Abstract: A system in a vehicle includes one or more sensors configured to obtain occupant information from an occupant utilizing at least facial information of the occupant. The system also includes a controller in communication with the one or more sensors. The controller is configured to determine an application policy associated with one or more applications of the vehicle and execute the one or more applications in response to facial information exceeding a first authentication layer or second authentication layer associated with the application policy.

Abstract: Systems and methods are disclosed for online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data.

Abstract: Embodiments herein describe a pattern or syntax that can be used to convey or express the reason or purpose for a service provider to request user data in an identity federation. A service provider can request user data from the identity provider using an authentication process. If the authentication process is successful, the identity provider provides an authorization token to the service provider which it can use to retrieve the user data. The embodiments herein obtain user consent in the same authentication process used to provide the authorization token. In order to do so, the embodiments herein introduce a pattern or syntax that the service provider uses to convey the purpose for which it wants to use the user data to the identity provider.

Abstract: Methods, systems and computer program products for content management systems. The techniques of the methods, systems and/or computer program products automatically determine activity-based content object access permissions and/or make a recommendation of activity-based content object access permissions. A machine learning model is formed from observations of user interactions over a plurality of content objects. The model is continually updated based on ongoing observation and analysis of user interaction events. When a collaborative relationship is formed between an invitor and one or more invitees, the activity-based permissions model is accessed to determine a set of access permissions to assign to the collaborative relationship. A single collaborative relationship may cover many collaboration objects. In some cases, a set of access permissions are automatically assigned to the collaborative relationship. In other cases, a set of access permissions is presented to the invitor as a recommendation.

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of user interface competence adaptation and fraud detection. The innovation includes a user device that provides a user interface to receive user interactions. A monitoring component monitors user interactions by the user on the user device. The user interactions can be controlling, navigating, or inputting to the user interface. A determination component determines a user proficiency based on the monitored user interactions. A configurator determines and implements a device configuration for the user device based on the determined user proficiency. A security component determines a different user is accessing the user device based on a change in user proficiency exceeding a threshold change. The security component implements security measures upon determine a different user has access.

Abstract: Embodiments are directed to managing communication over one or more networks. An underlay network that couples a source gateway and a target gateway using underlay protocols may be provided such that the target gateway includes two or more port groups that may each be associated with a separate target node. An overlay network may be provided on the underlay network based on policy information such that the source gateway and the target gateway may each be assigned separate gateway identifiers (GIDs) that are associated with the overlay network. In response to the source gateway authorizing a source node to employ the overlay network to communicate one or more encrypted payloads to a target node, the one or more encrypted payloads may be provided to the target node based on the overlay network and the policy information.

Abstract: Aspects of the disclosure relate to monitoring virtual desktops accessed by devices at remote locations using machine-learning models to mitigate potential cyber-attacks. In some embodiments, a computing platform may monitor data associated with a series of activities from a virtual desktop accessed by a remote computing device. Subsequently, the computing platform may detect new activity data on the virtual desktop accessed by the remote computing device, and evaluate the new activity data relative to the data associated with the series of activities, wherein evaluating includes applying a machine learning model to the new activity data. Based on evaluating the new activity data, the computing platform may determine if the new activity data is indicative of a potential cyber-attack. In response to determining that the new activity data is indicative of a potential cyber-attack, the computing platform may initiate one or more security response actions.

Abstract: A system and method for setting alert thresholds related to cybersecurity ratings of one or more affiliate entities. An example method includes: obtaining entity data including cybersecurity event data for an affiliate entity; calculating a time-series cybersecurity rating for the affiliate entity based on the entity data; associating an alert reporting threshold with the time-series cybersecurity rating, wherein a comparison of the alert reporting threshold to the time-series cybersecurity rating determines a number of alerts reported for the affiliate entity; applying an alternative alert reporting threshold against the time-series cybersecurity rating to determine an alternative number of alerts reported for the affiliate entity; and updating the alert reporting threshold for the time-series cybersecurity rating to the alternative alert reporting threshold.

Abstract: An objective is to manage contract data registered in a distributed ledger with part of the contract data flexibly concealed without a centralized concealment server and without bothering the user with complicated procedures or the key management. A data registration method performed by a computer includes: generating a common key for encrypting and decrypting an item included in data that is registered in a distributed ledger; acquiring a public key for each account of a user having access authority to the item; encrypting the common key with the public key for each account; and registering the common key encrypted for each account in the distributed ledger via a transaction.

Abstract: In one embodiment, a storage device that is installable in an electronic apparatus includes a first communication interface for connecting the electronic apparatus to the storage device, a nonvolatile memory for storing data and data management table storing a data size and address information for the data stored in the nonvolatile memory, and a processor configured to change at least one piece of data stored in the nonvolatile memory without changing file management information stored in the data management table. The processor is configured to change the stored data without receiving an instruction to do so from the electronic apparatus through the first interface.

Abstract: Upon receiving malware detection rules that are to be identified with respect to an input traffic stream, a rule database that requires less storage capacity than the malware detection rules is generated by substituting tokens for selected symbol strings within the malware detection rules. A compressed traffic stream is generated by substituting the tokens for instances of the selected symbol strings within the input traffic stream, and then compared with the rule database to determine whether the input traffic stream contains one or more symbol sequences that correspond to any of the malware detection rules.

Abstract: Aspects of the disclosure relate to real-time detection of anomalous content in a transmission of textual data. A computing platform may monitor, in real-time and via a computing device, a transmission of textual data from a user device. Then, the computing platform may scan, via the computing device, a content of the textual data. The computing platform may then perform, via the computing device and based on the scanning, textual analysis of the scanned content. Subsequently, the computing platform may detect, in real-time and based on the textual analysis, an anomalous pattern indicative of secure enterprise information. Then, the computing platform may trigger, via the computing device, one or more security actions to prevent the transmission of the secure enterprise information.

Abstract: An aspect of behavior of an embedded system may be determined by (a) determining a baseline behavior of the embedded system from a sequence of patterns in real-time digital measurements extracted from the embedded system; (b) extracting, while the embedded system is operating, real-time digital measurements from the embedded system; (c) extracting features from the real-time digital measurements extracted from the embedded system while the embedded system was operating; and (d) determining the aspect of the behavior of the embedded system by analyzing the extracted features with respect to features of the baseline behavior determined.

Abstract: The present disclosure is directed to for secure data access between multiple entities, and includes actions of receiving, by a secure file storage system, a set of metafiles including one or more metafiles that define actions to be performed and conditions to be satisfied before granting a first system use of data that is resident at a second system, the set of metafiles being provided by the second system, receiving, by the secure file storage system and from a central exchange, an indication that the actions are performed and the conditions are satisfied for use of the data by the first system, wherein the central exchange accesses the set of metafiles from the secure file storage without accessing the data, and in response to the indication, permitting use of the data by the first system.

Abstract: A walled garden system includes a firewall controlling access between a first network and a second network at least by allowing connection requests originating from a user device on the first network to a destination IP address on the second network in response to determining that the destination IP address matches a cleared IP address on a cleared IP addresses list. A controller receives a domain name service (DNS) reply from a DNS server on the second network, and determines whether a domain name specified within the DNS reply matches a cleared domain name on a cleared domain names list. In response to determining that the domain name specified within the DNS reply matches the cleared domain name on the cleared domain names list, the controller adds a resolved IP address specified in the DNS reply to the cleared IP addresses list as a new cleared IP address.

Abstract: A method for user authentication according to one embodiment of the present disclosure includes acquiring authentication information including biometric information of a user, generating a random string and a helper string from the biometric information, generating a secret value that corresponds to the authentication information, generating a private key and a public key using the secret value and the random string, and transmitting the public key to an authentication server.

Abstract: A method for detecting anomalies during operation of an asset to improve performance of the asset includes collecting, via a server, data relating to operation of the asset or a group of assets containing the asset. The data includes normal and abnormal asset behavior of the asset or the group of assets containing the asset. Further, the method includes automatically removing, via an iterative algorithm programmed in the server that utilizes one or more inputs or outputs of an anomaly detection analytic, portions of the data containing the abnormal asset behavior to form a dataset containing only the normal asset behavior. The method also includes training, via a computer-based model programmed in the server, the anomaly detection analytic using, at least, the dataset containing only the normal asset behavior. Moreover, the method includes applying, via the server, the anomaly detection analytic to the asset so as to monitor for anomalies during operation thereof.

Abstract: There are provided systems and methods for a voice vector framework that authenticates user interactions. A service provider server receives user interaction data having audio data that is associated with an interaction between a user device and the service provider server. The server extracts user attributes from the audio data and obtains user account information associated with the user device. The server selects a classifier that corresponds to a select combination of features based on the user account information and applies the classifier to the user attributes. The server generates a voice vector that includes multiple scores indicating likelihoods that a respective user attribute corresponds to an attribute of the select combination of features. The server compares the voice vector to a baseline vector corresponding to a predetermined combination of features and sends a notification to an agent device with an indication of whether the user device is verified.

Abstract: A method, a computing unit and a system for token-based information exchange between a computing unit of a first entity (400A) and a computing unit of one second entity (400B) are presented. The method comprises obtaining (110) a token set (200A) associated with the first entity (400A) and a token set (200B) associated with the one second entity (400B), clustering (120) the token set (200A) associated with the first entity (400A) into clusters, requesting (130) information on tokens (205, 205A, 205B) from the computing unit of the one second entity (400B), receiving (140) information on said tokens (205, 205 A, 205B) from the computing unit of the one second entity (400B), determining (150) an active cluster associated with the first entity (400A), modifying (160) the token subset (310, 320) associated with the determined active cluster of the first entity (400A) at least partly with information on the received tokens (205, 205A, 205B) associated with the second entity (400B).