Abstract: A resource server system granting to users access to a resource based on the very fact that the users' computing systems can demonstrate that they heard an audio signal. Specifically, the resource server system detects receipt of a message from a client computing system, and interprets the message as representing that the client computing system heard an audio signal. In response, the resource server system grants a user of the client computing system access to the resource. This may be performed for multiple client computing systems that each demonstrate that they heard the audio signal. Thus, the principles described herein allow for the granting of access to resources to other computing systems within the audible proximity of a computing system that transmitted the audio signal.

Abstract: Systems, computer program products, and methods are described herein for tracking resources using non-fungible tokens. The present invention is configured to electronically receiving, over a distributed computing network from a computing device of a user, a request for a non-fungible token (NFT) for a resource; initiating a non-fungible token (NFT) generator on the resource in response to receiving the request; generating a unique digital signature for the resource; generating, using the NFT generator, the NFT, wherein the NFT comprises at least the unique digital signature for the resource; and record the NFT for the resource on a distributed ledger.

Abstract: In an aspect, the present application may describe a method that comprises monitoring a risk parameter associated with a third party server to detect a change in the risk parameter, and responsive to detecting the change in the risk parameter, sending, to a remote computing device and via the communications module, a notification that includes a first selectable option to modify data sharing associated with the third party server and a second selectable option to replace the third party server with an alternative third party server.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of authenticating customers and service agents. The innovation receives a connection request to connect a customer and a service agent. The customer is authenticated for the service agent by matching biometric data of the customer to previously stored biometric data using a biometric recognition algorithm. The service agent is authenticated for the customer by matching a unique identifier to a previously stored unique identifier. A confirmation notification is generated and sent to the service agent and the customer to confirm the authentications. A connection is established between the customer and the service agent according to the authentications and the connection request.

Abstract: A method of authenticating a user of a multifunction device to a server, the method comprising associating a user-supplied image with user login credentials, using a server; receiving, at the server, an image uploaded from the multifunction device; and comparing the uploaded image to the user-supplied image, using the server, and, only if the uploaded image matches the user-supplied image, allowing the user of the multifunction device to authenticate to the server by providing additional login credentials to the server using the multifunction device.

Abstract: A computer system controls access to data. A request is received from an entity to access data comprising a primary data object corresponding to a physical item. One or more secondary data objects included in the primary data object are identified, wherein the one or more secondary data objects correspond to physical components of the physical item. Access requirements for the primary data object and the one or more secondary data objects are determined. In response to determining that the access requirements are satisfied by the entity, the entity is granted access to the data comprising the primary data object and the one or more secondary data objects. Embodiments of the present invention further include a method and program product for controlling access to data in substantially the same manner described above.

Abstract: A user requests to join a meeting is detected. The meeting includes a meeting audio stream of one or more participant audio streams that include participant timestamps that correspond to when one or more other users are in the meeting. The user is prompted for an authentication credential based on the detecting the request to join the meeting. A participant profile of the user is determined based the authentication credential. The user is authorized access to the meeting and a first timestamp is saved. A first audio stream of the user is recorded. The user is identified as having left the meeting and a second timestamp is saved. A transcript of the meeting audio stream is generated based on the first audio stream and the one or more participant audio streams. The first timestamp, the second timestamp, and the meeting are associated with the participant profile.

Abstract: Aspects of the invention include receiving a data erasure request associated with a user and identifying, based at least in part on the data erasure request, an entity associated with the user and one or more identifiers for the user. Aspects also include identifying, based at least in part on the one or more identifiers for the user, a cohort that includes the user and comparing the one or more identifiers for the user to identifiers of a plurality of users that are not members of the cohort. Aspects further include identifying a replacement user from the plurality of users based on the comparison and replacing the entity associated with the user in the cohort with an entity associated with the replacement user.

Abstract: Techniques are provided for multi-cloud authentication of data requests. One method comprises obtaining, by a first authentication entity of a first cloud environment, from a service on the first cloud environment, a request for data stored by a second cloud environment; determining a signature for the service; verifying the determined signature for the service by requesting a signature for the service registered with a second authentication entity of the second cloud environment; requesting the data from the second authentication entity of the second cloud environment in response to the determined signature being verified; and providing the requested data to the service. The requested data from the second cloud environment may be encrypted with an encryption key, and the method may further comprise decrypting the requested data with a decryption key obtained from the second cloud environment. The signature for the service may be registered as part of a deployment of the service.

Abstract: Implementations of the present disclosure relate to method and device for managing a storage system. The method comprises in response to receiving a write request at a storage system, determining whether storage units allocated to a logic storage unit of the storage system are sufficient for data associated with the write request. The method also comprises in response to determining that the allocated storage units are insufficient, allocating a new storage unit to the logic storage unit. The method further comprises updating metadata associated with allocation of the storage units of the storage system, the metadata indicating a mapping between the logic storage unit and the storage units. The method also comprises encrypting the updated metadata. Other implementations of the present disclosure also involve corresponding method, device and computer-readable medium for decryption metadata and recovering the logic storage unit using the decrypted metadata.

Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.

Abstract: Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.

Abstract: A method, non-transitory computer readable medium, and device that assists with improving web scanner accuracy includes receiving a sitemap document associated with a webpage from an application security manager apparatus. The received sitemap document associated with the webpage is scanned. Next, one or more vulnerabilities are identified in the scanned sitemap associated with the webpage. A report including the identified one or more vulnerabilities is provided.

Abstract: Network access is provided to a networking device. In one approach, a method includes: obtaining, by a gateway, access rules for a networking device; providing, by the gateway, one or more dedicated networking tunnels between the gateway and respective remote gateways to one or more respective network segments, wherein the networking device is authorized to access the one or more network segments by the access rules; and routing, by the gateway, networking packets from the networking device based on source address information in the networking packets to the one or more dedicated networking tunnels, and based on destination address information in the networking packets, routing the networking packets to a selection of the one or more dedicated networking tunnels.

Abstract: The present disclosure describes techniques that facilitate the encryption of data communications between a home and VPLMN, along with the verification of a content and origin of encrypted messages at each end of a data communication. In one non-limiting example, the process of verifying the content and origin of an encrypted message is facilitated partly by an exchange of network public keys between the HPLMN and VPLMNs. In another example, a network certificate aggregator (NCA) may act as a certificate authority (CA) by verifying the identities of interacting home and VPLMNs. The NCA may facilitate and exchange public keys between a home and VPLMN, whereby the HPLMN and VPLMNs need only trust and verify an identity of the NCA. Alternatively, the NCA may act as a conduit for data communications between the HPLMN and VPLMN.

Abstract: An application for dynamic, granular access permissions can include a database interface, a user interface, a login process, an administrator, an event handler and an authorization process. The database interface can be an interface to an access control permissions database that stores roles, actions, or policies for users of the application. The login process can authenticate a user and determine a default set of access control permissions for that user when they are using the user interface. The administrator can provide access control permissions for a user by using the database interface. The event handler can dynamically modify access to functionality in the user interface based on an event. The authorization process can determine whether a request from the user interface is authorized before process the request. The authorization process can use access control permissions from the administrator and either a scope limited or a temporally limited access permission.

Abstract: Systems, methods, and machine-readable instructions stored on machine-readable media are disclosed for copying a first permission of a file to a second permission of the file, wherein the file is stored on a host file system. The first permission is changed to a third permission. A request is received to access the file from a container file system. In response to the request and before providing the container file system with access to the file, changing the third permission to the second permission. The file is provided to the container file system based on the second permission.

Abstract: At least one aspect of the present disclosure is directed to a system for verifying the identity of a user of a nicotine dispenser. The system can include a nicotine dispenser configured to remain locked until the receipt of a signal, and a personal communication device configured to communicate with the nicotine dispenser via a wireless communication link. The personal communication device can execute an application configured to scan identification data of the user, verify the identification data of the user, and communicate the identification signal to the user. Another aspect of the present disclosure is directed to a system for monitoring and controlling use of a nicotine dispenser. The system can include a nicotine dispenser, a processor, and a nicotine-containing unit. The processor can be configured to monitor use of the nicotine dispenser, determine an amount of nicotine dispensed is greater than a threshold, and lock the nicotine dispenser.

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract: A virtual delivery appliance may communicate with a client device over a network to provide the client device with a virtualized session for a user. A processor may be configured to communicate with the client device over the network to perform a registration operation with a relying party. An application within the virtualized session may perform an authentication operation with the relying party to access a resource. The processor may be configured to forward an authentication challenge message to the client device in response to the application receiving the authentication challenge message from the relying party for the user to access the resource, and receive an authentication answer message in response to the authentication challenge message from the client device.