Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, that protect analytics for resources of a publisher from traffic directed to such resources by malicious entities. An analytics server receives a first message that includes an encrypted token and analytics data for a publisher-provided resource. The token includes a portion of the analytics data and a trust score indicating a likelihood that activity on the resource is attributed to a human (rather than an automated process). The analytics server decrypts the token. The analytics server determines a trustworthiness measure for the analytics data included in the first message based on the trust score (in the decrypted token) and a comparison of the analytics data in the first message and the portion of the analytics data (in the decrypted token). Based on the measure of trustworthiness, the analytics server performs analytics operations using the analytics data.

Methods, apparatus, systems and articles of manufacture manage credentials in hyper-converged infrastructures are disclosed. An example method includes establishing, by executing an instruction with at least one processor, a communication between a software defined data center manager of the hyper-converged infrastructure and a component of the hyper-converged infrastructure using first credentials included in a known hosts file. The example method also includes generating, by executing an instruction with the at least one processor, second credentials at the component in response to a power-on event detected by the software defined data center manager. The example method also includes recording, by executing an instruction with the at least one processor, the second credentials at the known host file.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for proximity-based logical access. In some implementations, a method includes receiving, by a mobile electronic device, a request from a server system to approve a session for a logical resource accessed by a second electronic device. In response to receiving the request, the mobile electronic device, initiates communication over a wireless communication link using a radio of the mobile electronic device. The mobile electronic device receives data from the second electronic device over the wireless communication link, the received data from the second electronic device indicating a session identifier. After receiving the data from the second electronic device, the mobile electronic device provides a response to the server system that indicates approval of the session and indicates the session identifier.

Some embodiments provide a method for an electronic device. The method receives, through a communication address, an invitation to access a shared data asset via a cloud services platform. When the communication address is not associated with any account on the cloud services platform, the method identifies whether the device is associated with a cloud services account. When the device is associated with a cloud services account, the method prompts for input of a password for the cloud services account in order for the communication address to be associated with the cloud services account and for access to be enabled to the shared data asset.

The present application discloses a data exchange system, method, and device. The system comprises a first server configured to acquire a to-be-exchanged data identifier based on requirement information; store the to-be-exchanged data identifier: acquire a storage address of the to-be-exchanged data identifier; and encrypt the storage address of the to-be-exchanged data identifier to generate a first encrypted storage address; server; decrypt the first encrypted storage address to acquire the storage address of the to-be-exchanged data identifier; acquire the to-be-exchanged data identifier based on the storage address of the to-be-exchanged data identifier; and find to-be-exchanged data indicated by the to-be-exchanged data identifier from a pre-stored data set based on the to-be-exchanged data identifier, such that the first server acquires the to-be-exchanged data from the second server, the data set including data and a data identifier.

Method and system for training a neural network. The neural network is split into first and second portions. A k-layer first portion is sent to a client training/inference engine and the second portion is retained by a server training/inference engine. At the splitting point, the kth layer is a one-way function in output computation has a number of nodes that are less than any other layer of the first portion. The client training/inference engine trains the first portion with input data in a set of training data. The server training/inference engine receives a batch of outputs from the client training and applies them to the second portion to train the entire neural network.

A system and method of provisioning personalization data of a second type to a device having personalization data of a first type, the device having a global root key GK_0, and a secure processing environment having unique information is disclosed. In one embodiment, the method comprises accepting a provisioning request from the device, the provisioning request comprising the unique information and an identifier of a second type of provisioning data requested, converting the personalization data from the first type to the second type, and transmitting the converted personalization data to the device.

A method for handling biometric templates is disclosed for an authenticating device applying biometric authentication. The method comprises acquiring a set of biometric data associated with a prospect user, and acquiring a decryption key (associated with an encrypted biometric template associated with an enrolled user of the authenticating device) from a key carrying device external to the authenticating device responsive to the key carrying device being in a vicinity of the authenticating device. The method also comprises retrieving, from a storage medium, at least a part of the encrypted biometric template associated with the enrolled user, decrypting the retrieved part of the biometric template using the acquired decryption key and performing an attempt to authenticate the prospect user as the enrolled user based on a comparison between the acquired set of biometric data and the decrypted part of the biometric template.

Embodiments of the disclosure provide a private key generation method and a device. The method includes: receiving, by a first terminal from a second terminal, a first half session key parameter corresponding to the second terminal and an identifier of the second terminal; sending, by the first terminal, the first half session key parameter corresponding to the second terminal and the identifier of the second terminal to an IKMS entity; sending, by the first terminal to the second terminal, the second half session key parameter corresponding to the second terminal and the encrypted private key corresponding to the second terminal that are sent by the IKMS entity, where the second half session key parameter corresponding to the second terminal is used to decrypt the encrypted private key corresponding to the second terminal. This can prevent a private key from being stolen, and prevent communication information between groups from being stolen.

To allow secure communications between a video capturing device and mobile devices, an association process includes providing a unique pattern, such as a QR code, to the mobile device in proximity to the video capturing device. The unique pattern is used by the mobile device to request pairing with the client device, either directly or via a cloud-based system. The QR code includes an identifier or shared secret that allows the client device to verify the pairing request originates from the mobile device in close proximity. The association process may also involve cryptographic keys to further secure communications and may also involve a process to retrieve a mobile app without additional user intervention. Once the devices are associated, they can communicate directly using wireless communications, such as cellular or WiFi, and transfer video data and other data automatically.