decode a plurality of bits from a lower bit of the message based on the input vector in correctness with a predetermined probability; and a confirmation calculation part configured to determine in parallel whether the decoded plurality of bits are correct or not, wherein the message is encrypted by taking an inner product with a vector including a power of two as an element(s).

Abstract: The present disclosure is directed to systems and methods associated with a communication infrastructure. The communication infrastructure includes a vehicle integration platform that includes a plurality of application programming interfaces configured to facilitate message communication among clients. The communication infrastructure includes a registration authority system configured to receive certificate signing requests from the clients and to generate client-specific credentials for establishing a predetermined time period of ability for client authentication within the vehicle integration platform. The communication infrastructure includes a certificate authority system configured to normalize requests received from the clients via the registration authority system such that the client-specific credentials are established according to an approved hierarchy of licensing certificates.

Abstract: A method of establishing a communications path between devices comprising: receiving, at a first device, data, the data comprising: a first resource having a first identifier for a second device remote from the first device; a second resource having a second identifier for the second device; addressing the second device with the first identifier; generating, at the first device, first connection data based on the second identifier; transmitting, from the first device to the second device, the first connection data; receiving, at the first device, second connection data; validating, at the first device, the second connection data; establishing the communications path between the first device and second device responsive to valid second connection data.

Abstract: A homomorphic encryption scheme, such as Paillier encryption in combination with a bit packing process allows biometric matching at a terminal without exposing a biometric template stored at a user's device. Because such encryption schemes are data intensive, the bit packing process allows reductions in data being sent and processed so that the biometric matching process can be accomplished in near real time. The high speed of this optimized process allows the technique to be applied to many real world processes such as access control and transaction processing.

Abstract: Method and apparatus for authentication of a user to a server that involves the user performing a requested act and that further involves relative movement between the user and a camera wherein fiducial marks are captured.

Abstract: A method for remotely verifying a non-resident alien's identity, includes: receiving a request to establish a communication session from a user device; analyzing the request to determine whether the user device is compromised; in response to determining that the user device is not compromised, providing a page flow to the user device to solicit information from the non-resident alien, the information including identity information associated with a local foreign government identification document (ID), and other information not shown on the local foreign government ID; querying one or more foreign governmental data stores to identify foreign data associated with the non-resident alien based on a unique identifier associated with the local foreign government ID; comparing the information with the foreign data; and verifying an identity of the non-resident alien based on the comparing, wherein the verifying includes determining that at least one of the other information matches the foreign data.