Abstract: Described are systems and methods for evaluating cyber effects in a cyber-physical system (CPS). In some embodiments, a simulation model of the CPS is built and includes an attacked component set and an evaluated component set. A control component is inserted into the simulation model. One or more direct connections between the attacked component set and the evaluated component set are disconnected. One or more indirect connections are identified and then disconnected from the simulation model with disconnected direct connections. The one or more direct connections and indirect connections are routed through the control component. A cyber-attack on the attacked component set can be simulated by configuring the control component to control outputs transmitted via a routed connection, the routed connection being one of the routed direct or indirect connections. The simulated components of the simulation model can be progressively and iteratively replaced by corresponding components from the CPS.

Abstract: Various embodiments of the present disclosure are directed to providing authentication of access while reducing user input and, specifically to a method, apparatus, and computer program product for receiving device identification information from both a secured system indicating devices with authorization and from a third party telecommunications carrier indicating the mobile device account attempting to access a service provider. Embodiments provided include an apparatus configured to receive, from a mobile device, identification information associated with the mobile device. The apparatus further comprises computing an encrypted hash of the identification information and initiating a search of a registry for a matching entry that matches the encrypted hash of the identification.

Abstract: A method of separating identity IPs for identification of applications from the locator IPs for identifying the route is provided. A virtual service layer (VSL) protocol stack uses the IP addresses assigned by network administrators to the application endpoints to support the TCP/IP stack as the identity IP addresses that are not published to the underlay network for routing. On the other hand, the VSL stack uses the IP addresses assigned by the underlay network to the VSL enabled endpoints and VSL enabled routers as the locator IP addresses for routing packets. The VSL stack formats application flow packets with identity headers as identity packet and encapsulates identity packet with the locator header to route the packet. The separation of the identity and locator identifications are used to eliminate the network middleboxes and provide firewall, load balancing, connectivity, SD-WAN, and WAN-optimization, as a part of the communication protocol.

Abstract: An endoscope system includes a processor that performs image processing on endoscope image data acquired by an endoscope, which is inserted in a subject and observes an inside of the subject. The processor communicate with a terminal device including a transceiver configured to transmit identification information identifying the terminal device, and a controller configured to: determine whether the processor is a connection destination configured to perform two-way communication, based on the received processor identification information, authenticate whether a user of the terminal device is a predetermined registered user by analyzing data obtained by the terminal device from the user, and allow two-way communication between the processor and the terminal device in response to the processor being determined as the connection designation to perform two-way communication and in response to authenticating the user of the terminal device.

Abstract: Access control electronics tor wireless locks comprise one or more battery operated radios that receive access control codes. The wireless accessed locks locate the electronic components, circuits, sensors and antennas and many of the lock components away from the container being secured and closer to the operator/user. The disclosed access control electronics combine a proximity detection circuit comprising sensor pads and a capacitive sensing circuit and one or more short-range radio frequency antennas for reading RFID devices. The proximity sensor pads are in close proximity with the antennas, without the antennas interfering with the proximity sensing process, and the sensor pads to not attenuate the signals between the RFID devices and the antennas after the RFID devices are detected.

Abstract: Described herein are systems and methods for managing releases of global services in a controlled manner. A computing environment may include a first release of a global service, a second release of the global service, and a manager service. The first and second release may be enabled and disabled. The first release may be enabled and the second release may be disabled. The second release may be ready for use in the computing environment after passing one or more checks. A manager service may enable use of the second release in the computing environment. The manager service may disable use of (but maintain execution of) the first release in the computing environment. The second release may be determined to have one or more issues. Responsive to determining the second release has issue(s), the manager service may disable use of the second release and re-enable use of the first release.

Abstract: A method for providing a multi-service platform to entities includes the storage of profiles for a plurality of entities involved in services with other entities, including point to point and business to business transactions, including entities not registered, that can be claimed by each entity, where each entity can provide for roles and hierarchies of authorized users of the platform for that entity, and where the platform is configured to provide, among other services, registration of procurement status for purchase orders in a digital ledger that provides for auditability and immutability.

Abstract: Computer technology for sending an image a device to be authenticated. The image is designed to be classified to a first category by an image classifier, and the first category is different from a nature category of the image. A response message can be received from the device. The response message indicates a second category of the image determined by the device. Then, the device is determined to be an authorized device in response to the second category being consistent with the first category.

Abstract: Aspects and examples are disclosed for improving security of authentication elements for validating a user of a user device. In one example, a processor of a user device establishes a first communication channel with a host computing system, and a user interface capable of transmitting information to the host computing system via the first channel. An API on the user device establishes a second communication channel with an identification-and-authentication system. The API receives sensitive information entered in the user interface and prevents transmission of the sensitive information to the host computing systems via the first channel. The API also transmits to the identification-and-authentication system, via the second channel, a signal including the sensitive information. The identification-and-authentication system may use the signal to send to the host computing system an additional signal verifying that the user of the user device is authenticated.

Abstract: A unique electronic communications account is generated and linked to a physical address of a user. A network of electronic mail addresses linked to physical addresses can be used for the transmission of information in electronic or physical form. Users can send information to a single recipient or multiple recipients by selecting the recipient or an area of recipients on a map generated by the system. A plurality of users can use a single e-mail address linked to a physical address through creation and storage of user profiles. Users can deactivate and transfer their unique electronic mail address upon relocation to a new physical address. The communication platform can overcome technical problems and limitations of electronic mail existing today. The communication platform can create a transparent global communication that can be achieved via an electronic communications account that can be created for every physical address in the world.

Abstract: A health service system for caring for the health of a patient. In one example, the health service system operates to present media content in association with a telehealth consultation. The health service system generates a virtual waiting room for display on a patient device, which presents a media content presentation. After the media content presentation has concluded, the health service system facilitates the telehealth consultation between a patient and a care provider. In some configurations the health service system further includes at least one hub care facility. The hub care facility includes a locked door with a scanner that unlocks the locked door upon scanning a time sensitive door unlock code; and a locked medication locker with a scanner that unlocks the locked medication locker upon scanning a medication locker unlock code.

Abstract: The Social Data Tracking Datastructures, Apparatuses, Methods and Systems (“SDTD”) transforms brokerage order request, blockchain transaction request, agency action request inputs via SDTD components into brokerage order confirmation, transaction confirmation, agency action notification outputs. An order of a user for an order processing entity is obtained. A blockchain data node, which facilitates access to user-owned read data, associated with the order is determined. A blockchain identifier of the blockchain data node and a blockchain identifier of the order processing entity is provided to an access control node and the user-owned read data is obtained. The order is executed using the user-owned read data. A write access blockchain node, which grants the order processing entity permission from the user to create one or more blockchain data nodes, is determined. A new blockchain data node is created that facilitates access to the user-owned write data associated with the executed order.

Abstract: In one example in accordance with the present disclosure, a system may comprise a a combination engine to combine an encrypted device identification and a routing indicator resulting in a combined device identification. The system may also include an encryption engine to encrypt the combined device identification and a transmission engine to transmit the encrypted combined device identification.

Abstract: An electronic device is disclosed. The electronic device comprises: a camera; a storage unit; and a processor for capturing an image including authentication information of an external electronic device through the camera, acquiring first information related with a public key included in the image and storing the first information in the storage unit, and comparing second information with the first information so as to authenticate the external electronic device when the second information and identification information related with the public key are received from the external electronic device on the basis of a type of first information.

Abstract: Examples of multi-user configuration are disclosed. An example method includes, at an electronic device: receiving a request; and in response to the request: if the voice input does not match a voice profile associated with an account associated with the electronic device: causing output of first information based on the request using a first account associated with the electronic device; if a setting of the electronic device has a first state, causing update of account data of the first account based on the request; and if the setting has a second state, forgoing causing update of the account data; and if the voice input matches a voice profile associated with an account associated with the electronic device: causing output of the first information using the account associated with the matching voice profile; and causing update of account data of the account based on the request.

Abstract: A process extraction apparatus includes a process extraction apparatus including a message group creator that, based on keywords each extracted from a respective one of multiple messages posted, the respective posting times of the multiple messages, and the respective posters of the multiple of messages, groups the multiple of messages into multiple message groups each including messages with similar characteristics, and an output unit that, based on the respective posting times of the messages included in each of the multiple message groups, outputs a precedence relationship between the multiple message groups.

Abstract: A trusted execution environment on a computing device within an enterprise, whether owned by the enterprise or the employee/user, allows invocation of trusted enterprise applications without hindering external or non-enterprise apps from running on the same computing device. Each of the trusted apps can interact with other trusted apps on the same enterprise computing device in a trusted manner such that other apps or untrusted network connections are prevented for access to the trusted apps. The computing device, however, also executes non enterprise applications which operate independently of the enterprise apps in the same address space using the same unmodified operating system as the enterprise apps on the computing device. The trusted execution environment therefore restricts interprocess communication to be only within the set of enterprise apps and also permits unimpeded operation of other apps under the same OTS (off the shelf) operating system.

Abstract: Verification of entities associated with a communication platform are described. An instruction to create a communication channel on a communication platform is received. The communication channel can be associated with an organization that is registered with the communication platform. Data associated with an entity (e.g., the organization and/or a user associated therewith) can be analyzed to determine whether to verify the entity. Based at least partly on a determination that the entity is verified, an indicator can be presented in association with the entity on a user interface associated with the communication platform and a first set of permissions can be associated with the entity. The first set of permissions can be different than a second set of permissions associated with unverified entities. Use of the communication channel and/or the communication platform by the entity can be controlled based at least partly on the first set of permissions.

Abstract: The description relates to password reset security. One example can receive a login request and a password for a cloud-based user account. The example can also retrieve stored authenticated user information associated with the password. The example can further send a notification of the login request to a contact address associated with the cloud-based user account. The notification can contain at least some of the stored authenticated user information.

Abstract: In various embodiments, a personal data processing system may require guardian consent (e.g., parental consent) for a data subject in order to collect, store, and or process the subject's personal data. The system may prompt the data subject to initiate a request for guardian consent or the system may initiate a request for guardian consent without initiation from the data subject (e.g., in the background of a transaction). In some embodiments, the system may require guardian consent when a data subject is under the age for valid consent for the particular type of personal data that will be collected as part of a particular transaction. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects and/or from guardians on their behalf (e.g., in the case of a minor data subject).

Abstract: This key information generation system generates key information necessary when using a shared device and imparts this key information to a mobile terminal. Authentication is performed between a mobile terminal which has imported key information, and an authentication device provided to the device, and if said authentication is successful, the mobile terminal enables operation of the device via the authentication device. The key information generation system includes: an information management unit which manages, by associating with one another, individual information for the authentication device, a key information generating code, and usage information pertaining to the use of the authentication device; and a key information generation unit which specifies a key information generation code from the individual information and usage information managed by being associated with one another by the information management unit, and generates key information on the basis of the key information generation code.

Abstract: In some examples, a device includes a memory, a processor, and a controller separate from the processor to derive a security credential based on information comprising a key accessible by the controller. The controller communicates the derived security credential in a secure manner to a program code executable on the processor, and uses the derived security credential to protect data stored in the memory against unauthorized access.

Abstract: In some examples, a scanner that is to verify a device includes a scanner input/output (I/O) interface to physically and communicatively connect to a device I/O interface of the device. The scanner includes a processor to send an input through the scanner I/O interface to the device, receive, at the scanner I/O interface, an output responsive to the input from the device, the output comprising a cryptographic value based on a cryptographic operation applied on data of the input, and determine whether the device is an authorized device based on the received output.

Abstract: A method for providing a multi-service platform to entities includes the storage of profiles for a plurality of entities involved in services with other entities, including point to point and business to business transactions, including entities not registered, that can be claimed by each entity, where each entity can provide for roles and hierarchies of authorized users of the platform for that entity, and where the platform is configured to provide, among other services, registration of procurement status for purchase orders in a digital ledger that provides for auditability and immutability.

Abstract: The present disclosure provides systems and methods for on-device machine learning. In particular, the present disclosure is directed to an on-device machine learning platform and associated techniques that enable on-device prediction, training, example collection, and/or other machine learning tasks or functionality. The on-device machine learning platform can include a context provider that securely injects context features into collected training examples and/or client-provided input data used to generate predictions/inferences. Thus, the on-device machine learning platform can enable centralized training example collection, model training, and usage of machine-learned models as a service to applications or other clients.

Abstract: Embodiments of the present disclosure include systems and methods for securely entering, receiving, and storing sensitive data. A server system may determine if a request received from a user computing device communicatively coupled to the server triggers a requirement to receive sensitive data from the user computing device, generate a data structure for the sensitive data, designate a plurality of contact methods, determine a communication protocol for each of the designated plurality of contact methods, transmit a request for data unit information to the corresponding designated contact methods via the determined communication protocol for each data unit of the data structure, receive from each of the designated contact methods, the data unit information corresponding to the respective single data unit, and generate sensitive data by aggregating the received data unit information received from each of the designated contact methods.

Abstract: The present disclosure provides a system and method for allocating computer resources for detection of malicious files. In one aspect, the system comprises: a hardware processor configured to: form at least one behavior pattern grouping selected commands with shared parameters, apply a hash function on the at least one of the formed behavior pattern to obtain computed parameters, calculate a degree of harmfulness based on the obtained computed parameters using the hash function and a model for detection of malicious files, wherein the degree of harmfulness is a number value characterizing a probability that a malicious activity will be manifested by a time of computing said degree of harmfulness and wherein the model is a machine learning model trained using computed parameters of previous behavior patterns on which the hash function was applied to output degrees of harmfulness, and allocate the computing resources based on the calculated degree of harmfulness.

Abstract: An access control apparatus is provided. The apparatus can be used to unlock a device, wherein the device has a computation unit and at least one operator control unit that is electrically connectable to the computation unit, wherein the apparatus has a first reception unit for receiving electrical signals from the at least one operator control unit, a transmission unit for transmitting the electrical signals to the computation unit, a second reception unit for receiving at least one access message transmitted by means of an electromagnetic signal, an authorization unit for generating a switching signal if the result of the check on the access message is that unlocking of the device is permitted by means of the access message, and an unlocking unit for unlocking a transmission of electrical signals from the first reception unit to the transmission unit on the basis of the switching signal.

Abstract: Disclosed are a data protection method and device and a storage medium. The method includes that a database execution engine receives data request information sent by a client; a preset policy corresponding to an identity of the client carried in the data request information is acquired and the database execution engine performs a data protection operation for requested data according to the preset policy to obtain target data; and the database execution engine sends the target data to the client.

Abstract: Systems and methods are provided for efficient and automated control of software permissions and access to network resources across a complex enterprise environment. Systems may configure computer servers in response to an employment status change. Changes to employment status may include leave, termination or hiring. System may interface with a human resources data feed and detect changes to employment status. The system may enable, disable and/or delete a user's account on all appropriate computer servers. Systems may disconnect a software profile in response a detected employment change. Systems may create new software profiles in response to a detected employment change.

Abstract: In one aspect, a method of classifying a computer object as malware includes receiving at a base computer data about a computer object from each of plural remote computers on which the object or similar objects are stored. The data about the computer object received from the plural computers is compared in the base computer. The computer object is classified as malware on the basis of said comparison. In one embodiment, the data about the computer object includes one or more of: executable instructions contained within or constituted by the object; the size of the object; the name of the object; the logical storage location or path of the object on the respective remote computers; the vendor of the object; the software product and version associated with the object; and, events initiated by or involving the object when the object is created, configured or runs on the respective remote computers.

Abstract: The present embodiments relate to an image processing apparatus and a user authentication method of the image processing apparatus. The image processing apparatus according to an embodiment of the disclosure includes: a first authentication unit configured to receive first authentication data from a user terminal, and to determine whether the first authentication data matches pre-stored first reference data to authenticate the user terminal; and a second authentication unit configured to generate, when additional authentication is set up, second reference data, requesting the user terminal to send second authentication data, to receive the second authentication data from the user terminal, and to determine whether the second authentication data matches the second reference data to authenticate the user terminal.

Abstract: The present invention relates to a method for issuing a currency comprising the steps of: (a) confirming the validity of a currency issuing transaction and a currency issuer, when the currency issuing transaction for issuing the currency from the currency issuer is obtained, the currency issuing transaction including (i) currency receiver information, (ii) issued amount of the currency, (iii) a public key of the currency issuer, and (iv) a signature value of the currency issuer signing the (i), (ii), and (iii) with a private key of the currency issuer; and (b) registering the currency issuing transaction or a function value thereof on a public blockchain network, and obtaining a currency issuance public transaction ID indicating location information of the currency issuing transaction or the function value thereof on the public blockchain network, when the currency issuing transaction and the currency issuer are deemed valid.

Abstract: The present invention broadly comprises crowd-sourced computer-implemented methods and systems of collecting and transforming portable device data. One embodiment of the invention may be implemented as a system including an electronic device including a sensor configured to collect data, the device configured to begin collection of data based on a command from a user of the electronic device; and a server configured to issue a command to the electronic device to turn on the sensor and transmit data collected by the sensor to the server without any input by the user of the electronic device when a condition is met.

Abstract: Example implementations relate to a domain join. An example controller can remotely configure and authenticate a computing device within a computing network to join a domain. In response to the configuration and authentication, the controller can record to the computing device that the domain join has been requested but not fulfilled. The computing device can be joined to the domain based on the domain join request record and in response to a restart of the computing device and receipt of domain credentials at the computing device.

Abstract: A system, a method, and a program for providing a virtual code, a virtual code generating device, and a virtual code verifying device are provided. The method includes receiving, by a virtual code verifying means, a virtual code from a virtual code generating means, extracting, by the virtual code verifying means, a plurality of detailed codes included in the virtual code, and searching for, by the virtual code verifying means, a storage location of a real code based on the plurality of detailed codes.

Abstract: Embodiments of the present disclosure may provide a streamlined process for performing operations, such as data sharing and data replication, using multiple accounts. A global identity (also referred to as an organization user) may be employed, where the global identity may have access to multiple accounts across the same or different deployments. The global identity may switch between accounts from its login session and perform various tasks in the context of different accounts without undergoing further authentication.

Abstract: An approach is provided that receives a password that corresponds to a user identifier. A number of hashing algorithms are retrieved with the specific hashing algorithms that are retrieved being based on the received user identifier. The password is hashed using each of retrieved hashing algorithms resulting in a number of hash results. The hash results are combined with the combining of the hash result eventually resulting in a combined hash result. An expected hash result that corresponds to the user identifier is retrieved and compared to the combined hash result. The password is verified based on the results of the comparison.

Abstract: A network of storage units has a data path, which is at least a portion of the network. The network also has a dynamic time-varying or cycle-varying code generation unit and a code comparator unit that together make up an unlock signal generation unit; and a gateway storage unit. If the gateway storage unit does not store an unlock signal or the unlock signal generation unit does not generate and transmit an unlock signal, the gateway storage unit does not insert a data path segment in the data path. If the unlock signal generation unit is operated such that it generates an unlock signal, and it transmits that unlock signal to a gateway storage unit, and the gateway storage unit stores the unlock signal value, then the gateway storage unit inserts a data path segment into the data path.

Abstract: In an example, there is provided a method for attesting to a management state of a device platform configuration, based on a signed data structure that represents a device management status and a time-based value from a secure cryptoprocessor of the device. The signed data structure is sent to a management system for validation based on a comparison to the state of the cryptoprocessor at the time of signing the data structure.

Abstract: Disclosed is a fifth generation (5G) or pre-5G communication system for supporting data transmission rate higher than that of a fourth generation (4G) communication system such as long term evolution (LTE). The objective of the present disclosure is to detect a mismatch of an encryption parameter in a wireless communication system, and an operating method of a reception end includes the steps of: receiving, from a transmission end, a packet including information related to a serial number of the packet and an encryption parameter determined on the basis of the serial number; determining whether the encryption parameter determined by the reception end is mismatched, on the basis of the information related to the serial number and the encryption parameter.

Abstract: A method and apparatus that provides for marketing and selling of goods by a computer application that interconnects with a media source that displays the goods.

Abstract: A method for initiating a secure session using a smartphone as a physical token to provide strong authentication. The phone is used through a public and independent real-time notification service. The notifications are exchanged in an encrypted manner so that their content is only accessible to the mobile phone and the authentication server.

Abstract: An interaction security system for user verification utilizes co-location in order to more accurately identify a user location. The system identifies a user computer system location based a location determination component for the user computer systems. Moreover, the system identifies a resource accessory location of a resource accessory. The resource accessory location may be determined in a number of different ways, including, but not limited to, a location determination component of the resource accessory. The system may utilize a time requirement and/or a geo-location requirement in order to maintain verification of the user for a period of time and/or within a specific location. Moreover, the system may require the user to take an action with respect to the resource accessory before verifying the user location for an interaction.

Abstract: Methods and devices are disclosed. A method, performed in a user application, of creating a trusted bond between a hearing device and the user application is disclosed, wherein the method comprises obtaining first authentication material; transmitting a first authentication request comprising a first authentication type identifier and first authentication data to the hearing device; receiving an authentication response comprising an authentication key identifier; storing an authentication key and the authentication key identifier, wherein the authentication key is based on the first authentication material; and connecting the user application to the hearing device using the authentication key and the authentication key identifier.

Abstract: A primary input value is received from a first user on a first peer device. A symmetric user encryption key UK1 is generated for the first user from the primary input value on the first peer device. One or more random numbers are requested and received from a random number generator server. A user asymmetric encryption key pair that includes a public key PuK1 and a private key PrK1 is generated for the first user from the one or more random numbers on the first peer device. The public key PuK1 is stored in a non-volatile memory on a public-key server. The private key PrK1 is encrypted using the symmetric user encryption key UK1 using a symmetric encryption algorithm on the first peer device, producing an encrypted private key ePrK1=ESUK1(PrK1). The private key ePrK1 is stored in non-volatile memory on a data persistence server.

Abstract: A model training method includes: acquiring a plurality of user data pairs, wherein data fields of two sets of user data in each user data pair have an identical part; acquiring a user similarity corresponding to each user data pair, wherein the user similarity is a similarity between users corresponding to the two sets of user data in each user data pair; determining, according to the user similarity corresponding to each user data pair and the plurality of user data pairs, sample data for training a preset classification model; and training the classification model based on the sample data to obtain a similarity classification model.

Abstract: A method to authenticate a first computer system over a network to a second computer system is disclosed. A login user interface (UI) is presented to a user of the first computer system while disconnected from the second computer system. The login UI presents at least one input field to receive login input from the user and a security indicator that has been previously selected by the user and that is local to the first computer system. Login input is selectively received from the user based on a determination that the user recognizes the security indicator as having been previously selected by the user. A connection is established between the first computer system and the second computer system over the network. The received user input is transmitted using the established connection to the second computer system for authentication of the first computer system.

Abstract: Embodiments provide a computer implemented method in a data processing comprising a processor and a memory including instructions, which are executed by the processor to cause the processor to implement the method of terminating a connection between a database server and a database client through an enforcement point, the method including: continuously monitoring, by the enforcement point, information related to a connection to a database, and parsing one or more queries; continuously comparing, by the enforcement point, the information with a predefined plurality of rules, and checking whether there is a rule violation; if there is a rule violation, assembling, by the enforcement point, a termination packet including an error message indicative of the rule violation; sending, by the enforcement point, the termination packet to the database client; and terminating, by the enforcement point, a connection between the enforcement point and the database client.

Abstract: A method of authenticating a user includes obtaining a user authentication request for access to at least one application executed on an electronic device, identifying an actor and a task for authentication based on one or more context parameters associated with at least one of the electronic device or a user, providing a live challenge generated based on the identification, and identifying whether to access the at least one application based on whether the provided live challenge has been successfully performed.