Abstract: The disclosed technology relates to receiving an executable function from a client device, wherein the executable function is to be executed on a function as a service (FaaS) platform. Upon performing a verification and validation process on the received executable function prior to runtime, it is determined when to execute the received executable function based on based on one or more execution initiation techniques upon performing. The verified and validated executable function is executed at the runtime on the FaaS platform based on the determination.

Abstract: An applet may be downloaded or provided to a web browser when a user visits a site in order to protect data input by the user from being captured by malicious software, such as key loggers. The applet may present a user input field in the web browser and may generate a random sequence of low-level key stroke or mouse click events within the input field when the user enters information, such as a username and/or password. A listening key logger will receive a large amount of random data, whereas the applet will receive and buffer the actual user data that may be communicated to a remote site access by the user.

Abstract: The present invention reduces security risks while improving the convenience of utilization control technology of an usage target object. A use permit issuance device (1): stores, for each user, authentication data and an authentication method in association with identification information of one or more users and upon receipt of a use permit issuance request from a setting terminal (5), issues a use permit to generate a signature, and identifies the authentication data associated with the user identification information and the authentication method included in the issuance request, and notifies the setting terminal (5) of setting information including the use permit, the signature and the authentication data. The setting terminal (5) registers the setting information in a use permit notification device (4).

Abstract: Disclosed are techniques for providing an exposure rating. In an aspect, a processing system provides, to a user, an exposure rating to enable the user to visualize a level of online exposure of their personal information, wherein the exposure rating is determined based at least in part on an email score and a data broker score, wherein the email score is determined based at least in part on a number of a set of commercial email domains determined from a scan of an email account of the user, a number of a set of protected commercial email domains, and an email portion of the exposure rating, and wherein the data broker score is determined based at least in part on a number of a set of known data brokers, a number of the set of protected data brokers, and a data broker portion of the exposure rating.

Abstract: Systems, computer program products, and methods are described herein for implementing dynamic network channel switching for secure communication. The present invention is configured to receive, from a first user input device, a resource transfer request via a first communication channel; determine, using a secure channel monitoring engine, that the first communication channel does not meet one or more preset channel requirements for secure communication; determine a second communication channel associated with a second user input device, wherein the second user input device is within a preset geographic radius of the first user input device, wherein the second user input device is associated with the resource distribution platform; trigger, via the second communication channel, the second user input device to establish a communication link with the first user input device to form an alternate communication channel; and execute, via the alternate communication channel, the resource transfer request.

Abstract: A system (300) and method (900) for viewing an event (80). The system (300) can enhance the experience of the viewer (120) in a variety of different ways. A machine learning module (534) can be used to train the system (300) to correctly identify the participants (110) of an event (80) from an image (728) or video (729) captured at the event (80).

Abstract: Systems and methods for dynamically restricting rendering of unauthorized content included in information resources are provided herein. A computing device can identify an information resource including a content object specifying one or more graphical characteristics. The computing device can determine that the content object corresponds to a restricted content object by applying at least one of an action-based detection policy to detect actions performed on the information resource or a visual-based detection policy to detect the graphical characteristics of the content object. The computing device can modify by applying a content rendering restriction policy the information resource to alter rendering of the content element on the information resource responsive to the determination.

Abstract: An information processing device according to an embodiment includes a memory and one or more hardware processors. The memory includes a flag table storage area to store a flag table in which file information for individually identifying one or more pieces of software is associated with a flag used for execution control of a corresponding one of the pieces of software. When rewrite of first software is detected, the hardware processors: extract first file information being the file information corresponding to the first software; change a first flag corresponding to the first file information to a first value indicating that verification of integrity of the first software is required; change a file of the first software in an authorized manner; and change the first value, which has been changed, to a second value indicating permission of execution of the first software.

Abstract: In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.

Abstract: Methods, systems, and apparatus, including an apparatus for verifying the integrity of requests. In some aspects, a method includes receiving, from an application, a request including an attestation token of the application. The attestation token includes a set of data that includes at least a public key of the application and a token creation time that indicates a time at which the attestation token was created. The attestation also includes a signature of the set of data. The signature is generated using a private key that corresponds to the public key. The integrity of the request is verified using the attestation token. The verification includes determining that the integrity of the request is valid based on a determination that the token creation time is within a threshold duration of the time at which the request was received and a determination that the set of data has not been.

Abstract: According to one embodiment, an non-transitory storage medium is configured to store a plurality of engines, which operate to conduct an analysis of a received object to determine if the object is associated with a malicious attack. The plurality of engines includes a first engine and a second engine. The first engine is configured to conduct a first analysis of the received object for anomalous behaviors including anomalous actions or omissions during virtual processing of the object that indicate the received object is malicious. The second engine is configured to conduct a second analysis corresponding to a classification of the object as being associated with a malicious attack. The analysis schemes conducted by the first engine and the second engine may be altered via configuration files, which adjusts (i) parameter value(s) or (ii) operation rules(s) to alter the analysis conducted by the first engine and/or second engine.

Abstract: Embodiments disclosed are directed to a computing system that performs steps to perform enhanced device fingerprinting using user contacts data. The computing system receives, from an application, a first plurality of device attributes identifying a client device on which the application is being used. The first plurality of device attributes includes first device identification data and first user contacts data. Subsequently, when a user is attempting to perform a transaction using the application on the client device, the computing system receives, from the application, a second plurality of device attributes identifying the client device on which the application is being used. The second plurality of device attributes includes second device identification data and second user contacts data. The computing system compares the second plurality of device attributes to the first plurality of device attributes to determine whether the user is authorized to perform the transaction.

Abstract: This disclosure describes providing message encryption through identification of sequential prime numbers. Encryption keys are generated, where a public encryption key is generated based on determining a lowest addend value to add to a starting value to produce a next sequential prime number with respect to the starting value. The public encryption key is provided to a computing device, and the computing device can use the public encryption key to encrypt a message. The encrypted message is received from the computing device and decrypted using a private key of the encryption keys that are generated.

Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.

Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

Abstract: Watermarking media content, in combination with blockchain and distributed storage networks, prevents the proliferation of Deepfake content. Digital watermarks are embedded in the audio and video tracks of video clips of trusted content producers at the time the videos are captured or before they are distributed. The watermarks are detected at the social media network's portals, nodes, and back ends. The embedded watermark imparts a unique identifier to the video, that links it to a blockchain. The watermarks also allow video source tracking, integrity verification, and alteration localization. The watermark detectors can be standalone software applications, or they can be integrated with other applications. They are used to perform three main tasks: (1) they alert the Internet user when he watches an inauthentic news video, so that he may discard it, (2) they prevent a Deepfake content from propagating through the network (3) they perform forensic analysis to help track and remove Deepfake content postings.

Abstract: Secure user authentication using a OTP involve pre-storing an application on a first device for generating a valid OTP for the user responsive to receiving entry of a valid PIN, no part of the valid PIN is stored on the first device and pre-storing on a back-end server the valid PIN and a valid shared secret for the user. Upon receiving entry of a purported PIN, a purported shared secret is dynamically synthesized on the first device by the application based on the purported PIN and a purported OTP is generated on the first device. When entry of the purported OTP is received by the server in an attempt to log on the server from a second device, the server cryptographically calculates a window of OTPs, and logs on to the server from the second device is allowed if the calculated window of OTPs corresponds to the received OTP.

Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: In an embodiment, an operating system includes a device manager that is a central repository of device information. Device drivers may communicate with the device manager over respective channels, and may request channel identifiers (Cids) to communicate with resources related to the respective devices. The device manager may provide values for resource access (or handles that the resources may use to access values). In an embodiment, the device drivers do not have the ability to allocate resources for a peripheral device. Accordingly, the security of the system may be increased. Furthermore, the resource allocation may be centrally located, simplifying the process of updating resource allocation when needed. Additionally, the device manager may delay response to requests from a given device driver until its dependencies are clear (e.g., other device drivers and hardware initializations). Thus, startup scripts may be avoided in some embodiments.