Abstract: A generic wireless device management system and a method for operating the management system in a controlled environment is disclosed. The enterprise management system includes a generic wireless device and a generic provisioning server. The generic wireless device, which is initially in a generic blank state, coordinates with the generic provisioning server to authenticate an inmate and to load an inmate profile. After loading the inmate profile, the generic wireless device provides access to content specific to the inmate. After the inmate signs out of the generic wireless device, the generic wireless device is returned to a generic blank state.

Abstract: A computer-implemented system and method for receiving a request to associate one or more application instance definitions with an application identity of an application configured with a set of permissions to access computer resources in an environment of a computing resource service provider. The system and method cause a computer system to store the one or more application instance definitions in association with the application identity of the application. The system and method also cause the computer system to evaluate a request originating from an application corresponding to the application identity and the application instance definition to determine if fulfillment of the request complies with the permissions.

Abstract: The disclosure relates to systems and methods for targeted messaging, workflow management, and digital rights management for geofeeds, including content that is related to geographically definable locations and aggregated from a plurality of social media or other content providers. The system may facilitate targeted messaging to users who create content. The targeted messaging may be based on the content (or location related to the content) such as a request for additional information or a promotional message. The system may generate workflows that allow management of the content with respect to operational processes of an entity that wishes to use the content and facilitates the management of usage rights related to the content as well as payments related to such usage rights. For example, the system may store whether content requires permission to use the content and/or whether such permission was obtained and facilitates payment.

Abstract: In one implementation, a client device receives a request from a user to output a representation for a credential of the user. In response to receiving the request from the user to output the representation for the credential of the user, the client device obtains data identifying a third-party having authority to grant the user access to the credential of the user. The client device then obtains a representation of a credential associated with the third-party and validates the representation of the credential associated with the third-party. In response to validating the representation of the credential associated with the third-party, the client device outputs the representation for the credential of the user.

Abstract: Devices, systems and methods are disclosed that receive encrypted media files from a remote device during pre-caching. The encrypted media files may be transferred from the remote devices prior to a user issuing a request to share the particular media file. The remote device may maintain cryptographic keys associated with the sent encrypted media files and only share a cryptographic key associated with a media file the user wishes to share. Without the cryptographic keys, the local device cannot access the contents of the pre-shared encrypted media files in a cache. Upon the user sharing the media file and the local device receiving the cryptographic key, the local device may use the cryptographic key to decrypt the encrypted media file and display the media file at a significantly reduced latency than if the media file were sent only upon the sharing request.

Abstract: Data is durably backed up for a limited amount of time. The data may be encrypted under a key and the key may be encrypted under a backup key. The backup key has a limited lifetime at the end of which the backup key is destroyed. After the backup key is destroyed, recoverability of the data depends on whether the key was deleted. In some examples, the data is a set of cryptographic keys.

Abstract: Disclosed are various embodiments for a behavior-based identity system that recognizes and/or authenticates users based at least in part on determining stored behavioral events. For example, stored behavioral events may have been observed previously at a client or have been predefined by an authenticated user. Multiple behavioral events expressed by the client relative to a network site are recorded. The behavioral events may correspond to data that a user has elected to share, and the user may opt-in or opt-out of the behavior-based identity system. A comparison is performed between the multiple observed behavioral events and the stored behavioral events associated with a user identity. An inverse identity confidence score as to whether the user identity does not belong to a user at the client is generated based at least in part on the comparison.

Abstract: The various technologies presented herein relate to determining a network attack is taking place, and further to adjust one or more network parameters such that the network becomes dynamically configured. A plurality of machine learning algorithms are configured to recognize an active attack pattern. Notification of the attack can be generated, and knowledge gained from the detected attack pattern can be utilized to improve the knowledge of the algorithms to detect a subsequent attack vector(s). Further, network settings and application communications can be dynamically randomized, wherein artificial diversity converts control systems into moving targets that help mitigate the early reconnaissance stages of an attack. An attack(s) based upon a known static address(es) of a critical infrastructure network device(s) can be mitigated by the dynamic randomization.

Abstract: Computer systems and methods in various embodiments are configured for improving the security and efficiency of server computers interacting through an intermediary computer with client computers that may be executing malicious and/or autonomous headless browsers or “bots”.

Abstract: Selective regulation of information transmission from mobile applications to a third-party privacy compliant target system. A privacy policy is configured for and mapped to each of a multiplicity of mobile application concerns, with each privacy policy comprising rules regulating the transmission of information to a third-party privacy compliant target system. Instrumentation instructions can be integrated with a mobile application and provided to a mobile device. The instrumentation instructions direct the mobile application to submit a privacy policy request comprising a mobile application identifier from the mobile device to a third-party privacy compliance system and enable sending information from the mobile device to the third-party privacy compliant target system, subject to the privacy policy.

Abstract: This invention regards a method of key-fingerprint visualization that is unique, reproducible, and nearly impossible to forge which aims to improve the usability of crypto-systems by creating a visual representation of the key-fingerprint as a face. First, the cryptographic identification (either PKI or fingerprint) is converted into a standardized format. Then, the standardized cryptographic identification information is segmented into smaller parts. Each of the parts is pragmatically translated to facial features. Thus, an image of a face is produced from the original cryptographic identification information.

Abstract: A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform.

Abstract: A package for multi-instance photosensitive authentication includes a container, and a photochromic material non-removably carried by the container and irreversibly changeable upon exposure to ultraviolet (UV) light. The package also includes a UV protector carried over the photochromic material to protect the photochromic material from premature exposure to the UV light, and having multiple portions that are removable to expose multiple portions of the photochromic material to UV light and are irreplaceable once removed.

Abstract: Various embodiments are generally directed to techniques and apparatuses to facilitate message communication between registered entities of an email system and other non-registered entities. In one embodiment, a transport component executes on a logic circuit to receive a request to perform a function on an encrypted message. Information embedded in the request is identified to determine if the original request was sent by a registered entity. The embedded information is authenticated with information contained in an authentication information store associated with the original request and if the information is authenticated, the requested function is executed. In addition, if the requested function by the non-registered entity is to send an email message, rich scanning is performed on the email message to ensure the safety thereof.

Abstract: Disclosed are approaches for detecting attempts to circumvent security policies on a client device. A deletion of a user account on a computing device is detected, wherein the deletion is initiated locally on the computing device and the user account is associated with an enrollment of the computing device with a management service. Data stored in a memory of the computing device that is subject to a policy received from the management service is identified. The data is deleted from the memory of the computing device. The policy is then deleted from the memory of the computing device.

Abstract: Systems and methods for enrolling and authenticating a user in an authentication system via a user's camera of camera equipped mobile device include capturing and storing enrollment biometric information from at least one first image of the user taken via the camera of the mobile device, capturing authentication biometric information from at least one second image of the user, capturing, during imaging of the at least one second image, path parameters via at least one movement detecting sensor indicating an authentication movement of the mobile device, comparing the authentication biometric information to the stored enrollment biometric information, and comparing the authentication movement of the mobile device to an expected movement of the mobile device to determine whether the authentication movement sufficiently corresponds to the expected movement.

Abstract: The systems and methods disclosed herein, in one aspect thereof, can encrypt and decrypt messages using a multivariate extended Clipped Hopfield neural network that uses a Diffie-Hellman like key exchange algorithm. The proposed cryptosystem comprises three stages that are involved in the communication. A first stage, where parameters are initialized and private keys are generated, a second stage where various base matrix pairs and threshold vectors are synchronized between the sender and the recipient, and a third stage, where encryption/decryption is performed.

Abstract: A network system of an aircraft implements a target system to attract, detect, log, and mitigate a potential breach by the malicious entities. The target system simulates the systems of the aircraft in order to attract a potential breach. The target system simulates the data, file structure, communications, etc., of the systems of the aircraft. The target system includes little, or no security or access controls in order to attract a potential breach and allow the malicious entity to gain access. Once a breach occurs, the target system can be configured to log, report, and/or mitigate the potential breach.

Abstract: There are provided measures for enabling/realizing an integrity check of a DNS server setting, thereby enabling/realizing detection of DNS hacking or hijacking. Such measures could exemplarily include triggering a DNS resolution operation by a service device configured to provide a service using the DNS server setting, wherein the DNS server setting is used for DNS resolution or DNS forwarding in service provisioning, acquiring the IP address of a DNS server device, which is configured to perform DNS resolution in service provisioning, by reading the IP address of the DNS server device included in a DNS message as part of the triggered DNS resolution operation by the service device, and processing the acquired IP address of the DNS server device for evaluating integrity of the DNS server setting used in service provisioning.

Abstract: A privacy management system (PMS) is disclosed for a Chief Privacy Officer (CPO) or other user to use in monitoring and/or controlling in realtime the flow of data (e.g., outflow) about the user and his/her online experience. The PMS may employ pattern recognition software to evaluate analytics data and potentially block private information from being sent within the analytics data. The PMS may provide a dashboard displaying a whitelist and/or blacklist indicating what destinations/sources are blocked or allowed as well as private information settings indicating what types of private information should be blocked. The PMS includes browser-client scripting code and may also include a PMS-certified verification icon and/or lock and unlock icons for display on webpages being monitored/controlled in realtime by the PMS.