Abstract: A method for performing secure transactions is disclosed. The method includes: providing an access controller between a core application and a third-party application, where the access controller prevents the third-party application from unauthorized access to the core application; receiving, by the access controller, a command from the third-party application to access the core application; transmitting, by the access controller, an authorization request to a secure application storing credentials of a user; providing, by the access controller, the third-party application with access to the core application in response to the access controller receiving notification from the secure application that the command is authorized; and preventing, by the access controller, the third-party application from accessing the core application in response to the access controller receiving notification from the secure application that the command is unauthorized.

Abstract: In some embodiments, a computing system may comprise a memory for storing a ledger; a computer processor for verification of the ledger, wherein the computer processor comprises at least one of a classical computer processor configured to run a virtual quantum machine and a quantum computer comprising a plurality of qubits; wherein the ledger is configured to store arbitrary classical information and quantum information which is verifiable using the computer processor. Furthermore, in some embodiments the computing system is configured to perform operations comprising: adding to the ledger using the computer processor to solve a mathematically difficult problem which is Quantum-Merlin-Arthur-complete (QMA-complete). In embodiments, a blockchain includes a quantum state. In some aspects, a unitary operator corresponding to a quantum rotation is found when new transaction data are to be secured in the blockchain.

Abstract: A method of configuring networking, security, and operational parameters of workloads deployed in a virtualized computing environment includes the steps of: storing multiple policies, each defining one of networking, security, or operational parameters, and associating tags to each of the multiple policies, independent of deployment of a virtual computing instance in the virtual computing environment; responsive to a request to perform configuration of a virtual computing instance being deployed, retrieving policies among the stored multiple policies that are associated with same tags as tags contained in the request; generating configuration parameters for data path components in a host machine of the virtual computing instance and for data path components of the virtual computing instance based on the retrieved policies; and transmitting the generated configuration parameters to the host machine for the host machine to configure the networking, security, or operational parameters the virtual computing insta

Abstract: A method and system for eliminating contraband in postal mail at a correctional facility comprising a central processing facility and a network of inmate email kiosks and correctional institution staff review stations. The postal mail utilizes scanning stations to create electronic versions of the mail and associates various information about the sender, recipient, mail contents, and institution into a format that is easily reviewable and provides tracking data. The scanned mail may then be made available to the intended inmate and institution staff. Institution staff may also then access the associated information and tracking data.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A first request to cause a portion of the data to be associated with a heightened authentication protocol is received. In response, the portion of the data is caused to require the heightened authentication protocol for access. A second request for a file that is stored in the area that is associated with the heightened authentication protocol is received. The second request is authenticated based on the heightened authentication protocol. In response to authenticating the second request, permission is granted to access the file. In response to a failure to authenticate the second request, access to the file is denied, while access to files stored in other areas associated with the user account is allowed.

Abstract: Certain aspects of the present disclosure provide techniques for providing a compliance report of data processing to a governing authority. In order to adhere to a regulation of a governing authority, upon receiving the request for a compliance report, a data category and each processing capability category is extracted from a live data catalog service. Based on the extracted categories, a record of data processing is generated for each processing capability category associated with a data category. Further, based on the data category extracted, a compliance report template is retrieved. With the compliance report template and records of data processing, a compliance report is generated and provided to the governing authority.

Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping to their preferred privacy preferences when making a purchase online. Differences between the privacy policy of a vender and the privacy preferences of the consumer may be output for display to the consumer, along with alternative vendor recommendations, including vendors having privacy policies more closely match with the privacy preferences of the consumer.

Abstract: A method for use in a hybrid network ecosystem comprising an enterprise network and a reconciliation network is presented. The method comprises generating, by at least one first computing node in the enterprise network or the reconciliation network, a first digital facilitator, wherein the first digital facilitator provides one or more parameters for accessing or distributing data on a distributed ledger in the enterprise network, and wherein a private key is used for performing a computing operation, based on the data, in the enterprise network. The method also comprises generating, by the at least one first computing node in the enterprise network or the reconciliation network or at least one second computing node in the enterprise network or the reconciliation network, a second digital facilitator, wherein the second digital facilitator provides the one or more parameters for accessing or distributing the data in the reconciliation network.

Abstract: The invention relates to a method for controlling access to a first network, comprising receiving, by a first network access device of the first network, an access request from a visiting user device, determining, by the first network access device, if the visiting user device was granted an access to the first network, if the visiting device has not been granted an access to the first network, determining if there is a second network access device that granted the visiting user device an access to a second network and the second network access device is linked to the first network access device, and if the second network access device exists, granting the visiting user device an access to the first network by the first network access device.

Abstract: The disclosed computer-implemented method for protecting a cloud computing device from malware may include (i) intercepting, at a computing device, a malicious attempt by the malware to (A) access sensitive information in an encrypted file stored on the computing device and (B) send the sensitive information to the cloud computing device and (ii) performing, responsive to the attempt to access the encrypted file, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods are described for receiving a first request from a user to grant authorization for a first data recipient to access user information associated with a data provider, and receiving a second request from the user to grant authorization for a second data recipient to access user information associated with the data provider. An authentication token is received from the data provider, where the authentication token enables access to user information associated with the data provider. A first token may be generated for, and provided to, the first data recipient and a second token may be generated for, and provided to, the second data recipient. In response to receiving the first token from the first data recipient, user information data may be provided to the first data recipient. In response to receiving the second token from the second data recipient, user information data may be provided to the second data recipient.

Abstract: Various examples described herein are directed to systems and methods for managing an interface between a user and a user computing device. The user computing device may determine that an audio sensor in communication with the user computing device indicates a first command in a user voice of the user, where the first command instructs the user computing device to perform a first task. The user computing device may determine that the audio sensor also indicates a first ambient voice different than the user voice and match the first ambient voice to a first known voice. The user computing device may determine that a second computing device associated with the first known voice is within a threshold distance of the user computing device and select a first privacy level for the first task based at least in part on the first known voice.

Abstract: Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).

Abstract: Log based analysis systems and methods for protecting computers and networks from malicious communications and malware attacks by analyzing log data obtained from client networks having network entities representing business units or customers. The system may further comprise a plurality of client asset machines, each operable to execute a security product associated with a security product vendor and log associated information of the network entities into at least one log file. The log files may be uploaded onto a log-analytics detection platform for analysis using learning algorithms operable to generate a risk factor attribute for at least one entity.

Abstract: A method for logging in to a system is provided in which a mobile terminal is provided with a function to create a high-density two-dimensional code, access information for accessing an electronic chart system and a time stamp are recorded in the high-density two-dimensional code, the high-density two-dimensional code is deformed, generated and displayed in synchronism with time information of the time stamp, and a high-density two-dimensional code generated by a high-density two-dimensional code authentication read scanner is read, whereby logging in to the electronic chart system becomes possible while taking security into consideration.

Abstract: A computer program product for providing notifications to a user of an intrusion into firmware includes, in one example, non-transitory computer readable medium including computer usable program code embodied therewith to, when executed by a processor, detect intrusion to the firmware of a computing system during runtime in a system management mode.

Abstract: Reverse authentication can be performed in a VDI environment to enable an authentication device to gain access to a client without requiring that the authentication device's drivers be installed on the client. When an authentication device is connected to the client while the client is locked or not logged in, the authentication device can be redirected to a virtual appliance on which the authentication device's drivers are installed. The authentication device can then be used to authenticate the user via the virtual appliance. When authentication is successful, the virtual appliance can send the resulting authentication information back to the client to enable the user to be logged in to the client. Additionally, the virtual appliance can return the authentication device to the client. The client can then employ the authentication information to establish a remote session on a server and redirect the authentication device to the remote server.

Abstract: According to one embodiment, a method detecting and mitigating a privilege escalation attack on an electronic device is described. The method involves operations by a user agent mode operating within a user space and a kernel driver mode operating within a kernel space. The kernel driver mode, in response to detecting an initial activation of a process being monitored, stores metadata associated with an access token. This metadata includes the initial token state information. Responsive to detecting an event associated with the process being monitored, the kernel mode driver extracts a portion of current state information for the access token for comparison to a portion of the stored token state information. Differences between content within the current state information and the stored token state information are used, at least in part, by the user agent mode to detect a privilege escalation attack.

Abstract: Embodiments described herein are related to a method for password streaming. The method comprises: upon receiving, at the first device, a first entry corresponding to a password in the password user interface, the first entry adding a first character to the password: adding the first character to an editing placeholder stored in memory of the password user interface; transmitting a command to a password storage component separate from the memory of the password user interface, wherein the command represents the first entry, wherein the password storage component is configured to store the password and edit the password to include the first character based on the command; and overwriting the first character with a first masking character in the editing placeholder based on transmitting the command.

Abstract: This disclosure describes techniques for calculating a vulnerability score for a malicious threat based on Indicator of Compromise (IoC) metadata retrieved from a computing device or underlying network. Further, an Indicator of Compromise (IoC) Calculation (IoC-C) system is described that may monitor a client interaction on a computing device, and further identify IoC metadata that may relate to a malicious threat. The IoC-C system may further generate a vulnerability score that numerically quantifies a risk that the malicious threat poses to the computing device or underlying network. The vulnerability score may account for environmental criteria that mitigate an effect of the malicious threat. The IoC-C system may also generate a reporting data packet that includes an informational message identifying a potential risk posed by a malicious threat, or a response protocol that dynamically prevents, mitigates or quarantines an effect of the malicious threat on a computing device or underlying network.