Abstract: A set of distance measurable encrypted feature vectors can be derived from any biometric data and/or physical or logical user behavioral data, and then using an associated deep neural network (“DNN”) on the output (i.e., biometric feature vector and/or behavioral feature vectors, etc.) an authentication system can determine matches or execute searches on encrypted data. Behavioral or biometric encrypted feature vectors can be stored and/or used in conjunction with respective classifications, or in subsequent comparisons without fear of compromising the original data. In various embodiments, the original behavioral and/or biometric data is discarded responsive to generating the encrypted vectors. In another embodiment, distance measurable or homomorphic encryption enables computations and comparisons on cypher-text without decryption of the encrypted feature vectors. Security of such privacy enabled embeddings can be increased by implementing an assurance factor (e.g.

Abstract: An example computing device includes a processor to establish a secure connection with a companion device via a companion service application executable by the processor. The processor is also to receive a local credential and a remote credential from the companion device via the companion service application. The processor is further to monitor an aspect of the computing device via an agent application executable by the processor. In response to detecting a non-compliance event via the agent application, the processor is to transmit a notification to the companion device via the agent application using the local credential, the remote credential, or a combination thereof.

Abstract: The least-privilege permission needed for an identity, such as a user account, application, user group, or process, to access a resource of a tenant of a cloud service is determined from a predicted future resource usage. The predicted future resource usage is based on the resource usage history of an identity, the resource usage history of similar identities and the resource usage history of its peers. Similar identities are determined from node embeddings of a graph that represents the assigned permissions of an identity to a resource and the usage activity at a resource. The permissions needed to perform the predicted future resource usage is compared with the current permission assignments to determine the bare minimum permission that an identity needs for its ongoing and future workflow.

Abstract: Methods, systems, and computer-readable media for processing policy variance requests in an enterprise computing environment are presented. A computing platform may receive, from a first endpoint computing device, a request for a first policy variance. In response to receiving the request, the computing platform may authenticate the first endpoint computing device based on enrollment information and may validate contents of the request. Subsequently, the computing platform may generate a policy variance result message based on approval or rejection of the request for the first policy variance. Then, the computing platform may send, to the first endpoint computing device, the policy variance result message. By sending the policy variance result message to the first endpoint computing device, the computing platform may cause the first endpoint computing device to execute a policy action corresponding to the approval or rejection of the request for the first policy variance.

Abstract: Executing an application within a scope of user-granted permission in a decentralized network that implements a distributed edger. First, receiving a request from an entity for using data stored in a data storage that is associated with a DID owner as one or more inputs of an application associated with the entity to generate one or more results. Next, one or more characteristics of the application associated with the entity is identified. Based on identified one or more characteristics, a scope of permission to access the requested data that is to be granted to the entity is determined. Then, the scope of permission is granted to the entity to use the data as the one or more inputs of the application associated with the entity. Finally, the one or more results from the application is received.

Abstract: A method for securing transmission of digital data in a communication network comprising a central station or a terminal and at least one device monitored by the central station via the communication network. The at least one device is configured to produce and to transmit a digital data stream to the central station or terminal. The at least one device further comprises a secure non-volatile memory for storing at least device specific information. The at least one device forms a data block based on at least the device specific information stored in the secure memory. The data block thus formed may compose additional data to be merged with the digital data stream produced by the at least one device. A modified digital data stream results from this merging operation and is transmitted by the at least one device to the central station or terminal.

Abstract: Approaches provide for monitoring attempted network activity such as network port connections and corresponding payloads of network data obtained by a network device and, based on the attempted connections and/or payloads, identifying malicious network activity in real time. For example, network activity obtained from a plurality of network devices in a service provider environment can be monitored to attempt to detect compliance with appropriate standards and/or any of a variety of resource usage guidelines (e.g., network behavioral standards or other such rules, guidelines, or network behavior tests) based at least in part on network port connection activity with respect to at least one network device. If it is determined that network activity is not in compliance with the usage guidelines, or other such network behavior test, the system can take one or more remedial actions, which can include generating a notification identifying the malicious network activity.

Abstract: Techniques for monitoring a computing environment for anomalous activity are presented. An example method includes receiving a request to invoke an action within a computing environment, with the request including a plurality of request attributes and a plurality of contextual attributes. A normalcy score is generated for the received request by encoding the received request into a code in latent space of an autoencoder, reconstructing the request from the code, and generating a probability distribution indicating a likelihood that the reconstructed request attributes exist in a data set of non-anomalous activity. Based on the calculated normalcy score, one or more actions are taken to process the request such that execution of non-anomalous requests is allowed, and execution of potentially anomalous requests may be blocked pending confirmation.

Abstract: This disclosure relates to method and system for providing explanation for output generated by artificial intelligence (AI) model. The method may include receiving encrypted input data and a public encryption key from a client device, wherein the encrypted input data is encrypted using the public encryption key. The method may further include generating an encrypted AI model by encrypting an AI model using the public encryption key. The method may further include generating an encrypted output and an encrypted feature data based on the encrypted input data using the encrypted AI model, and generating an encrypted explanation for the encrypted output based on the encrypted feature data. The method may further include providing the encrypted output and the encrypted explanation to the client device for rendering, wherein the encrypted output and the encrypted explanation are decrypted by the client device using a private encryption key.

Abstract: Techniques for authentication via a mobile device are provided. A mobile device is pre-registered for website authentication services. A user encounters a website displaying an embedded code as an image alongside a normal login process for that website. The image is identified by the mobile device, encrypted and signed by the mobile device and sent to a proxy. The proxy authenticates the code and associates it with the website. Credentials for the user are provided to the website to automatically authenticate the user for access to the website bypassing the normal login process associated with the website.

Abstract: A method for providing a set of certificates encoding authorisations, the method comprising processing respective ones of multiple authorisation requests at a trusted signing authority apparatus to verify respective digital signatures applied to the requests, the multiple authorisation requests received over a first communication link between the trusted signing authority apparatus and an administration apparatus, validating one or more authorisation request parameters of respective ones of the authorisation requests, generating a certificate encoding an authorisation at the trusted signing authority apparatus and transmitting the generated certificate to the administration apparatus or a requesting apparatus over a second communication link.

Abstract: Embodiments described herein may be directed to systems, methods, apparatuses, devices, computer program products, computer-executable instructions, and/or applications for securely and anonymously accessing web resources and customizable attribution of identity. In accordance with the present disclosure, a user may inspect and analyze a webpage as well as the underlying source code from an “arm's length” using a secure analysis application to prevent exposure on the user's local machine. The secure analysis application may provide increased flexibility in masking and/or modifying the user's digital persona to external websites.

Abstract: Embodiments described herein may be directed to systems, methods, apparatuses, devices, computer program products, computer-executable instructions, and/or applications for securely and anonymously accessing web resources and customizable attribution of identity. In accordance with the present disclosure, a user may inspect and analyze a webpage as well as the underlying source code from an “arm's length” using a secure analysis application to prevent exposure on the user's local machine. The secure analysis application may provide increased flexibility in masking and/or modifying the user's digital persona to external websites.

Abstract: Cyber-attacks can be mitigated by automatically coordinating responses from cyber-security tools. For example, a cyber-security engine can include software modules created by multiple sources, each of the software modules being for integrating a respective cyber-security tool with the cyber-security engine. The cyber-security engine can use the software modules to communicate with the cyber-security tools in order to detect one or more events indicative of a cyber-attack against a computing environment. The cyber-security engine can then determine a coordinated-response strategy involving cooperation among the cyber-security tools to mitigate the cyber-attack. The cyber-security engine can transmit commands to the cyber-security tools to cause the cyber-security tools to implement the coordinated-response strategy.

Abstract: Embodiments are directed to a session management framework for secure communications between host systems and trusted devices. An embodiment of computer-readable storage mediums includes instructions for establishing a security agreement between a host system and a trusted device, the host device including a trusted execution environment (TEE); initiating a key exchange between the host system and the trusted device, including sending a key agreement message from the host system to the trusted device; sending an initialization message to the trusted device; validating capabilities of the trusted device for a secure communication session between the host system and the trusted device; provisioning secrets to the trusted device and initializing cryptographic parameters with the trusted device; and sending an activate session message to the trusted device to activate the secure communication session over a secure communication channel.

Abstract: Methods and apparatus to assign demographic information to panelists are disclosed. An example disclosed apparatus disclosed herein includes a database proprietor identifier (DPID) extractor to extract a panelist database proprietor identifier from a cookie, the panelist database proprietor identifier associated with credentials used by a panelist to access a website.

Abstract: Exemplary embodiments are directed to a blockchain-based communication system. The system includes a public blockchain, a private blockchain and a processing device in communication with the public and private blockchains. The public blockchain includes a database configured to electronically store registration data associated with an originator and at least one recipient. The private blockchain is configured to allow for transmission of data between the originator and the at least one recipient. The processing device is configured to receive a request from the originator to compose a message to be transmitted from the originator to the least one recipient, receive as input and associate at least one digital rights management (DRM) parameter with content of the message, and generate a micro-blockchain within the private blockchain having an originator node associated with the originator and a recipient node associated with the at least one recipient.

Abstract: There is provided a method and system for an advanced endpoint protection. With this methodology, when a file is requested to be executed on any endpoint, all intelligence sources would be checked to decide if that file has any known or potential vulnerability associated with it. If there is any information about any known or potential vulnerability, it would be launched inside the secure container to isolate the all resource usage of that application from the rest of the known good and secure applications in order to achieve the secure computing environment on an endpoint.

Abstract: A method for accessing a web-based repository service from a cloud platform is provided. The method may include receiving, at a gateway controller, a first request from an endpoint to access the web-based repository service. Upon successfully verifying the first request, a redirect request to a reverse proxy at the gateway controller may be returned to the endpoint. The redirect request may include a cryptographic signature and the first request. The reverse proxy may respond to the redirect request from the endpoint by accessing, on behalf of the endpoint, the web-based repository service to store and/or retrieve data. The web-based repository service may be accessed by sending, to the web-based repository service, an encrypted second request corresponding to the first request. Related systems and articles of manufacture, including computer program products, are also provided.

Abstract: Embodiments described herein may be directed to systems, methods, apparatuses, devices, computer program products, computer-executable instructions, and/or applications for securely and anonymously accessing web resources and customizable attribution of identity. In accordance with the present disclosure, a user may inspect and analyze a webpage as well as the underlying source code from an “arm's length” using a secure analysis application to prevent exposure on the user's local machine. The secure analysis application may provide increased flexibility in masking and/or modifying the user's digital persona to external websites. Additionally, the secure analysis application may be integrated with a translation service to translate textual web content without the web content provider being alerted that a translation is taking place.