Abstract: A system includes a plurality of secure gateways that each use a plurality of datasets to determine how to process messages between devices on a network and websites on the internet. A version control server in the system automatically sends a dataset to each secure gateway in the plurality of secure gateways.

Abstract: A transceiver for sending and receiving data from a controller area network (CAN) bus is disclosed. The transceiver includes a microcontroller port, a transmitter and a receiver. The transceiver is configured to receive a data frame from a microcontroller via the microcontroller port and to determine if the microcontroller is authorized to send the data frame or part of it based on a message identifier in the data frame and the outcome of the arbitration process. If the microcontroller is unauthorized to send the data, the transceiver is configured to invalidate the data frame and disconnect the microcontroller from the CAN bus for a predetermined period.

Abstract: The disclosed technology is generally directed to device security in an IoT environment. For example, such technology is usable in IoT security. In one example of the technology, a set of security rules that is associated with an expected condition of at least one IoT device is stored. IoT data associated with the at least one IoT device is received. The IoT data may be aggregated data that includes at least two different types of data. A determination is made, based on the IoT data, as to whether the set of security rules has been violated. An alert is selectively sent based on the determination.

Abstract: This disclosure relates to systems, methods, and apparatuses for determining access models for applications. The access models can be determined using various techniques described herein. The access models can enable the applications to be onboarded into the enterprise system and, in some cases, can be utilized by an identity and access management (IdAM) system and/or identity and governance administration (IGA) system to facilitate ongoing identity management and access control functions for the applications in the enterprise system.

Abstract: Techniques for signer-initiated electronic document signing via an electronic signature service using a mobile or other client device are described. Example embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of documents and corresponding electronic signatures. In some embodiments, when a signer user receives a hard copy (e.g., paper) signature document, the signer may capture an image of the signature document with a camera of a mobile device. The signer can then import the captured image into the ESS for signature, storage, and/or transmission to other parties.

Abstract: The disclosed technology is generally directed to device security in an IoT environment. For example, such technology is usable in IoT security. In one example of the technology, a set of security rules that is associated with an expected condition of at least one IoT device is stored. IoT data associated with the at least one IoT device is received. The IoT data may be aggregated data that includes at least two different types of data. A determination is made, based on the IoT data, as to whether the set of security rules has been violated. An alert is selectively sent based on the determination.

Abstract: An authentication server is connected to a client device via a network and includes: an uninterruptible power supply (UPS) that supplies power to the authentication server upon interruption of a main power supply; a storage that stores a database including: a piece of user information of a user of the client device; and a piece of authentication information for the user to log into the client device or a predetermined server on the network via the client device; and a processor that, once the UPS starts to supply the power to the authentication server, transmits to the client device the piece of authentication information corresponding to the piece of user information before the authentication server is shut down.

Abstract: A computer-implemented method of instantiating a machine learning model with a host processing system is provided. The host processing system includes a trusted execution environment (TEE) and an untrusted processing system (UPS). The method includes: preparing, with the host processing system, a compiler encoding an architecture of the machine learning model; receiving, from a client processing system, source data; and producing, with the compiler, software based on the received source data and model parameters stored on the host processing system. The software includes an untrusted software component for performance on the UPS and a trusted software component for performance on the TEE. The untrusted software component and the trusted software component are configured to, when performed in concert, instantiate the machine learning model.

Abstract: Systems, methods, and related technologies for access control management are described. The access control management may be customized for an entity and be configured on an enforcement point closest to the entity. In certain aspects, an entity communicatively coupled to a network is selected and one or more characteristics of the entity determined. An access policy may be selected based on the one or more characteristics of the entity and one or more enforcement points closest to the entity determined. One or more access rules to be assigned to the one or more enforcement points based on the access policy may be determined and the one or more access rules assigned to or configured on the one or more enforcement points closest to the entity.

Abstract: An electronic device includes one or more sensors capturing media content from an environment of the electronic device. A location detector determines whether the environment of the electronic device is situated at a location of residence of an authorized user of the electronic device. A user interface receives user input requesting transmission of the media content to another electronic device located outside the location of residence of the authorized user of the electronic device. One or more processors preclude transmission of the media content to the other electronic device in response to the user input when the location detector determines that one or more sensors captured the media content at the location of residence of the authorized user of the electronic device.

Abstract: Aspects of the disclosure relate to identification of confidential data, in a message, and encryption of the confidential data. A computing platform may determine, based on a knowledge base, confidential data in a first message transmitted over one or more computing networks. The computing platform may encrypt the confidential data in the message. The computing platform may generate a second message based on encrypted confidential data. Further, the computing platform may update a header, corresponding to the second message, to indicate an encryption technique used for the encrypted confidential data. The computing platform may further encrypt the header of the second message, and transmit the second message.

Abstract: Various embodiments are provided for preventing disclosure of confidential data in a computing environment are provided. Data may be inspected prior to publication to a communication channels. Selected portions of the data may be extracted. The selected portions of the data may be filtered according to degree of appropriateness defined in one or more publishing policies or rules prior to sending the filtered data to the communication channel.

Abstract: Techniques are disclosed relating to detecting data leaks using targeted scanning. For example, in various embodiments, a scanner module may monitor communications between a user device and a server system, where the user device requests access to a resource provided via the server system. The scanner module may perform various data loss prevention operations to detect the leaking of sensitive data associated with an organization. For example, the scanner module may perform an initial scan of the resource to capture an initial version of the resource at an establishment of a connection between the user device and the server system. The scanner module may perform a subsequent scan that captures a subsequent version of the resource. Based on the initial and subsequent versions of the resource, the scanner module may determine whether any data loss prevention rules have been violated and, if so, initiate one or more corrective actions.

Abstract: The technology described herein helps improve email security within a multi-tenant email service. In particular, the technology described herein helps make it more difficult for a first tenant of the email service to impersonate a second tenant of the email service by validating the sending domain before the email leaves the multi-tenant email service. In particular, the technology runs a sending-side source validation on an email. If the source validation fails, the email is still sent, but using a source IP address that will cause the email to fail a receiving-side email authentication tests, such as the sender policy framework (SPF) email authentication test. In contrast, if the source validation passes, the email is sent using a source IP address that will cause the email to pass the receiving-side email authentication tests.

Abstract: Systems and methods implemented by an application executed on a user device for service discovery and connectivity include, responsive to joining a new network, performing a Dynamic Host Configuration Protocol (DHCP) operation to obtain network configuration parameters; receiving a DHCP message in response with the network configuration parameters; via an application executed on the user device for service discovery and connectivity analyzing data in the DHCP message to determine one or more forwarding profiles on the new network, wherein the one or more forwarding profiles are based on a location or trust of the new network; and automatically installing the determined one or more forwarding profiles.

Abstract: Disclosed herein includes a system, a method, and a device for preventing replay attacks in a cluster. A first node in the cluster having a plurality of nodes can receive an indication of a node event. The first node can access a first sequence number from a storage corresponding to a previous communication between the plurality of nodes. The first node can adjust the first sequence number by a delta indicative of an average number of communications between the plurality of nodes in the cluster in a determined time period to generate a second sequence number. The first node can transmit a packet including the second sequence number to the plurality of nodes in the cluster. The second sequence number can be used by the plurality of nodes to reset a starting sequence number for communications between the plurality of nodes to prevent replay attacks in the cluster.

Abstract: Work support system and method with device sharing and development system for multi-platform application disclosed. The work support system with device sharing may include a user terminal in which a service application is installed and executed, a device configured for executing a predetermined operation according to a control command, a device terminal directly connected to the device, and a device sharing server configured for enabling the user terminal to use the device by communicating with the user terminal and the device terminal, managing information of the device that is sharable, and allowing a sharing of the device under a predetermined condition in response to a request from the user terminal.

Abstract: Systems and methods for deriving confidence scores based on device sharing are disclosed. In embodiments, a method includes receiving, by a computing device, sharing event data from a remote computing device in a comparative confidence environment, the sharing event data including usage data regarding the sharing of an electronic device between a first participant and a second participant obtained by the remote computing device during a sharing event; calculating, by the computing device, a comparative confidence score for the first participant and the second participant based on the sharing event data; and enabling, by the computing device, the first participant to gain access to a resource of the second participant based on the comparative confidence score.

Abstract: An electronic device comprises one or more sensors capturing media content while the electronic device is situated at a media content capture location. A user interface receives user input requesting transmission of the media content to another electronic device situated at another electronic device location. One or more processors determine whether the media content capture location and the another electronic device location are substantially different locations, and at least temporarily preclude, in response to the user input, the transmission of the media content to the other electronic device when the media content capture location and the another electronic device location are substantially different locations.

Abstract: A system for authenticating a user associated with a plurality of user devices using a plurality of types of authentication information. The system includes an electronic computing device including an electronic processor. The electronic processor is configured to receive, from a user device, a request to access sensitive information and send, to the user device, a request for a first accuracy measurement for a first type of authentication information. When first accuracy measurement is below a predetermined threshold, the electronic processor sends to the user device a request for a second accuracy measurement for a second type of authentication information. When the second accuracy measurement is above or equal to the predetermined threshold, the electronic processor authenticates the user and lowers the predetermined threshold for each user device associated with a user profile, records an anomaly associated with the first type of the authentication information, or both.