Abstract: A system, method and one or more wireless earpieces for authenticating utilization of one or more wireless earpieces. A request is received through the one or more wireless earpieces. Biometric readings are performed for a user utilizing sensors of the one or more wireless earpieces. The biometric readings are analyzed to determine whether a biometric profile authorizes the one or more wireless earpieces to fulfill the request. The request is authenticated in response to determining the biometric profile authorizes fulfillment of the request.

Abstract: An image display method includes displaying, by a terminal, a first image on a display at a first screen refresh rate, where an output frame rate of the first image is a first frame rate, and displaying, by the terminal, a second image on the display after detecting that a preset condition is met. A noise parameter is superimposed on a part of the second image, the part on which the noise parameter is superimposed is displayed at a second screen refresh rate, and an output frame rate of the part is a second frame rate. The second image includes a plurality of frames of noise-added sub-images. The second frame rate is higher than the first frame rate, and the second screen refresh rate is higher than the first screen refresh rate.

Abstract: The disclosed technology relates to verifying and validating a received executable function to be executed on a function as a service platform (FaaS), by applying one or more verification and validation techniques prior to runtime. The verified and validated executable function is temporarily stored. The temporarily stored verified and validated executable function is executed on the FaaS platform at the runtime.

Abstract: A method, apparatus, and computer program product are disclosed for self-service design, scheduling, and delivery of user-defined reports regarding promotions. The method includes receiving, from a user device, a report type and report delivery information. Based on the report type, relevant data regarding the one or more promotions is collected, using which a report is generated. The method then outputs the generated report based on the report delivery information. Optionally, analytical insights, such as trends within the data, sample size, suitability of control data, and indications of statistical significance, are generated and included in the report. A corresponding apparatus and computer program product are also provided.

Abstract: A method for network node encryption is provided. A node encryption request is received for a network node. Subsequently, node data information of the network node according to the node encryption request is acquired by the apparatus. The node data information includes a preset link. Next, an application to a third party for an encryption certificate is transmitted via the apparatus and the application includes the node data information. The third party sends a verification file once the application is received to verify an authority to the preset link. The verification file is stored subsequently. The third party verifies the storing of the verification file and sends an encryption certificate. The encryption certificate is received and deployed on the network node via the apparatus.

Abstract: A method for emulating execution of a file includes emulating execution of the instructions of a file on a virtual processor of an emulator. The execution of the instructions is halted in response to an invocation of an API function. A determination is made whether the invoked API function is present in the updatable modules of the emulator. The updatable modules contain implementation of API functions. In response to determining that the invoked API function is present in the updatable modules, execution of the invoked API function is emulated according to corresponding implementation contained in the updatable modules. Otherwise, result of execution of the invoked API function is generated by executing a corresponding virtual API function on a processor of a computing device.

Abstract: A method may include providing a user with one or more questions regarding permissions for use of personal data related to the user, and compiling the permissions for the use of the personal data. The method may also include receiving a request from a third party for access to the personal data, and providing a response to the third party based on the compiled permissions. The method may also include, based on the response indicating that the third party is permitted access to the personal data, sending a responsive dataset to a data holder, where the responsive dataset is responsive to the request from the third party. The method may also include facilitating the third party accessing the personal data.

Abstract: Methods, systems, and devices for techniques for instruction perturbation for improved device security are described. A device may assign a set of executable instructions to an instruction packet based on a parameter associated with the instruction packet, and each executable instruction of the set of executable instructions may be independent from other executable instructions of the set of executable instructions. The device may select an order of the set of executable instructions based on a slot instruction rule associated with the device, and each executable instruction of the set of executable instructions may correspond to a respective slot associated with memory of the device. The device may modify the order of the set of executable instructions in a memory hierarchy post pre-decode based on the slot instruction rule and process the set of executable instructions of the instruction packet based on the modified order.

Abstract: A communication device is connected to first and second networks. The communication device includes a processor executing a process including relaying communication between the first and second networks; and confirming connection to a first device connected to the first network or a second device connected to the second network, based on a device list registered in advance. The confirming includes blocking the relaying when the confirmation of the connection to the first device is unsuccessful; enabling the relaying when the confirmation of the connection to the first device is successful and when the second device is not registered in the device list; enabling the relaying when the confirmation of the connections to the first and second devices is successful; and blocking the relaying when the confirmation of the connection to the first device is successful and when the confirmation of the connection to the second device is unsuccessful.

Abstract: Systems and methods for preventing kernel stalling attacks. An example method may comprise receiving, by a kernel, an address range associated with a data store of an application program; mapping, by the kernel, a portion of random access memory (RAM) to the address range; disabling page fault handling with respect to addresses falling within the address range; and responsive to receiving, from the application program, a memory access request specifying an address outside of the address range, returning a memory access error to the application program.

Abstract: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.

Abstract: Techniques and mechanisms are disclosed for creating an environment for detecting malicious network traffic. A test computer network including a plurality of cloned nodes is created. The plurality of cloned nodes in the test computer network corresponds to at least some of a plurality of target nodes of a host computer network, and the test computer network has no network connectivity to the host computer network. Sensors in both the host computer network and the test computer network generate network flow records that are sent to a detection processing pipeline. The detection processing pipeline merges the records received from the sensors and uses the merged records to train at least one model used to identify instances of malicious network traffic.

Abstract: A system for suspending a computing device suspected of being infected by a malicious code is configured to receive a signal to initiate a suspension procedure of the computing device. The system captures states of instructions that are being executed by a processor of the computing device, where the instructions comprise the malicious code. The system prioritizes the operation of a kill switch button over the instructions being executed by the processor. The system sends notification signals to servers managing a user account associated with a user currently logged in at the computing device, indicating that the computing device is suspected of having been infected by the malicious code. In response to sending the notification signals to the servers, the user account is suspended. The system terminates network connections of the computing device such that the computing device is disconnected from other devices.

Abstract: The disclosed technology relates to receiving an executable function from a client device, wherein the executable function is to be executed on a function as a service (FaaS) platform. Upon performing a verification and validation process on the received executable function prior to runtime, it is determined when to execute the received executable function based on based on one or more execution initiation techniques upon performing. The verified and validated executable function is executed at the runtime on the FaaS platform based on the determination.

Abstract: An example method includes determining, based on a static scan, that a software container image or an intended execution environment of the software container image meets one or more first criteria required to exploit a software vulnerability. Based on the determining, runtime behavior of a software container instantiated from the software container image is monitored. The monitoring including determining whether the software container meets one or more second criteria required to exploit the software vulnerability, wherein the one or more first second criteria differs from the one or more second criteria. Based on the runtime monitoring, a risk score that indicates a magnitude of a risk the software vulnerability poses for the software container is determined, and a notification of the risk score is provided. A system for assessing software containers for vulnerabilities is also disclosed.

Abstract: According to embodiments of the present disclosure, there is provided a system, method, electronic device, storage medium and program product of security protection. The system comprises: a security computing sub-system, configured to manage security of developed code to compile the developed code into an installation file corresponding to a target application and a service program for supporting the target application; a data exchange sub-system, configured to manage data communication of the target application or service program with RoW (rest of World); and a security sandbox sub-system, configured to manage traffic data associated with the target application. In this way, the embodiments of the present disclosure can guarantee the security and compliance of data related to the target application.

Abstract: The present disclosure describes devices and methods monitoring a technology environment. In particular, a computing device including a processor with computer readable instructions to access a plurality of indicators (e.g., variables) that have corresponding stored historical information. The indicators are then used to calculate a summed weights table of relative risk for each time period in the past. The summed weights table is then correlated to a target variable (e.g., a variable that documents major issues, incidents, or disruptions that occurred in the technology environment in the past). The correlation coefficient between the summed weights table and the target variable is then used to implement a machine learning algorithm in order to better determine current risk levels (e.g., relative values that predict issues, incidents, or disruption).

Abstract: A system is provided to perform secure operations. The system includes an I/O subsystem, a memory subsystem and processors. The processors are operative to execute processes in trusted execution environments (TEEs) and rich execution environments (REEs). Each of the TEEs and the REEs is identified by a corresponding access identifier (AID) and protected by a corresponding system resource protection unit (SRPU). The corresponding SRPU of a TEE includes instructions, when executed by a corresponding processor, cause the corresponding processor to control access to the TEE using a data structure including allowed AIDs and pointers to memory locations accessible by the allowed AIDs.

Abstract: Techniques are disclosed for context-aware obfuscation and unobfuscation of sensitive content in the display of the sensitive content. An example methodology implementing the techniques includes receiving content for display, the content including metadata indicative of a location of at least one item of sensitive content within the received content, and determining at least one contextual factor. The method also includes, responsive to a determination to obfuscate the item of sensitive content based on the at least one contextual factor, displaying the item of sensitive content in obfuscated form. The method may also include, responsive to a determination to not obfuscate the item of sensitive content based on at least one contextual factor, displaying a non-obfuscated version of the item of sensitive content.

Abstract: In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.