Abstract: There is a verification application arranged to interact with other applications on an electronic device, the electronic device having a processor, a memory and an operating system controlling operation of the verification application and the other applications on the processor using arbitrary memory locations, where the other applications are enabled to call the verification application to securely determine authenticity of a user of the electronic device. The verification application is arranged to receive verification data for secure determination of authenticity of the user; and provide, upon a call from any of the other applications and a match between the verification data and a verification reference, a trust token to the calling application. A method, electronic device and computer program are also disclosed.

Abstract: Described herein are technologies directed to multipart upload. A cluster coherent unique identifier for a multipart upload can be generated by creating a leaf in a B-tree. The leaf in the B-tree can comprise a key, and the key can comprise an upload identifier and a group identifier associated with a group of multipart uploads. A parts directory can be created for the multipart upload, wherein elements of the parts directory can be identified using the group identifier and the upload identifier. Upload parts can be transmitted from a client device to a server device, and stored in the parts directory. To complete the multipart upload, the upload parts can be concatenated and stored at a target location.

Abstract: A system for validating a write command to a device in a process control system using biometric credentials and relationship attributes. A two user validation process may use biometric inputs of the two users to authenticate the two users and to query for associated profiles to determine whether the two users have a relationship required to release an intercepted write command to the device.

Abstract: A system for real time federation of file permissions for digital content protection is described. The system automatically protects the files as the files leave application boundaries and then ensures that the files can only be used as per the permissions defined on those files while they were inside the application. The system also provides real time federation of policies with the application that generated the file and automatic protection of files as the files leave the application boundary. The system thus creates a single integral platform that is easy to access as well as reliable, and provides ease-of-use, advanced technology, and connectivity that delivers automated file protection.

Abstract: Systems and methods for managing media, such as digital content, using block chain technology are described. In some embodiments, the systems and methods perform multiple digital currency transfers between address nodes to register a collection of rights to a digital content item to a block chain, and perform a digital currency transfer transaction between address nodes to register the collection of rights to the block chain.

Abstract: The method includes receiving a challenge request sent by a first service trusted server and obtaining to-be-verified information of the first service trusted server in the challenge request; sending a verification request to a trusted remote proving server, wherein the verification request includes the to-be-verified information of the first service trusted server; and obtaining a verification response returned by the trusted remote proving server.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing network traffic to automatically recognize anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic, and to identify topics relevant to a user of a particular network device so that communications to such a user are more likely to relate to a topic of interest to the user.

Abstract: Techniques are shown for enabling a network system to index data stored on a third-party server to allow the data stored on the third-party server to be searchable by searching functionality of the network system.

Abstract: Systems are disclosed for embedding group-based communication system content into an integrated application. A request for interactive embeddable content includes a unique identifier and an authentication token associated with a user of an integrated application. If the authentication token is valid, authorization information is provided to the integrated application. An interaction with the embeddable content is received from the user, and the group-based communication system is updated based on the interaction.

Abstract: A Trustonic DRM Plug-in is provided that can be downloaded and operate in conjunction with an Android framework. The solution also includes a PVP with the downloadable DRM. The system includes components that can be added by Trustonic based on the Android 4.3 Framework in addition to current t-base 300 that can be used by any DRM vendor. The system enables the DRM to be downloaded in the field since all DRMs could use the standard API services of the Android 4.3 OS. With a codec component employed like H.264 or HEVC that can use the PVP with the downloaded DRM component, the Android video player can use the component to satisfy HD content security requirements.

Abstract: A security system that monitors requests to a protected resource is configured to determine that a syntactically-invalid language statement in a request is one that should be treated as a “security high risk” statement (SHRS) because it has a probability of containing sensitive data. A machine language that defines the structure and syntax of the language statements used by a client-server application may have multiple SHRSs. SHRSs are identified in advance by syntactical analysis of the language statements that comprise the machine language. The security system stores (or can otherwise obtain) a representation of each of the set of these high risk statements. In response to detecting that a request has a syntactically-invalid language statement, the system determines whether the invalid language statement has a measure of similarity sufficiently close to any of statement in the SHRS set. Upon a positive determination, an appropriate security action is taken to ensure sensitive data is not exposed.

Abstract: A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.

Abstract: A system including at least one computer and code executable thereby for implementing a mechanism for monitoring performances of applications of an application chain. The system includes an arrangement forming a measuring repository on the one hand for measuring levels of use of resources of applications during periods of degradation of performances of the applications, and by application and by period of the application chain, in a memory storing these levels of use. The arrangement is further operable to: establish a repository of use data by defining and storing in at least one memory, by resource and by application, thresholds of acceptable performance of the level of use of the measuring repository; constitute a categorization module of performance problems as a function of measuring and use repositories; and implement an alert mechanism when the monitoring mechanism detects a performance problem of the applications or when the problem is resolved.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: In one embodiment, a client device accesses an online application via a browser executed by the client device. The client device makes an assessment as to whether the online application uses Hypertext Transfer Protocol (HTTP) security headers that satisfy a security header policy. The client device generates scoring for the webpage based on the assessment. The client device presents the generated scoring to a user of the client device.

Abstract: A method may include exchanging a secret symmetric key (SSK) between a first trusted execution environment (TEE) of a first system, a second TEE of a second system and a third TEE of a third system. The method may also include receiving, by the first system, an encrypted first set of data from the second system. The method may also include decrypting, by the first TEE, the encrypted first set of data using the SSK. The method may also include receiving, by the first system, an encrypted query from the third system. The method may also include decrypting, by the first TEE, the encrypted query using the SSK. The method may also include determining, by the first TEE, a query result to the decrypted query using index sets. The method may also include sending, by the first TEE, the encrypted query result to the third system.

Abstract: A method comprises: a first data processing device requesting attestation of a second data processing device; the second data processing device generating a device-specific attestation message in dependence upon a device-specific key, a hardware configuration of the second data processing device and a software configuration of software running on the second data processing device; the second data processing device generating an application-specific attestation message in dependence upon an interaction protocol by which the first data processing device and the second data processing device interact; the second data processing device cryptographically binding the application-specific attestation message to the device-specific attestation message; the first data processing device verifying the application-specific attestation message, the verifying step comprising detecting a trusted status of the application-specific attestation message by verifying the device-specific attestation message cryptographically boun

Abstract: Some embodiments are directed to a hash tree computation device. The hash tree computation device computes a top hash of a hash tree. A hash preimage of a leaf node of the hash tree comprises a type of the leaf node. A hash preimage of an internal node of the hash tree comprises a type count comprising a number of descendants of the internal node having a given type. The hash tree computation device computes the top hash by computing hashes of a current node and of its ancestors, where a hash of an ancestor is computed based on its type count, the type count being computed from types or type counts of its descendants.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing of a Uniform Resource Locator (URL) to identify a plurality of key-value pairs in a query string of the URL. The plurality of key-value pairs may include one or more potential anonymous identifiers. In an example embodiment, a machine learning algorithm is trained on the URL to determine whether the one or more potential anonymous identifiers are actual anonymous identifiers (i.e., advertising identifiers) that provide advertisers a method to identify a user device without using, for example, a permanent device identifier. In this embodiment, a ranking threshold is used to verify the URL. A verified URL associate the one or more potential anonymous identifiers with the user device as actual anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic.

Abstract: Provided are an electronic device for sorting homomorphic ciphertext by using shell sorting and an operating method thereof to sort ciphertext generated by using homomorphic encryption according to a size of an original number corresponding thereto.

Abstract: A method for monitoring a directory environment of a computer network to detect vulnerabilities. The method comprises, at a first computer on the computer network, changing a configuration of the directory environment and, with a replication service, replicating the change at a second computer on the computer network. The method further comprises extracting information relating to the change from the replication service and using the extracted information to detect a vulnerability in the directory environment.

Abstract: Example techniques related to polices for media playback systems. An example implementation involves a computing system receiving data representing a request to play back first audio tracks on one or more first playback devices of a first media playback system. The first media playback system is associated with a first subscriber to a streaming media service and the first media playback system is physically located in a first commercial establishment. The computing system determines that the first subscriber is associated with one or more first subscriber policies of the streaming media service and sends instructions to play back the first audio tracks on the one or more first playback devices according to the one or more first subscriber policies of the streaming media service.

Abstract: A target transaction initiated by a member node device in a blockchain is received, where the target transaction include a reference time parameter, and where the target transaction indicates a transfer of an asset and associated data released by the member node device to the blockchain for transfer to a candidate block. Based on the reference time parameter, a determination is performed as to whether the target transaction is a valid transaction within a transaction validity period. In response to determining that the target transaction is a valid transaction within the transaction validity period, the target transaction is recorded to the candidate block.

Abstract: Some embodiments provide a method for a device having multiple users. The method identifies a process installed on the device that requires an isolated storage in a file system of the device. For each of a set of the users of the electronic device, the method assigns at least one container for use by the process within a user-specific section of the file system. The containers assigned to the process in a section of the file system specific to a particular user are only accessible by the process when the particular user is logged into the device. The method assigns at least one container for use by the process within a non-user-specific section of the file system. The containers assigned to the process within the non-user-specific section of the file system are accessible by the process irrespective of which user is logged into the device.

Abstract: Provided herein are systems and methods for defining and securely sharing objects for use in preventing data breach or exfiltration. Memory may be configured to store a plurality of objects for use in preventing data breach or exfiltration. A validation engine can validate the objects, incorporate into each object an object identifier and a signature, and generate a subset of the objects for use by a first user. The validation engine can store, in the memory, the plurality of objects as a superset of objects corresponding to the generated subset. An evaluation engine may, responsive to identifying that one or more object identifiers and signatures in a received set of objects belong to the subset corresponding to the stored superset, verify whether any object in the received set has been tampered with.

Abstract: A multiuser measurement system is provided. The multiuser measurement system may authenticate a specific user. When the user has been authenticated, user related data may be obtained from a memory. The user related data are stored in the memory in an encrypted manner, and the encrypted data are only decrypted after authenticating the user.

Abstract: Disclosed herein are computer-implemented methods, computer-implemented systems, and non-transitory, computer-readable media for managing transactions on blockchain networks. One of computer-implemented method includes obtaining, by a scheduling device on a blockchain network, transaction data including a plurality of original pending transactions to be executed on the blockchain network among a plurality of accounts, the transaction data being stored on the blockchain network. The scheduling device performs a consolidation analysis of the plurality of original pending transactions to determine a plurality of modified pending transactions among the plurality of accounts, and a number of the plurality of modified pending transactions is less than a number of the plurality of original pending transactions.

Abstract: Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer.

Abstract: Techniques are described for auditing print content during printer redirection in a virtual desktop. The ability to audit redirected print content allows an organization to pre-define certain sensitive data and to track whether print redirection requests in the virtual desktop environment contain any such sensitive data. If such sensitive data is contained in a printer redirection request, a file is generated containing information about the sensitive data, as well as a watermark that encodes information about the printer redirection request, such the user identifier of the user who initiated the print request and a timestamp of when the print request occurred. The generated file is transmitted to one or more registered recipients.

Abstract: Clustering-based machine learning is utilized to generate and update permissions data in a computing system. The computing system logs permissions-related user activity for users of the system over time. Feature vectors are generated for the users based on the logs, where each feature corresponds to a specific permission or permission-related operation of the system. A clustering-based learning algorithm analyzes the feature vectors and generates clusters of similar users based on their feature vectors. The permissions of the users may be updated to reflect attributes of the clusters to which they were assigned. For example, the clusters may be utilized to seed and/or update access control groups or other permissions-related user groups in the system. Or, some or all permissions not used by any users within a cluster over a recent period of time may be automatically removed from any user in the cluster.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: This Application describes devices, and techniques for using them, capable of providing a secure hardware backdoor for digital devices, thus allowing valid access to secure target device data without the owner's consent, while still assuring the owner's knowledge whenever any access has occurred, whether validly or not. Each target device's data is protected by maintaining protected data encrypted on the target device, maintaining encryption keys for protected data in a “secure enclave”, causing the secure enclave to generate secure data in response to a hardware trigger, the secure data being usable to provide access to the device, and providing relatively difficult yet achievable retrieval of the secure data with physical access to the target device, and using the secure data to access protected data on the target device, while also assuring that the target device's owner can determine when the secure data was retrieved.

Abstract: Secure communication in mobile digital pages is provided. The system receives an electronic document and validates the electronic document for storage in a cache server. The system receives a request for the electronic document and provides it to a viewer component on a client computing device. The viewer component loads the electronic document in an iframe. The viewer component executes a runtime component to receive, via a secure communication channel, a tag from the electronic document. The system receives the tag and selects a data value for transmission to the viewer component. The viewer components provides the data value to cause the runtime component to execute an action with the data value.

Abstract: In one embodiment, a method receives a first bundle and a second bundle for a video based on metadata for the video. The method stores the second bundle with a dependency on the first bundle when the second bundle is associated with a first set of control data parameters found in the first bundle that control a first aspect of access to the video. The second bundle is stored with a second set of control data parameters to control a second aspect of access to the video. When the first bundle is selected, the method accesses the first set of control data parameters for the first bundle. When the second bundle is selected, the method accesses the first set of control data parameters in the first bundle via the dependency to the first bundle and the second set of control data parameters for the second bundle.

Abstract: Systems, methods, and apparatuses are described for an intelligent dashboard that allows interested parties to verify and validate relevant information on enterprises and their representatives. A servicing entity may provide an enterprise with a dashboard that includes select fields corresponding to information predicted to be useful to clients of the enterprise based on commercial characteristics of the enterprise and its client base. Fields may be populated with information previously available to the servicing entity, and with supplemental information acquired (manually or automatically) from the enterprise or from third party data sources. The enterprise may impose restrictions on which information is to be available to which clients, and the servicing entity may generate a code for use by clients to access the dashboard or certain information. The dashboard can allow clients to track the location of a representative and help validate the identify of a representative arriving at a client's location.

Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.

Abstract: A certificate obtaining method, an authentication method, and a network device, where a certificate is used for permission authentication when an application APP accesses an application programming interface (API) of a controller. The certificate includes one or more of: (a) information about operation permission of the APP on N application programming interfaces APIs of the controller, (b) identifiers of L APIs that are of the N APIs and that the APP has permission to operate, or (c) identifiers of R APIs that are of the N APIs and that the APP does not have permission to operate.

Abstract: A management apparatus managing access authority of a communication apparatus to access a resource, the management apparatus receives an authorization request for the access authority; transmits an authorization response generated based on information included in the authorization request; receives a verification request from a communication terminal obtained an operation transfer from the communication apparatus; transmits verification data to the communication terminal as a response to the verification request; accepts access by the communication terminal based on the verification data; and determines whether to permit or reject allocation of the access authority to the communication apparatus. In a case where a plurality of the verification requests are received, the verification data enabling collective instruction to allocate the access authority is transmit.

Abstract: Systems and methods are provided for data security grading. An exemplary method for data security grading, implementable by a computer, may comprise receiving a request to access a query data field, searching for the query data field from a security level table, in response to finding the query data field from the security level table, obtaining from the security level table a security level corresponding to the query data field, and in response to not finding the query data field from the security level table, determining a security level corresponding to the query data field based at least on a lineage tree and the security level table. The lineage tree may trace the query data field to one or more source data fields, and the security data level table may comprise one or more security levels corresponding to the one or more source data fields.

Abstract: A method for controlling access to a security module [of a mobile terminal by an application of the mobile terminal is described. The method includes sending by a current application of the mobile terminal a request to access the security module, said access request comprising the current identifier of an applet comprised in the security module. The operating system of the mobile terminal reads a look-up table comprising a set of access control rules, an access control rule comprising the identifier of an applet of the security module associated with a control value for an application of the mobile terminal, said access control rule indicating that said application of the mobile terminal is authorized to communicate with the applet of the security module.

Abstract: Certain aspects of the present disclosure provide techniques for providing a compliance report of data processing to a governing authority. In order to adhere to a regulation of a governing authority, upon receiving the request for a compliance report, a data category and each processing capability category is extracted from a live data catalog service. Based on the extracted categories, a record of data processing is generated for each processing capability category associated with a data category. Further, based on the data category extracted, a compliance report template is retrieved. With the compliance report template and records of data processing, a compliance report is generated and provided to the governing authority.

Abstract: A process for rendering a user interface for launching content for publication using a content management system (CMS), includes: providing, over a network, an editor application associated with the CMS, enabling editing of entities stored in the CMS, the editing includes authoring fields for each entity; providing, over the network, a launch application, wherein execution of the launch application renders the user interface for launching content for publication; receiving selection of a group of entities, via the user interface, the selection is for publishing the group of entities; and generating, responsive to the selection, an API call to the CMS, that triggers initiation of a validation process to validate each entity in the group of entities, wherein the validation process is executed in a draft entity store of the CMS that is created for said validation without requiring separate API calls for validating each entity in the group of entities.

Abstract: Provided are a computer program product, method, and system for determining data to redact in an object. Event messages for objects are received. Each event message includes at least one facet, each facet for an instance of data in an object resulting from deep data inspection of the object that is used to determine whether the instance of data should be redacted. The event messages are added to a message queue. Information is added to a database for each of the event messages include the at least one facet for an object in the event message. The database is queried to determine an object having a facet for an instance of data that indicates the instance of data is to be redacted. The instance of data is redacted in the determined object having the facet that indicates the instance of data is to be redacted data.

Abstract: Systems, computer-implemented methods, and computer program products that can facilitate anonymizing a network based on factors including network attributes, node attributes, and edge attributes describing connections between nodes are described. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise an anonymizing component that can anonymize network information of the network based on a network attribute for a network and a node attribute of a first node of the network, resulting in an anonymized network.

Abstract: Aspects of the subject disclosure may include, for example, authenticating a user device based on communication over a data plane of a network, generating a decryption key, transmitting the decryption key to the user device, and transmitting encrypted content to the user device. The encrypted content may be accessible at the user device via the encryption key, potentially as a function of location and/or time. Other embodiments are disclosed.

Abstract: A system including user device of a preset administrative user, a server, and a smart device. The user device sends a binding request for the smart device to the server, the binding request being used for instructing the server to bind the smart device. The server records an administrative permission for the administrative user to the smart device in the process of binding. When a near-field communication signal from any user is received, the smart device identifies the identity of the user; and when the user is determined as the administrative user, the smart device establishes a near-field communication connection with an electronic device of the user to allow the user to configure the smart device. With the technical solution of the present disclosure, a device may be configured based on software, and accordingly, security dangers of a physical key are eliminated while configuration operations are simplified.

Abstract: A user is provided with a GUI that may allow the user to change functionality associated with a non-battery-powered card, a battery-powered card, a payment sticker, or another device (e.g., a mobile telephonic device). Such functionality may cause a network entity to deliver transaction details to a processing facility. The processing facility may be implemented with processing zones for scrubbing personal information from the transaction details and providing sanitized information to third party applications that may utilize the sanitized information for value. Third-party applications may interact with the processing facility via zone-based APIs to promote third-party software development within the processing facility and to promote third-party communications with the processing facility. Each of the processing zones may enforce security contexts such that processing zones of equal security contexts may communicate with other, while processing zones of unequal security contexts may not.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. Restrictions on how user data is used by devices, applications, and third-party systems can be imposed via a central portal.

Abstract: Provided are a computer program product, method, and system for determining data to redact in an object. Event messages for objects are received. Each event message includes at least one facet, each facet for an instance of data in an object resulting from deep data inspection of the object that is used to determine whether the instance of data should be redacted. The event messages are added to a message queue. A determination is made of an event message in the message queue for an object having a facet for an instance of data that indicates the instance of data is to be redacted. Redaction is performed on the instance of data in the object in the determined event message having the facet indicating the instance of data is to be redacted data.

Abstract: The technology disclosed herein provides a proof-of-work key wrapping system that uses integrated key fragments to cryptographically control access to data. An example method may include encrypting a first cryptographic key to produce a wrapped key, wherein the first cryptographic key enables a computing device to access content; determining a plurality of key fragments of a second cryptographic key, wherein the second cryptographic key is for decrypting the wrapped key and at least one of the plurality of key fragments is derived using one of the key fragments as input; selecting a set of cryptographic attributes for deriving the plurality of key fragments, wherein the set of cryptographic attributes are selected in view of a characteristic of the computing device; and providing the wrapped key and the set of cryptographic attributes to the computing device, the set of cryptographic attributes facilitating determination of the second cryptographic key.