Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: A method for a quantum key distribution from a first target node to a second target node across a network via an entanglement-based protocol, including the following steps: transferring entangled particles from a load node to the first target node and to at least one intermediate node; generating a quantum key with the entangled particles transferred to the first target node and the at least one intermediate node; transmitting the quantum key to the second target node on a first path located on the network with a stage of secure quantum key transmission agreement starting from the at least one intermediate node by encrypting intervals of binary nodes with pre-shared quantum keys; and providing a secure communication with the quantum keys between the first target node and the second target node on a second path located on the network.

Abstract: A method in a first virtual private network (VPN) server associated with clustering a plurality of VPN servers in a clustered network, the method including receiving, from a VPN service provider (VSP) control infrastructure, VPN data associated with a user device having an established VPN connection with the clustered network; and communicating, utilizing key information, the VPN data with the user device during the established VPN connection. Various other aspects are contemplated.

Abstract: Various embodiments of the present invention relate to a device and method for providing connection between an electronic device and other electronic devices through figure input.

Abstract: A method, system and computer-usable medium are disclosed for operating an endpoint agent at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint agent at an endpoint device, including: operating the endpoint agent to selectively subscribe to events corresponding to activities occurring at an endpoint platform; processing events received from a message bus by the endpoint agent, where the events processed by the endpoint agent are events to which the endpoint agent has subscribed; and communicating, to a service, information corresponding to the events processed by the endpoint agent. Other embodiments of this aspect of the invention may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

Abstract: Systems and methods for detecting malicious behavior in a network by analyzing process interaction ratios (PIRs) are provided. According to one embodiment, information regarding historical process activity is maintained. The historical process activity includes information regarding various processes hosted by computing devices of a private network. Information regarding process activity within the private network is received for a current observation period. For each process, for each testing time period of a number of testing time periods within the current observation period, a PIR is determined based on (i) a number of unique computing devices that host the process and (ii) a number of unique users that have executed the process. A particular process is identified as potentially malicious when a measure of deviation of the PIR of the particular process from a historical PIR mean of the particular process exceeds a pre-defined or configurable threshold during a testing time period.

Abstract: A computing device is provided that includes a processor having a plurality of pins that are electrically coupled to a plurality of pins of a connector, and a memory device storing a state table that maps the plurality of pins of the connector to a plurality of connection types. The processor is configured to perform an authentication process for at least one connection type to determine whether an authenticated device configured for the at least one connection type is coupled to the connector. The authentication process is performed at least in part by sending an authentication signal to one or more of the plurality of pins of the connector mapped to the at least one connection type, and receiving an expected authentication signal response on one or more of the plurality of pins of the connector mapped to the at least one connection type.

Abstract: Provided is an electronic device, including a housing, a fixing hole, a platform and a sensor. The fixing hole is located at the housing and configured to detachably fix an identification element. The platform extends outward from the lower edge of the fixing hole. The sensor is disposed on the platform and configured to communicate with the identification element.

Abstract: Described are systems, methods, and computer-program product embodiments for providing Session Initiation Protocol (SIP) network security. In some embodiments, a SIP processing system includes a SIP device configured to receive a packet stream from a first SIP user agent and facilitate a SIP communication session between the first SIP user agent and a second SIP user agent. The SIP device receives the SIP messages in the SIP communication session and opens one or more socket connections with one or more security systems. The SIP device transmits metadata of the SIP messages to the one or more security systems configured to detect threats. Based on a threat status generated by and received from the one or more security systems, the SIP device controls the SIP communication session.

Abstract: Described herein are techniques and technologies to identify an encrypted content within a field of view of a user of a VR/AR system and process the encrypted content appropriately. The user of the VR/AR technology may have protected content in a field of view of the user. Encrypted content is mapped to one or more protected surfaces on a display device. Contents mapped to a protected surface may be rendered on the display device but prevented from being replicated from the display device.

Abstract: A system includes processing circuitry and a system memory configured to store at least one software image. The at least one software image includes at least one program image and a keychain image associated with the at least one software image, the keychain image including at least one soft key. The processing circuitry is configured to obtain a desired soft key associated with the at least one software image from the keychain image based on key information included in the at least one software image, and authenticate the at least one software image based on the obtained soft key.

Abstract: Secure digital assistant integration with web pages is provided. The system receives an intent manifest data structure that maps actions of a digital assistant with link templates of an electronic resource developed by a third-party developer device. The system validates the electronic resource based on the intent manifest data structure. The system receives, from a data exchange component of an iframe of the electronic resource loaded by a client computing device, an identifier of the client computing device. The system receives a foreground state of the electronic resource from an onsite state sharing API. The system selects a data value for a parameter based on the foreground state and the intent manifest data structure. The system provides the data value. An authorization component generates an authorization prompt, receives input, and transmits the data value to an onsite intent execution API of the electronic resource to execute an action.

Abstract: Systems and methods are provided for registering with a given application. The systems and methods include operations for receiving, with a messaging application, a request to authenticate a phone number from the given application, the phone number being input by a user to register an account with the given application; determining that the phone number received in the request matches a user phone number stored in a user account associated with the messaging application; in response to determining that the phone number received in the request matches the user phone number stored in the user account, transmitting a communication from the messaging application to the given application indicating that the phone number has been authenticated; and causing the given application to register the account for the user to enable the user to log into the given application.

Abstract: Providing a method and a corresponding system for encrypting customer workload data through a trusted entity such as a self-boot engine (SBE). More specifically, there is a method and a corresponding system for securely extracting out customer centric data in a manner that requires the customer payloads and/or workloads to register with the SBE and share the encryption key.

Abstract: An authorized access list generation method including: at least one network service providing device registering for an authorized access list notification service with a server, the authorized access list including at least one authorization related record of at least one legitimate user device; the legitimate user device outputting a user ID to the server to log into the server, and directly sending an access request to a target network service provider after logging into the server, and continuing to provide an IP address being used and a device ID to the server to update a corresponding authorization related record; and the target network service providing device comparing the IP address, stored in each authorization related record of the authorized access list, with the IP address of a user device issuing an access request, and rejecting the access request if no matched result is found.

Abstract: Described embodiments provide systems and methods for validating connections while mitigating cookie hijack attacks. A device intermediary between a client and a server can receive a request from the client to establish a connection. The device may send a cookie to the client, the cookie generated according to a connection identifier and a shared counter. The device may receive a response from the client that includes a client validation cookie for validating the request. The client validation cookie may be generated according to the cookie. The device may determine a candidate validation cookie according to a value of a counter range of the shared counter, that matches the client validation cookie. The device may validate the request responsive to the determination.

Abstract: A working method includes: a client receives and parses an authentication request to obtain an application identifier, an authentication policy and a challenge value; generates a signature key identifier list according to the authentication policy; sends an identity information verifying instruction generated according to the challenge value, the application identifier and the signature key identifier list; an authenticator obtains a signature private key and a signature key identifier according to the signature key identifier list and the application identifier; generates a final challenge hash value according to the application identifier and the challenge value; generates a signature value according to the final challenge hash value, the preset authenticator identifier and the signature key identifier; sends the signature value to a server; the server receives the signature value and verifies the signature value, determines whether the verifying is successful, if yes, the verifying is successful; otherwise

Abstract: A system may include: a server comprising a rule cache; a user device communicably coupled to the server; a computer-readable medium comprising instructions that cause the server to: monitor a plurality of third-party data sources; obtain, via a queueing service, a plurality of pieces of content from the plurality of third-party data sources; for each piece of content, fetch a rule ID from a list of rule IDs on the user device, wherein the rule ID is fetched based on the content and a pre-selected setting on the user device; use the rule ID to fetch a rule from the rule cache, the rule comprising a script, the script comprising executable code; execute the script on the piece of content to determine if the piece of content matches the rule; and in response to determining that the piece of content matches the rule, send an alert to the user device.

Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include creating a listing in a data exchange, the listing including a data set hosted by a first cloud computing entity. The data set can be shared with a second cloud computing entity. The method further includes receiving a request associated with a customer account of the second cloud computing entity to access the data set of the listing hosted by the first cloud computing entity and replicating at least a subset of the data set of the listing from the first cloud computing entity to a provider account at the second cloud computing entity to be accessible by the customer account at the second cloud computing entity.

Abstract: Disclosed is a method and authentication server for authentication of users requesting access to a restricted data resource from a communication device. Communication between the communication device and the authentication server passes via an access server, and the RADIUS protocol is used for the communication between the authentication server and the access server. After validating password and username entered by a user, the authentication server sends a request to the communication device to enter an authentication device ID. When receiving an entered authentication device ID, the authentication server performs authentication of the user based on a second authentication procedure using the received authentication device ID and when the second authentication procedure is successful, the user is granted access to the restricted data resource. The user can therefore decide which of a plurality of different authentication devices to use.