Abstract: A method executed by a computer includes receiving an image from a client device. A facial recognition technique is executed against an individual face within the image to obtain a recognized face. Privacy rules are applied to the image, where the privacy rules are associated with privacy settings for a user associated with the recognized face. A privacy protected version of the image is distributed, where the privacy protected version of the image has an altered image feature.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Abstract: A method includes, at a server in a network, detecting for a user device network incidents relating to one or more security threats in the network using a plurality of threat detectors over a predetermined time period, each of the network incidents including one or more behavior indicators; assigning the network incidents into one or more groups, wherein each group corresponds to a type of security threat; generating a graph for a particular group of the user device, wherein the graph includes a plurality of nodes each representing a behavior indicator in the particular group, and wherein generating the graph includes assigning an edge to connect two nodes of the plurality of nodes if the two nodes correspond to behavior indicators that belong to a same network incident; and displaying the graph on a graphical user interface for a user.

Abstract: Some embodiments are directed to a password generation device that includes an input unit arranged to receive, from a user device, a computer address for accessing a computer resource, a user identifier indicating a user of the user device, a user password, and a password unit arranged to determine a first combined identifier from a base address system-identifier, a user system-identifier, and the user password. Moreover, the password generation device may be configured for password verification and/or validation.

Abstract: Introduced here are computer programs and computer-implemented techniques for discovering malicious emails and then remediating the threat posed by those malicious emails in an automated manner. A threat detection platform may monitor a mailbox to which employees of an enterprise are able to forward emails deemed to be suspicious for analysis. This mailbox may be referred to as an “abuse mailbox” or “phishing mailbox.” The threat detection platform can examine emails contained in the abuse mailbox and then determine whether any of those emails represent threats to the security of the enterprise. For example, the threat detection platform may classify each email contained in the abuse mailbox as being malicious or non-malicious. Thereafter, the threat detection platform may determine what remediation actions, if any, are appropriate for addressing the threat posed by those emails determined to be malicious.

Abstract: An integrated circuit comprising a CPU coupled to a system bus, a network interface configured to interface with an external device, and a crypto neuromorphic core coupled to the system bus. The cryptographic core comprising a processor or core, an internal bus, and a non-transitory computer-readable memory, wherein the crypto neuromorphic core is isolated from the CPU and the network interface via the system bus and the crypto neuromorphic core runs its own operating system. The crypto neuromorphic core is configured to: contain a secure core comprising a secure processor and dedicated/protected memory; store a private key in the dedicated/protected memory accessible to the secure core but not accessible to other components of the crypto neuromorphic core, the central processing unit, and the network interface; add data to a blockchain using the private key via the network interface; and read data from the blockchain via the network interface.

Abstract: A technique for storage-efficient cyber incident reasoning by graph matching. The method begins with a graph pattern that comprises a set of elements with constraints and connections among them. A graph of constraint relations (GoC) in the graph pattern is derived. An activity graph representing activity data captured in association with a host machine is then obtained. In response to a query, one or more subgraphs of the activity graph that satisfy the graph pattern are then located and, in particular, by iteratively solving constraints in the graph pattern. In particular, a single element constraint is solved to generate a result, and that result is propagated to connected constraints in the graph of constraint relations. This process continues until all single element constraints have been evaluated, and all propagations have been performed. The subgraphs of the activity graph that result are then returned in response to a database query.

Abstract: There are provided systems and methods for authentication through multiple pathways depending on device capabilities and user requests. A user may wish to utilize some device process, such as unlocking and accessing the device to utilize the device's operating system or access and use of a device application or other module (e.g., a camera). The device may be protected by an authentication profile that includes one or more authentication pathways in order to authenticate the user to use those processes. The device may collect user data using device components, such as biometrics, user movements, environmental factors, or other information. The device may attempt to authenticate the user through one of the authentication pathways. If the collected user data is insufficient for one pathway, another pathway may be used. If the user is authenticated under any pathway, the device may provide access to the correspond process.

Abstract: The technology disclosed enables metadata-based policy enforcement for requests that do not include metadata relevant to a policy. In a particular example, a method provides, in a network security system interposed between clients and a cloud application, receiving an incoming request from a client directed towards the cloud application. In response to determining that the incoming request lacks metadata for enforcement of a policy, the method includes transmitting a synthetic request to obtain the metadata from the cloud application and receiving a response to the synthetic request. The response provides the metadata. The method further includes applying the policy to the incoming request based on the metadata.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Abstract: Disclosed is a secret-key provisioning (SKP) method and device based on an optical line terminal (OLT), which can generate an SKP queue according to key requests received; generate at least one secret-key according to the SKP queue; and store the at least one secret-key in key pools (KPs) of corresponding ONUS. A non-transitory computer-readable storage medium is also disclosed.

Abstract: A method for updating network access application authentication information applicable to a terminal having an embedded universal integrated circuit card (eUICC) that has at least one profile. The method includes receiving, by the terminal, a first message from a remote server, where the first message includes network access application (NAA) authentication parameter update information and a first identifier, updating, by the terminal, authentication information of a profile corresponding to the first identifier based on the NAA authentication parameter update information, and detaching, by the terminal, from a network and re-attaching to the network based on updated authentication information of the profile.

Abstract: A method for flagging journal entries within a general ledger is described. A plurality of assessment routines are executed on transaction lines of the journal entries within the general ledger, each assessment routine of the plurality of assessment routines i) being configured to generate a base score for each transaction line, and ii) associated with a corresponding flagging threshold. A composite score is generated for each transaction line using the base scores generated by the plurality of assessment routines. For each journal entry within the general ledger: the journal entry is flagged when one or more base scores for the journal entry exceed the corresponding flagging thresholds of the assessment routines, or when none of the base scores for the journal entry exceed the corresponding flagging thresholds and the composite score exceeds a composite threshold. A report of flagged journal entries is generated.

Abstract: Systems and methods of the present disclosure enable for a delayed, two-factor authentication to occur in networked devices. The system and methods can enable the immediate delivery of digital components, which results in fewer abandoned requests, and saves network resources. The system and methods can enable the authorization of data transmissions in networked computer devices that include limited user interfaces, such as voice-based interfaces.

Abstract: Example method includes: establishing a secure tunnel with an unauthenticated client device associated with a user of a restricted network; receiving user credentials associated with the user and transmitted from the unauthenticated client device within the secure tunnel; validating the received user credentials; and transmitting at least a client certificate and device configuration information to the unauthenticated client device within the secure tunnel such that the unauthenticated client device is able to access the restricted network after installing the client certificate and applying the device configurations based on the received device configuration information.

Abstract: Example embodiments of systems and methods for data transmission between a contactless card, a client device, and one or more servers are provided. The memory of the contactless card may include one or more applets and a counter. The client device may be in data communication with the contactless card and one or more servers, and the one or more servers may include an expected counter value. The client device may be configured to read the counter from the contactless card and transmit it to the one or more servers. The one or more servers may compare the counter to the expected counter value for synchronization. The contactless card and the one or more servers may resynchronize the counter, via one or more processes, based on one or more reads of the one or more applets. The one or more servers may authenticate the contactless card based on the resynchronization.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key. Example embodiments of systems and methods can be used to provide further authentication and added levels of security for transactions.

Abstract: The invention described herein is directed to a secure text messaging and object sharing mobile application connected to a DRM cloud service that provides encryption, digital rights management (DRM) of the text and of the attachments, blockchain transactions, the capability of attaching documents, photos and so forth, the capability of interfacing with a user's contacts application, and that operates in both Android and iOS environments.

Abstract: Embodiments relate to a system that may include a third-party server and a domain name system (DNS). The third-party server may be configured to receive a request for a credential from a named entity device for the named entity device to communicate with an application programming interface (API). The API may be associated with a domain. The third-party server may obtain the credential from the API. The third-party server may encrypt the credential with a public key corresponding to the named entity device to generate an encrypted credential. The DNS may be configured to receive the encrypted credential and publish a DNS record at a namespace of the DNS, the DNS record containing the encrypted credential for the named entity device to retrieve the credential. The named entity device may decrypt the encrypted credential by the private key stored at the device.

Abstract: A method of verifying telecommunications messaging traffic between two entities and monetizing the verified traffic. A receiving entity receives a message from a sending entity. The message includes a hash value computed by the sending entity based on the content of the message. The hash value is encrypted using a private key of the sending entity. The receiving entity identifies, within a blockchain, a Decentralized Identifier (DID) associated with the sending entity, resolves the DID into a DID document, and retrieves therefrom a public key associated with the sending entity. The receiving entity decrypts the hash value provided by the sending entity using the retrieved public key. The receiving entity independently computes a hash value based on the message content and compares the computed hash value against the decrypted hash value. If the hash values match, the message is verified and routed to its target recipient.