Abstract: An electronic apparatus is provided, which includes a memory, a communicator, and a processor configured to receive a user command requesting sharing of content, search the content for a region which has security information, based on the received user command, extract an image corresponding to the security information from the found region, identify the security information in the image, and determine whether to change the image, based on the identified security information.

Abstract: An information processing system includes: one or more internal devices that are connected to an internal network, the internal network being connected to an external network through a firewall; and an intermediation device that can communicate with the internal network and the external network; each of the internal devices including: a storage unit that stores one or more documents and metadata of each of the documents; and a request acceptance unit that accepts, from a user, a request for processing by an external server on the external network as to one of the documents stored in the storage unit, and transmits the accepted request to the intermediation device; the intermediation device including: a request transmission unit as defined herein.

Abstract: A system and method in accordance with example embodiments may include systems and methods for generating and transforming data presentation. The method may include receiving, using a processor, a request for a web page, and submitting, by the processor, the request to a computer server system. The request can include a user identification and a user password. The method may further include receiving, from the computer server system, data corresponding to the requested web page. Further, the method includes storing, in a memory, the received data, and causing the received data to be shown on a display associated with the user device.

Abstract: The present disclosure describes techniques for storing encrypted files in a secure file repository and transferring those encrypted files to one or more recipients. A user selects a file to upload to a secure file repository. A secure collaboration app on the user's device generates a first encryption key that is used to encrypt the file. The encrypted file is then uploaded to the secure file repository, which provides the secure collaboration app with a random file name and a location of the encrypted file. The secure collaboration app updates locally stored metadata of the first encrypted file. To securely transfer the file, the user generates a second encryption key, encrypts the metadata with the second encryption key, and transmits the encrypted metadata to one or more receivers. The one or more receivers decrypt the encrypted metadata and use the decrypted metadata to retrieve the file and decrypt it.

Abstract: A system and method of providing security for an application. A request to use an application to perform an operation using information is received from an operator by a computer system. In response to receiving the request, an operator identity assurance level of the operator and characteristics of the operation using the information are determined. An operation assurance level for the operation is determined based on the characteristics of the operation using the information. It is determined whether the operator identity assurance level of the operator satisfies the operation assurance level for the operation. The operator is allowed to use the application to perform the operation using the information in response to a determination that the operator identity assurance level of the operator satisfies the operation assurance level for the operation.

Abstract: Shown is single sign-on support access to tenant accounts in a multi-tenant service platform involving a proxy user account in an identity provider for a tenant account on the service platform having security metadata associated therewith, mapping in the identity provider maps a support user to a proxy user identifier, a corresponding security endpoint in the service platform and mapping of the proxy user account identifier to the tenant account and security metadata. The identity provider authenticates a request to access the tenant account on the service platform, obtains the security credentials for the proxy user identifier, and sends a security assertion with the proxy user identifier and the security metadata to the security endpoint. The endpoint receives and validates the security assertion against the mapping for the proxy user identifier to the tenant account and the security metadata in the service platform, and permits access by the support user to the tenant account in the service platform.

Abstract: The present disclosure relates generally to implementing biometric authentication, including providing user interfaces for: a biometric enrollment process tutorial, aligning a biometric feature for enrollment, enrolling a biometric feature, providing hints during a biometric enrollment process, application-based biometric authentication, autofilling biometrically secured fields, unlocking a device using biometric authentication, retrying biometric authentication, managing transfers using biometric authentication, interstitial user interfaces during biometric authentication, preventing retrying biometric authentication, cached biometric authentication, autofilling fillable fields based on visibility criteria, automatic log-in using biometric authentication, retrying biometric authentication at a credential entry user interface, providing indications of error conditions during biometric authentication, providing indications about the biometric sensor during biometric authentication, and orienting the device to

Abstract: Implementations of the present disclosure include receiving, by the centralized sub-system, user data representing a user that is authorized to access one or more electronic documents stored in the centralized sub-system, generating a hash identifier that is unique to the user, the hash identifier being generated based on at least a portion of the user data, and recording, by the decentralized sub-system, the hash identifier in a blockchain that is maintained within the decentralized sub-system, the blockchain being stored in multiple nodes of the decentralized sub-system.

Abstract: An automatic file encryption method and device for automatically encrypting a file. A processor identifies a characteristic associated with likely sensitive content based on a usage pattern of encrypting files having the characteristic. Creation of a new file is detected and the newly-created file is analyzed to determine whether the file contains sensitive content based upon it having the characteristic. If the file is found to have the characteristic, then the file is automatically encrypted.

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

Abstract: A system and method for identifying and circumventing a security scanner includes monitoring incoming traffic to a web application, identifying a portion of the incoming traffic as security scanner traffic by comparing the incoming traffic to a security scanner traffic profile, and circumventing the security scanner by providing dummy content or signaling the web application to provide dummy content. The security scanner traffic profile is created by receiving web application traffic generated by a plurality of security scanners; identifying web application traffic features common to at least a portion of the plurality of security scanners by modelling using artificial intelligence, machine learning, and the like; and generating the security scanner traffic profile based on the identified web application traffic features.

Abstract: Embodiments provide a system operatively connected with a block chain distributed network and for using the block chain distributed network for facilitating a person-to-person (P2P) alias-based resource allocation. Embodiments receive an event record associated with a P2P event between a first user and a second user. The event record comprises an alias associated with the first user and/or the second user. A distributed ledger is accessed that is updated based on communications from a block chain distributed network. An alias-to-entity mapping is retrieved from the accessed distributed ledger. The alias-to-entity mapping indicates at least an entity to which the alias is mapped. Based on the mapping the alias is determined to be at least partially valid. In some cases, embodiments determine that the alias corresponds to a resource depository number maintained by the entity in a private ledger and authorizes a resource event associated with the resource event request.

Abstract: This disclosure describes techniques for providing manufacturer usage description (MUD) solution to automatically update network access policy for client application software. The method may include embedding metadata in the application binary. The metadata may include MUD uniform resource identifiers (URIs) that may point to MUD files describing the application's network access requirements. The MUD files may be hosted by application vendor's MUD servers. The system may include a network policy server that is able discover the MUD URIs. The MUD URIs may be discovered based on extracting the MUD URIs from the metadata and/or being provision with the set of MUD URIs for trusted applications. The method may include enterprise wide policy and individual host policy for implementation of the MUD files.

Abstract: A method, apparatus, system, and computer program product for domain-authenticated control of platform resources. Resources under the control of the platform are managed in accordance with access control rules that are centrally managed by a directory service. Security policies are uniformly applied by requiring authorization of the user's access to platform resources including hard drives, flash memory, sensors, network controllers and power state controllers.

Abstract: The disclosed embodiments provide a system that authenticates a user of an unattended device. In response to sensing a presence of the user in proximity to the unattended device, the system makes a call from the unattended device to an authentication service to authenticate the user. In response to the call, the authentication service authenticates the user based on recently collected sensor data, which was obtained from one or more sensors in a portable electronic device belonging to the user. If authentication succeeds, the system allows the user to proceed with an interaction with the unattended device.

Abstract: A method of programming a device comprising acquiring configuration data, loading the configuration data onto a programmable device, processing at least a portion of the configuration data through a one way function to form processed configuration data, and configuring at least one configurable module of the programmable device using the processed configuration data from the processing step.

Abstract: A computer security method including detecting a request, made by a computer software application, prior to transmission of the request to a recipient, accessing a predefined security requirement associated with the recipient, determining whether the predefined security requirement is met, and preventing at least a portion of the request from being transmitted to the recipient if the predefined security requirement is not met.

Abstract: Concepts and technologies are disclosed for an identity vault service. According to one aspect disclosed herein, an identity vault service system can collect self-attested and operator-attested user information. The operator-attested user information can be associated with a user and a mobile telecommunications service provided to the user by a mobile network operator. The system can create a trusted digital identity of the user based upon the self-attested and operator-attested user information. The system can receive an identity access request from a third party. The request can be for access to at least a portion of the trusted digital identity for use by the third party in performance of an act. The system can send a consent request to a user device and can receive a consent response that indicates whether the user permits access to at least the portion of the trusted digital identity of the user.

Abstract: Digital n-state switching devices are characterized by n-state switching tables with n greater than 4. N-state switching tables are transformed by a Finite Lab-transform (FLT) into an FLTed n-state switching table. Memory devices, processors and combinational circuits with inputs and an output are characterized by an FLTed n-state switching table and perform switching operations between physical states in accordance with an FLTed n-state switching table. The devices characterized by FLTed n-state switching tables are applied in cryptographic devices. The cryptographic devices perform standard cryptographic operations or methods that are modified in accordance with an FLT. One or more standard cryptographic methods are specified in Federal Information Processing Standard (FIPS) Publications. Security is improved by at least a factor n2.

Abstract: Methods, systems, and media for protecting computer systems from user-created objects are provided.