Abstract: A method and an apparatus for privacy protection biometric authentication and an electronic device. The method comprises the following steps: constructing a corresponding a biological data template according to a biological information data set input by a user when registering; generating a pair of public key and private key by asymmetric cryptography technology; generating encrypted biological data by a secret sharing solution and OKVS technology according to the biological data template and the private key; sending the public key and the encrypted biological data to a server; recovering the private key by OKVS technology according to the biological data input by the user during authentication and the encrypted biological data; constructing a signature according to the recovered private key and the corresponding public key; sending the signature to the server, so that the server verifies the user according to the public key and the signature.

Abstract: An electronic device may obtain a security rule for supporting split tunneling, check a condition for executing a first operation related to bypassing the VPN tunnel by comparing a first value to information based on a first offset in a first element of the packet based on the security rule, check a condition for performing a second operation related to bypassing the VPN tunnel by comparing a second value to information based on a second offset in a second element of the packet when the condition for executing the first operation is satisfied and the first operation instructs that the second element of the packet be inspected, encapsulate the packet while not including the packet in the VPN tunnel and transmit the encapsulated packet to a packet forwarding server, and include the packet in the VPN tunnel and transmit the packet to the packet forwarding server.

Abstract: The present disclosure involves systems, software, and computer implemented methods for automatically controlling access and limiting functionality of a computer workstation based on which user is currently logged in. In some implementations, an overwatch application is installed on the workstations to be controlled and monitored. If an authorized, but limited, user logs in, the overwatch application can initiate a lockdown process on the workstation. In some instances, the lockdown process is managed by a dedicated lockdown application, which is initiated or notified from the overwatch application, and which can initiate a lockdown of particular applications, functionality, and allowed interactions on the workstation until the limited user has completed their task and a new user logs in.

Abstract: Presented herein are systems and methods for enabling a secure browsing session. Embodiments may include a computing device that executes software routines to receive a first indication to enter a secure browsing mode of a session; present data associated with a user for display on the display of the electronic device; cause the display to obscure one or more personally identifiable information of the data on the display of the electronic device; receive a second indication to reveal the one or more personally identifiable information; present the one or more personally identifiable information for display on the display of the electronic device.

Abstract: A system described herein may provide a technique for using modeling techniques to identify events, trends, etc. in a set of data, such as streaming video or audio content. The system may perform lightweight pre-processing operations on a different set of data, such as object position data, to identify timeframes at which an event may potentially have occurred, and the modeling techniques may be performed at portions of the streaming content that correspond to such timeframes. The system may forgo performing such modeling techniques at other portions of the streaming content, thus conserving processing resources.

Abstract: Certain aspects of the present disclosure provide techniques and systems for screening chat attachments. A chat attachment screening system monitors a chat window of a first computing device associated with a first user during an interaction session between the first user and a second user. An upload of an attachment is detected based on the monitoring. Access to the attachment from a second computing device associated with the second user is blocked, in response to detecting the upload. Content from the attachment is identified and extracted. A type of the attachment is determined based on the content. A determination is made as to whether the second user is authorized to access the type of the attachment. An indication of the determination is presented on at least one of the first computing device or the second computing device during the interaction session.

Abstract: A method, at a terminal in a digital communications network, comprising: establishing direct or indirect communication access and linkage between the user-operated terminal and at least one remote computer(s) on which are stored, or by which access is available to prevent legible display of, stored user account object data; displaying indicia, or broadcasting data, representative of or indicating one or more predetermined criteria for selecting a subset of the stored user account object data; collecting data, representative of, or indicating, only the subset of the stored user account object data; and transmitting instructions to prevent legible display of the subset of the stored user account object data, according to the collected data representative of, or indicating, the one or more predetermined criteria for selecting the subset of the stored user account object data, from the terminal to the at least one remote computer(s). A terminal, system, and computer readable medium are also disclosed.

Abstract: A computer system includes memory hardware configured to store computer-executable instructions and processor hardware configured to execute instructions. The instructions include receiving, from a user device, a user verification request. The user verification request includes user identity credentials, a login context describing a login event, and a request for access to a computer system object. The instructions include determining whether the user identity credentials are verified. The instructions include, in response to determining that the user identity credentials are verified, requesting a user token based on the user identity credentials and the login context. The user token specifies entitlements associated with the user identity credentials. The instructions include determining whether the user token specifies entitlements sufficient to access the computer system object.

Abstract: Methods, systems, devices, and apparatuses for passkey authentication at an identity management platform are described. In accordance with the described techniques, an administrator of the identity management platform may enable passkey authentication for clients of the identity management platform. Once the passkey authentication is enabled, the identity management platform may display a passkey login option to users associated with the clients of the identity management platform. If a user associated with a client of the identity management platform selects the passkey login option, a device associated with the user may generate a passkey that includes a private key and a public key. The device may store the private key and transmit an indication of the public key to the identity management platform. The identity management platform may use the public key to verify the identity of the user in subsequent login attempts.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: In some examples, a system receives vehicle-associated information from a data source associated with a vehicle, and restricts access to the vehicle-associated information based on at least one privacy criterion selected from among a machine learning use criterion relating to use of the vehicle-associated information by a machine learning model, a vehicle motion criterion relating to a movement status of the vehicle, or a person identity criterion relating to an identity of a person in the vehicle.

Abstract: The present disclosure relates generally to data access control solutions. In particular, techniques are provided to implement a secure and distributed file storage scheme and in particular, a managed access system using a blockchain. In some aspects, a process of the disclosed technology includes operations for associating a first key share with a first copy of a file, wherein the first copy of the file is stored by a first party, associating a second key share with a second copy of the file, and recording versioning information corresponding with the file on a distributed ledger accessible by the first party and the second party. In some aspects, the process can further include operations for managing access to the file using the first key share and the second key share. Systems and machine-readable media are also provided.

Abstract: A provenance information based trust evaluation method of a trust evaluation apparatus for selecting a cooperation object of a self-adaptive system includes transmitting a cooperation request signal to a communicable neighbor, receiving a response including provenance information from the neighbor, evaluating a final trust based on the provenance information included in the response of each cooperation candidate object by considering a neighbor which transmits the response as a cooperation candidate object, and selecting a cooperation object based on the final trust of each of the cooperation candidate object, and the final trust is calculated based on a provenance trust of each of the cooperation candidate objects and the influence of the cooperation pattern.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that provide for an improved, more efficient, and more stable system of networked computing devices. The embodiments disclose an apparatus and system that enable client devices to selectively grant to third party applications permissions to access group-based communication objects of a group-based communication system. The apparatus and system further enable client devices to selectively grant to third party applications permissions to take specific actions with regards to the group-based communication objects within the system. To accomplish the improvements, the disclosed systems, apparatuses, and computing devices maintain a record of the permissions granted to third party applications in a permissions table stored in a computer storage device.

Abstract: An autonomous compute storage device system includes an autonomous compute storage device signature/application provisioning system coupled to a storage device. The storage device retrieves an autonomous compute signature from the autonomous compute storage device signature/application provisioning system and, as part of a storage operation being performed in a storage subsystem in the storage device, stores data in a memory subsystem that is accessible to the storage device. If the storage device determines that the autonomous compute signature matches the data that was stored in the memory subsystem, it retrieves an autonomous compute application from the autonomous compute storage device signature/application provisioning system, and executes the autonomous compute application to perform compute operations that are associated with the data that was stored in the memory subsystem and generate at least one compute operation result.

Abstract: Structured access to volunteered private data disclosed. Access can be based on security and privacy constraint information (SPCI) that can be selected by the party volunteering the private data. The volunteered data can be stored in a protected portion of a public network. The SPCI can be correlated to the volunteered data. In response to receiving a request for access to the volunteered data, an attribute of the request can be determined to satisfy one or more rules related to the SPCI prior to facilitating access to a version of a portion of the volunteered data. The version of the portion of the volunteered data can be a redaction of the portion of the volunteered data. The version of the portion of the volunteered data can be aggregated with other portions of other volunteered data determined to satisfy corresponding SPCI related rules.

Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.

Abstract: An illustrative method includes an access control list (ACL) management system generating an ACL file containing an ACL that describes one or more access permissions in a file system, storing the ACL file within an ACL directory structure, the ACL file uniquely representing the ACL in the ACL directory structure, generating an ACL identifier for the ACL file, and mapping, using the ACL identifier, the ACL file to one or more data files in the file system to apply the ACL in the ACL file to the one or more data files.

Abstract: The disclosure relates to methods and systems of providing secure remote health data routing for diagnostics, treatment, monitoring, and/or other health data. The system may use an anonymized identification (ID) token that may protect privacy and ensure security. The ID token may be attached with additional data such as electronic medical record (EMR) data. As such, the system may digitize and securely transmit EMR data to appropriate constituents. The system may apply routing rules and routing tables to identify the appropriate constituents. The system may also route the EMR data for storage at a user's personal device, which may include a chip card or a user device. As such, the user's personal device may store an EMR based on the EMR data, including proof of health, such as vaccination, and other health data relating to the user.

Abstract: An autonomous compute storage device system includes a computing device and a storage device that is coupled to the computing device. The storage device identifies a storage operation for a storage subsystem that is included in the storage device and, in response, performs the storage operation and stores data in a memory subsystem that is accessible to the storage device as part of the performance of the storage operation. If the storage device determines that an autonomous compute signature matches the data that was stored in the memory subsystem, it executes an autonomous compute application to perform compute operations that are associated with the data that was stored in the memory subsystem and generate at least one compute operation result.

Abstract: A system for data encryption includes any or all of: a set of items, a set of keys, and a server. A method for data encryption includes any or all of: encrypting items, sharing items, and reading items. The method can optionally additionally or alternatively include any or all of: performing a registration process, creating items, restricting access of users and/or supplementary systems to items, and/or any other suitable processes.

Abstract: Systems, apparatuses, and methods for managing privacy of data are provided. The method includes providing at least one database containing user data, at least one processor in communication with the at least one database, a memory device including readable instructions, and at least one user device in communication with the at least one processor via a network connection; receiving at least one preference related to the user data; storing the at least one preference in the at least one database; and using the at least one preference to selectively control at least one non-verbal interaction with the at least one user device.

Abstract: Systems and methods are described for managing personal data on a client computer, in which personal data associated with the client computer is identified by a policy management module. An analysis may be performed for the client computer by a server using fake personal data. To identify applications which may attempt to access the personal data, the fake personal data is tracked for access on the client computer. A policy is then created that disallows access of the personal data by any applications identified by the analysis of the client computer as accessing the fake personal data. The policy is then assigned to the client computer.

Abstract: The described financial institution computing system provides services to customers through an application programming interface (“API”). The services include user identification services to customers. The user identification services allow the customers to verify the identity of users as non-fraudulent users. Further the user identification services allow the financial institution to provide known user information to the customers for purposes of prepopulating registration forms, completing transactions, and the like. Further services, such as user account validation services, payment services, and the like are also possible through the financial institution APIs. In some situations, users are registered with the financial institution. For example, a user may also be an account holder with the financial institution. In other situations, the users are not registered with the financial institution.

Abstract: Aspects of the disclosure relate to information masking. A user device may receive a request to access information that includes personal identifiable information (PII) and retrieve source data comprising the PII. The user device may mask, within the source data and based on a data management policy, the PII, resulting in masked information. The user device may display the masked information. The user device may receive a request to unmask the masked information and unmask the PII, resulting in unmasked PII. The user device may display the unmasked PII and send unmasking event information to a PII footprint modeling platform, which may cause the PIT footprint modeling platform to: log the request to unmask the masked information in an unmasking event log, 2) apply a machine learning model to the unmasking event log to identify malicious events, and 3) trigger remediation actions based on identification of the malicious events.

Abstract: The present disclosure relates to systems, methods, and non-transitory computer-readable media that dynamically capture, organize, and utilize digital media clips. For example, in one or more implementations, the disclosed systems can capture and generate digital media clips of content items that include both content metadata of the content items as well as contextual metadata of contextual signals surrounding the content item. Additionally, in some implementations, the disclosed systems analyze contextual metadata to search, retrieve, discover, and organize new and existing digital media clips. Further, in various implementations, the disclosed systems facilitate generating digital media clip libraries as well as the creation of digital media collections, where different types of digital media clips can be combined in a cohesive interactive graphical user interface.

Abstract: One example method includes receiving, by a client computing device, a request to open a superfile stored in a memory device at the client computing device, the superfile comprising encrypted content, the request comprising user credential information; in response to receiving the request to open the superfile, communicating, by the client computing device, a request to a remote server to access the superfile, the request including a credential associated with the user account; receiving, from the remote server, cryptographic information; decrypting, using the cryptographic information, the encrypted content; accessing and presenting the decrypted content; and maintaining communications with the remote server while the decrypted content is accessed.

Abstract: Systems, methods, and corresponding non-transitory computer readable media describe a proposed system adapted as a platform governing the loading of data in a multiparty secure computing environment. In the multiparty secure computing environment described herein, multiple parties are able to load their secure information into a data warehouse having specific secure processing adaptations that limit both access and interactions with data stored thereon.

Abstract: Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.

Abstract: Techniques for managing an application token may include providing, by a first service provider application on a communication device to a first service provider computer, a first request for a first application token, receiving, by an account management application on the communication device from a token service computer in communication with the first service provider computer, the first application token, and storing the first application token in a token container in the account management application.

Abstract: Arrangements for providing multi-party exchange functions are provided. In some aspects, a request for exchange may be received by a computing platform. The request for exchange may include identification of parties involved in the exchange, identification of goods, services, property, or the like, involved in the exchange, and the like. In some examples, the computing platform may determine a value of property, goods, or services associated with the exchange. The computing platform may request additional exchange data from one or more other parties. For instance, data associated with the exchange and another party to the exchange may be requested and received. In some examples, unique exchange identifiers may be generated linking each party to the exchange to the goods, services or property being exchange, a value, or the like. An indication of acceptance may be received and one or more exchange processing functions may be executed.

Abstract: Database query processing may be scaled using additional processing clusters. A database query is received at a processing cluster. A determination is made as to whether additional processing clusters will be used to process the database query. Operations to cause compute nodes of the processing cluster to instruct operations at the additional processing clusters are included in a plan generated to perform database queries determined to use additional processing clusters. The plan is executed to be perform the database query causing compute nodes of the processing cluster to send instructions to corresponding additional processing clusters in order to generate and return a response to the database query.

Abstract: In a privacy information generation method, a terminal device displays on a display an interactive element of a privacy settings page for a target application. The terminal device responds to a first gesture operation performed by a user on the interactive element of the privacy settings page, and determines a privacy precision for the target application according to the first gesture operation. The terminal device then generates privacy information based on the privacy precision for the target application when the target application requests the privacy information from the terminal device.

Abstract: The disclosure relates to the multi-party biometric authentication of primary and secondary parties for conducting party relationships.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. Restrictions on how user data is used by devices, applications, and third-party systems can be imposed via a central portal.

Abstract: The present disclosure relates to a method for providing a service for security of a web-browser-based content which increases security of an original content by inserting garbage characters into a text constituting an HTML-based original content, which can be opened through a web browser, to secure the original content, and by enabling only authenticated functions to be executed when calling functions for removing the garbage characters and performing functions related to the original content. The present disclosure, without installing a specific program linked to the web browser, can easily prevent a user who does not have the right to open an original content on a web browser from abnormally accessing the original content by constructing a certain function which is not authenticated. Thereby a copyrighted product infringement for a web browser-based original content can be prevented.

Abstract: A method of configuring a controller 14 for controlling access to a memory 12 is provided. The controller 14 has a display 18 configured to selectively display a plurality of different input screens, wherein each input screen has a unique code associated therewith and the input screens are for receiving user credentials from a user.

Abstract: The present disclosure provides a communication method comprising registering a public key for a vehicle, generating a pseudonym ID, transmitting the pseudonym ID, verifying whether the vehicle is registered, and storing a first transaction. Registration of the public key for the vehicle comprises receiving a service with a service provider. The pseudonym ID is generated based on the public key. The pseudonym ID and vehicle data are transmitted to a road side unit. Verification as to whether the vehicle is registered with the service provider is performed based on the transmitted pseudonym ID. A transaction including the pseudonym ID and the vehicle data is then stored in a database of the service provider according to a result of the verification.

Abstract: A method of operating a vehicle to anything, V2X, application enabler, VAE, server is provided according to some embodiments disclosed herein. The method includes receiving a registration request message from a V2X application specific server. The method further includes transmitting a registration response message to the V2X application specific server responsive to receiving the registration request message.

Abstract: Techniques and apparatus for providing peer-based management of user accounts are described. In one embodiment, for example, an apparatus may include at least one memory and logic coupled to the at least one memory. The logic may be configured to receive a request from at least one first user account to unlock a second user account locked responsive to a fraud event, determine a safe authentication value for the fraud event, and unlock the second user account responsive to the at least one first user account being a safe authentication account and the safe authentication value being over a safe authentication threshold value. Other embodiments are described.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates authorization request data indicative of multiple devices to be authorized, and stores the authorization request data on non-volatile configuration memory of the data storage device. Upon approval of the authorization request data by a manager device that is registered with the access controller as a manager device, the access controller locates the authorization request data of one of the multiple devices to be authorized and registers the one of the multiple devices to be authorized as an authorized device.

Abstract: A system, process, and computer-readable medium for securely transferring user personal identification information (PII) across platforms, based on specific permissions, are described. One or more aspects provide greater control, to a user, of when that user's PII may be released from a secure storage in a first platform and securely provided to a second platform. The timing of those releases of the PII may be controlled by specific authorizations from the user via one or more processes. Also, in addition to improving the security associated with the PII transferred between platforms, one or more aspects improve users' experiences by permitting controlled reuse of users' PII to simplify how users provide their PII to separate processes being performed on separate platforms.

Abstract: Methods, apparatuses, and computer-program products are disclosed. The method may include deploying a runtime agent onto a private compute architecture for running one or more federated application programming interfaces (APIs) on the private compute architecture. The method may include receiving, via a user interface of a federation management service, user input to manage an operation of the one or more federated APIs, where the federation management service is hosted on public cloud-based resources. The method may include communicating, based on the user input, control signaling between the runtime agent and a runtime manager that is hosted on a control plane of the federation management service in the public cloud-based resources.

Abstract: Disclosed are systems and methods for secure selection of a user profile in a shared context. For example, a method may include: determining, by one or more processors, an association between a user device and a shared user profile; determining, by the one or more processors, that the user device is within a predetermined proximity of a multiuser device; determining, by the one or more processors, the shared user profile associated with the user device as a result of determining that the user device is within the predetermined proximity of the multiuser device; receiving, by the one or more processors, biometric verification from the first user; and activating, by the one or more processors, the first specific user profile associated with the first user on the multiuser device as a result of determining that the first user has successfully provided biometric verification.

Abstract: According to the present invention, the convenience of a utilization management technology for a usage target object is enhanced and the security risk is reduced. This utilization control device (1) is capable of communicating only in a near field communication (63) and stores a first public key that is paired with a first secret key stored in a management device (2). When hole data is received with a first signature from a provider terminal (3), the first signature is verified by means of the first key, and when the signature verification is established, the hole data is set to an own device (1). The hole data includes a second public key that is paired with a second secret key stored in the management device (2). When a utilization permit card is received with a second signature from a user terminal (4), the second signature is verified with the second public key, and when the signature verification is validated, transaction information included in the utilization permit card is acquired.

Abstract: The present disclosure describes an architecture and design of Unauthorized-Blocking-Role (UAB). UAB is a mechanism which prevents higher privileged users of cloud-hosted software from performing unauthorized activities on protected objects, such as management objects. UAB works by periodically monitoring the permissions of customer users on key management objects in an object hierarchy in management software. If a customer user is detected to have privileges higher than the user should have on those objects, UAB applies restrictive role-based access controls (RBACs) on the user. Similarly, UAB also monitors protected principals and protected roles to ensure that their privileges are not modified by a customer user.

Abstract: Systems and methods for automated visual trigger profiling and detection within virtual environments are provided. A visual trigger profile may be stored in memory that includes a set of visual trigger characteristics associated with a type of visual sensitivity. Buffered frames of an audiovisual stream that have not yet been displayed may be monitored to identify when a buffered frame includes a threshold level of the visual trigger characteristics associated with the visual sensitivity. A frame modification that decreases the level of the detected visual trigger characteristics associated with the visual sensitivity may be identified and applied to the identified frames. The modified frames may thereafter be presented during the audiovisual stream in place of the original (unmodified) identified frames.

Abstract: Access control management to shared resources in a common resource directory between different users of cloud data centers can be implemented as computer-readable methods, media and systems. A resource managing service receives a request to access resources of a resource directory managed by the resource managing service. The request includes a token for identity authentication. The resource managing service determined a container membership associated with the token, where the container membership is associated with a container from a set of containers for the resource directory. The container includes one or more resources in a tree data structure of the resource directory. The resource managing service filters access rights defined in authorization primitives associated with the container membership based on container policy rules for the set of containers in the resource directory. The resource managing service provides access to a set of resources from the resource directory.

Abstract: Example embodiments of systems and methods for application verification are provided. An application may generate a cryptographic key, and encrypt the cryptographic key with a predefined public key. A server, in data communication with the application, may include a predefined private key. The application may transmit the cryptographic key to the server. The server may receive, from the application, the cryptographic key; decrypt the cryptographic key using the predefined private key; encrypt an authorization token using the decrypted key; and transmit, to the client application, the authorization token via an out-of-band channel. The application may receive, from the server, the authorization token via the out-of-band channel; and decrypt the authorization token to obtain access to one or more services associated with the server.

Abstract: Examples of the disclosure enable a user to be authenticated and/or a financial transaction to be authorized. In some examples, one or more identifiers associated with one or more detected devices in an area proximate to the detection device are received. It is determined whether at least one identifier of the one or more identifiers corresponds with one or more target identifiers, and whether a device presence of at least one device associated with the at least one identifier satisfies a predetermined threshold. The user is authenticated upon determining that the device presence satisfies the predetermined threshold. Aspects of the disclosure provide for a processing system to authenticate a user and/or authorize a financial transaction in an environment including a plurality of devices.