Abstract: A system for database restoration across service regions. The system includes data storage and backup data storage in the first region. The system includes a frontend for the database service configured to receive, from a client, a request to restore a database to the first region from backups stored in another backup data storage in a second region and to receive an authentication token for the request from the client. The system also includes a backup restore manager service for the first region configured to send, to another backup restore manager service implemented in the second region, a credential request for a second region credential authorizing retrieval of the one or more other backups from the second region. The backup restore manager service sends a backup restore request to retrieve the backups from the other backup data storage and loads the backups to restore the database in the first region.

Abstract: Systems and methods for verifying requests for personal information are described. A server computing system may receive a request for personal information associated with a requester, the request sent based on a government regulation related to consumer privacy rights, the request including a first identifier provided by the requester, the personal information stored in one or more databases based on one or more past transactions engaged between the requester and an entity associated with the one or more databases. The server computing system may search the one or more databases using the first identifier to identify a second identifier related to the first identifier, the second identifier stored in the one or more databases by the entity based on the one or more past transactions. The server computing system may verify identity of the requester using at least the second identifier.

Abstract: This disclosure describes techniques for calculating a vulnerability score for a malicious threat based on Indicator of Compromise (IoC) metadata retrieved from a computing device or underlying network. Further, an Indicator of Compromise (IoC) Calculation (IoC-C) system is described that may monitor a client interaction on a computing device, and further identify IoC metadata that may relate to a malicious threat. The IoC-C system may further generate a vulnerability score that numerically quantifies a risk that the malicious threat poses to the computing device or underlying network. The vulnerability score may account for environmental criteria that mitigate an effect of the malicious threat. The IoC-C system may also generate a reporting data packet that includes an informational message identifying a potential risk posed by a malicious threat, or a response protocol that dynamically prevents, mitigates or quarantines an effect of the malicious threat on a computing device or underlying network.

Abstract: Exemplary embodiments are directed to a method and apparatus for storing data for a batch of manufactured items. The method comprises defining in a processor, using a lower limit identifier and an upper limit identifier, a range of unique item identifiers for the batch, wherein each manufactured item in the batch is allocated a unique item identifier falling within the range. The item identifiers are stored in allocated storage space. If an upper limit identifier is specified for each time interval, an amount of storage specified for all manufactured items during a production time period is calculated as a sum of a first product and a second product, the first product being a product of a production time and a size allocated to each upper limit identifier, and the second product being a product of the production time, a total number of manufactured items, and a percentage of unused identifiers.

Abstract: Managing data in a distributed computing environment, such as a cloud computing platform for healthcare. The platform selects a set of hierarchical resources deployed in the distributed computing environment, wherein the set of hierarchical resources comprises a resource member. The platform converts the set of selected hierarchical resources to a localized schema. The platform determines a score for the resource member based on the proximity of the resource member to the healthcare privacy dictionary, wherein the proximity is determined using the localized schema. The platform updates the set of hierarchical resources based on the determined score. The platform controls access to a resource member based on the score determined based on a proximity of a localized schema representation of the resource member to a healthcare privacy dictionary.

Abstract: A method for operating at least one log-analytics detection platform for detecting security threats associated with a client network, comprising: obtaining, via a communication network, log files from a client network, each log file comprising a log record associated with a channel and including an outbound communications log; extracting a channel feature set for said channels from said log files, said channel feature set comprises data pertaining to an associated entity, at least one channel feature being behavior of communication over a channel; aggregating said channel associated features for each of the channels into a data repository; generating a risk factor characterized by an entity score for said least one entity associated with entities of said channels; and blocking of communication for said entity when said risk factory is indicative of said entity being a security threat.

Abstract: A method of improving integrity of a computer system includes executing certifiable and qualifiable software applications. The certifiable software application is composed of static program instructions executed sequentially to process input data to produce an output, and the qualifiable software application uses a model iteratively built using a machine learning algorithm to process the input data to produce a corresponding output. The certifiable software application is certifiable for the computer system according to a certification standard, and the qualifiable software application being non-certifiable for the computer system according to the certification standard. The method also includes cross-checking the output by comparison with the corresponding output to verify the output, and thereby improve integrity of the computer system.

Abstract: Systems and methods for management and configuration of personal digital privacy and security. A list of protected accounts is received, where each protected account is an online user account associated with a user. For each protected account of the list, a privacy configuration is generated, based at least in part on one or more user-specific privacy rules. A login session for the protected account is accessed, without transmitting or receiving the user's password for the protected account. Based on the accessed login session for the protected account, a plurality of current status indicators are determined for a plurality of privacy settings associated with the protected account. The current status indicators are analyzed to generate updated configuration settings for one or more of the privacy settings of the protected account, and the updated configuration settings are applied to the protected account.

Abstract: A system for dynamic data modification and correction is provided. The system comprising: a memory device with computer-readable program code stored thereon; a communication device connected to a network; a processing device, wherein the processing device is configured to execute the computer-readable program code to: monitor a first data storage location for an artifact stored in the first data storage location, the artifact comprising unobscured private data; move the artifact to a second data storage location based on identifying the unobscured private data; generate a context rule set for the artifact based on an artifact type and one or more data fields of the artifact; modify the artifact to remove the unobscured private data based on the context rule set; and reintroduce the modified artifact to the first data storage location.

Abstract: The described technology provides for plural application processes including at least one application in a browser to reliably acquire device information that can be used by other processes to accurately determine whether the plural applications are running on the same client device and/or are associated with aspects of the same client device. The more reliable determination of the devices associated with respective application processes can be used for various purposes such as, for example, user access management capabilities such as improved single sign-on (SSO) capability and/or improved multiple login prevention (MLP) capability.

Abstract: A device comprises a sensor and processing circuitry coupled to the sensor. The sensor is configured to obtain authentication information from an identification label of a cartridge of an electronic vaping device. The processing circuitry is configured to perform authentication of the cartridge based on the authentication information; and determine whether to unlock a battery section of the electronic vaping device to power the cartridge based on a result of the authentication of the cartridge.

Abstract: Methods, systems, and apparatuses embodied herein control and track access to secured data independent of the asset storing the secured data. In this regard, some embodiments organize volumes including one or more datasets and attach one or more assets to each volume. Some embodiments further receive data permissions of use information, for example from a data steward device, for the volume and datasets, which are registered with the volume and the datasets. Some embodiments further receive a set of restrictions, retrieve the dataset permissions of use information for one or more dataset identifiers, and determine the restrictions do not conflict with the dataset permissions of use information. Some embodiments further generate, and subsequently store, an indication the set of restrictions is valid when the dataset permissions of use information does not conflict. Permissions of use information may be organized into persona data objects assigned to various user profiles.

Abstract: Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

Abstract: Security control governance can significantly thwart attacks from external data. Inline processing can reduce and limit attack surfaces and enforce validators preselected for applications. Processing and saving data can be controlled based on confirmation that an application has implemented requisite security controls to validate data. The applicability of such a technical improvement to system operations improves the technical operations of most any system with one or more applications that accept potential attack surface items, such as data, data fields, or data types, from “open” or uncontrolled sources.

Abstract: Methods, apparatus, systems and articles of manufacture to provide resource security are disclosed. Example methods and apparatus manage a benchmark specific to a resource, the benchmark created during development of the resource and including a collection of rules to constrain behavior of the resource, enable a rule of the benchmark that corresponds with a type of the resource, disable a rule of the benchmark that does not correspond with the type of the resource, test the enabled rule of the benchmark against the resource, identify an insufficiency of the resource based on the enabled rule of the benchmark, and remediate the insufficiency of the resource to comply with the enabled rule of the benchmark.

Abstract: Systems and methods involving a user authentication system for granting access to digital systems and content, computing systems and devices and physical locations. The authentication system granting access to digital systems and content involves a mobile device, a computing device and a server. The authentication system granting access to computing systems and devices and physical locations involves a mobile device, an interface device, a secure system and a server. The authentication systems described permit a user to access digital systems and content, computing systems and devices and physical locations using only the user's mobile device. The mobile device runs mobile application that performs the authentication functionality using biometric data obtained on the mobile device. The authentication data is stored on the mobile device in an encrypted format and is not shared with the other devices in the authentication system.

Abstract: Embodiments of the invention include an entity, such as ePDG or TWAN entity, capable of serving a User Equipment for WLAN access to a Packet Core such as EPC of a mobile network, said entity configured to: provide at least one of: an indication whether IMEI checking is requested, an indication whether IMEI checking by a visited EIR or by a home EIR is requested, an indication of an action to be taken upon IMEI check result.

Abstract: A system and method for providing cable security in a network is generally described. The method includes receiving a request to remove a cable, where the request includes a first password and a second password, and wherein the cable connects a first port and a second port. The method further includes determining a first authenticity of the first password. After determining the first authenticity of the first password, the method further includes suspending a data flow through the cable, virtually mapping, by a storage device configuration unit, the first port to a third port, and transmitting the data flow from the third port to the second port. The method further includes determining an authenticity of the second password. After determining the authenticity of the second password, the method includes unlocking a physical lock connected to the cable.

Abstract: A method for authenticating access to private health information (PHI) includes receiving a converted version of a spoken initiation of a retrieval of PHI. The method also includes requesting out-of-band authentication information from a user. The out-of-band authentication information that is requested contains different information than the spoken initiation of the retrieval of the PHI. The method also includes determining whether the out-of-band authentication information received from the user satisfies an authentication criterium associated with the user, obtaining the PHI requested by the user via the spoken initiation provided to the first device responsive to the out-of-band authentication information, and presenting the PHI requested by the user via the first device.

Abstract: A wireless communication network serves a wireless user device with a wireless communication service from a wireless network slice that includes a Virtual Network Function (VNF). The VNF maintains hardware-trust with a distributed ledger. The distributed ledger maintains hardware-trust with the VNF. The VNF delivers the wireless communication service to the wireless user device from the wireless network slice. The VNF generates slice data that characterizes the service delivery. When the VNF maintains the hardware-trust with the distributed ledger, the VNF transfers the slice data to the distributed ledger. When the distributed ledger maintains the hardware-trust with the VNF, the distributed ledger stores the slice data.