Abstract: A method for facial authentication of a wearer of a watch includes: initiating an authentication process including detecting at least one triggering movement/gesture carried out by the wearer; capturing at least one sequence of images relative to the face of the wearer pivoting from one direction to another in front of the optical sensor; acquiring surface geometric data of the face associated with each image of at least one sequence; generating a three-dimensional model of the face of the wearer from at least one captured sequence of images and from the acquired geometric data; determining an identification index generated based on identification data relative to a plurality of features characteristic of the face of the wearer of the watch detected on the basis of the three-dimensional model, and identifying the wearer if the identification index is greater than a reference identification index.

Abstract: In one embodiment, a telemetry exporter in a network establishes a tunnel between the telemetry exporter and a traffic analysis service. The telemetry exporter obtains packet copies of a plurality of packets sent between devices via the network. The telemetry exporter forms a set of traffic telemetry data by discarding at least a portion of one or more of the packet copies, based on a filter policy. The telemetry exporter applies compression to the formed set of traffic telemetry data. The telemetry exporter sends, via the tunnel, the compressed set of traffic telemetry data to the traffic analysis service for analysis.

Abstract: Embodiments described herein provide a method on a mobile electronic device to facilitate the transmission of encrypted user data to a service provider, such as an emergency service provider. An encrypted data repository stores user data to be transmitted to the service provider. A key to decrypt the encrypted data repository is wrapped using a key associated with a publicly trusted certificate for the service provider. In response a request received at the mobile device to initiate an emergency services request, the mobile device can transmit the encrypted data repository and wrapped cryptographic material to a server that is accessible by the service provider.

Abstract: There are provided systems and methods for a sentence based automated Turing test for detecting scripted computing attacks. A computing may request access to a service or data from a service provider, where the service provider may be required to determine that the device is used by a user and not a bot executing a scripted or automated process/attack against the service provider. To authenticate that the device is used by a user, the service provider may determine and output a challenge that queries the user to fill in one or more missing words from a sentence. Acceptable answers may be based on past messages and internal data that is specific to the service provider, as well as an external corpus of documents. The service provider may also further authenticate the user based on the user's response and a likely user response for that user.

Abstract: Described herein are systems and methods for controlling access to a protected resource based on various criteria. In one exemplary aspect, a method comprises designating a plurality of program data installed on a computing system as protected program data; intercepting, by a kernel mode driver, a request from an untrusted application executing on the computing system to alter at least one of the protected program data; classifying, by a self-defense service, the untrusted application as a malicious application based on the intercepted request and information related to the untrusted application; and responsive to classifying the untrusted application as a malicious application, denying, by the kernel mode driver, access to the at least one of the protected program data.

Abstract: Data in various formats can be protected in a distributed tokenization environment. Examples of such formats include date and time data, decimal data, and floating point data. Such data can tokenized by a security device that instantiates a number of tokenization pipelines for parallel tokenization of the data. Characteristics of such data can be used to tokenize the data. For instance, token tables specific to the data format can be used to tokenized the data. Likewise, a type, order, or configuration of the operations within each tokenization pipeline can be selected based on the data format or characteristics of the data format. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The tokenization pipeline outputs are combined, producing tokenized data, which can be provided to a remote system for storage or processing.

Abstract: Systems and methods include a computer-implemented method for detecting anomalous user logins. User login data for users is filtered, including monitoring workstations and servers accessed by users to obtain the user login data for the users. User login records are created for a current time period based, at least in part, on the user login data. An anomaly score is determined for each user, where the anomaly score indicates a deviation by the user from historical login patterns of the user. A user machine learning (ML) model is updated based on the predicting. User period login records are maintained over time using processed user login data. The user ML model is trained using the user periodic login records. Enriched login statistics are generated using the user ML model and the user periodic login records. A report that includes the enriched login statistics is generated in a graphical user interface.

Abstract: A person's drawing capability is used as an authentication credential. During a training phase, a user is asked to hand draw various reference shapes such as a rectangle, flower, etc. These user drawings for a given shape are input to a training discriminator (with an “authentic” label) along with drawings automatically generated from a latent sample (with a “not authentic” label), and the training discriminator computes positive discrimination vectors for this shape that are unique to this user. Thereafter, when the user wants access to a resource (such as an online account, a mobile computing device, or an electronic document), the user is presented with a drawing challenge for one of the reference shapes, and they draw a corresponding challenge image. An image vector for the challenge image is generated, and if the image vector falls within the positive discrimination vectors, access to the resource is granted.

Abstract: An apparatus includes a memory and a processor. The memory stores descriptions of known vulnerabilities and information generated by a monitoring subsystem. Each description of a known vulnerability identifies software components that are associated with the known vulnerability. The monitoring subsystem monitors software programs that are installed within a computer system. The information includes descriptions of issues that are associated with the software programs. The processor generates a set of mappings, based on a comparison between the text describing the known software vulnerabilities and the text describing the issues. Each mapping associates a software program that is associated with an issue with a known software vulnerability. The processor also uses a machine learning algorithm to predict that a given software program is associated with a particular software vulnerability.

Abstract: Systems, methods, and computer program products are provided for disparate quantum computing (QC) detection. An example system includes QC detection data generation circuitry that generates a first set of QC detection data and generates a second set of QC detection data. The system also includes cryptographic circuitry that generates a first public cryptographic key and a first private cryptographic key via a first post-quantum cryptographic (PQC) technique and generates a second public cryptographic key and a second private cryptographic key via a second PQC technique. The cryptographic circuitry further generates encrypted first QC detection, second QC detection data, and destroys the first private cryptographic key and the second private cryptographic key. The system further includes data monitoring circuitry that monitors for the first encrypted QC detection data and the second encrypted QC detection data.

Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein. An example apparatus includes at least one memory, and at least one processor to execute instructions to at least identify one or more non-sensitive parameters of a plurality of policy parameters and one or more sensitive parameters of the plurality of the policy parameters, the plurality of the policy parameters obtained from a computing device in response to a request from a cloud analytics server for the plurality of the policy parameters, encrypt the one or more sensitive parameters to generate encrypted parameter data in response to the identification of the one or more sensitive parameters, and transmit the encrypted parameter data to the cloud analytics server, the cloud analytics server to curry a security policy function based on one or more of the plurality of the policy parameters.

Abstract: A network node residing in a mobile network identifies a first network slice of the mobile network for use by a first session between a first user equipment device (UE) and a first application hosted by a first hosting device. The network node obtains a first security profile based on an identity of the first application and based on the identified first network slice, and establishes, using the obtained first security profile, a first secure tunnel between the network node and the first hosting device for transporting first data units associated with the first session between the network node and the first hosting device.

Abstract: A validation device in a communication network is configured to communicate control information bidirectionally via a control plane of the network and access message data via a production plane of the network. The validation device receives key data via the control plane, and accesses a message received via the production plane by a message receiving device. The message includes a signature derived from the first key data. The validation device uses the first key data to check validity of the signature.

Abstract: In an embodiment, a method for secure messaging integration with message apps includes identifying a trigger event within a default messaging channel established between a message aggregator and a messaging application executing at a client device. In response to the trigger event, the method sends to the client device over the default messaging channel, access data usable to access a secure channel established between the message aggregator and the client device. The access data is presented within the messaging application and communications over the secure channel are not visible to the default messaging channel.

Abstract: A system performs an application update process based on security management information that is information including meta information for each of a plurality of security services. The application update process is a process for adding one or more security services including a security service that reduces the security risk of an application having a plurality of distributed microservices having a graph structure relationship to the application.

Abstract: Disclosed are various approaches for providing a virtual badge credential to a user's device that is enrolled with a management service as a managed device. Upon authentication of a user's identity via an identity provider, a virtual badge credential can be provided to an application on the client device. The virtual badge credential can be presented by the client device to access control readers to gain access to physical resources, such as doors and buildings, that are secured by the access control readers.

Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes receiving, by a trusted tunnel bridge and from a first application executing in a first network, a first encrypted data packet, where the first encrypted data packet includes an encrypted portion of data, and a destination device identifier (DDI). The method further includes determining, by the trusted tunnel bridge, a particular device in a second network and associated with the DDI included in the first encrypted data packet. The method further includes sending, by the trusted tunnel bridge directly to the particular device, the first encrypted data packet.

Abstract: Systems, methods, and computer program products for controlling use of sensitive data. A heartbeat signal conveying a context identifier is transmitted into areas where access to sensitive data is granted to authorized users. In response to receiving a request to access the sensitive data, access may be granted if the context identifier in the request matches the context identifier in the heartbeat and denied otherwise. If the requestor has exceeded an access threshold, access may be granted at a reduced rate. This reduced rate may be achieved by reducing a rate at which encryption keys are provided to the requestor. An access control layer positioned between an application layer and a communication layer allows the application layer to use plaintext of the sensitive data while protecting the sensitive data as ciphertext in the communication layer.

Abstract: A method and system for creating a composite security rating from security characterization data of a third party computer system. The security characterization data is derived from externally observable characteristics of the third party computer system. Advantageously, the composite security score has a relatively high likelihood of corresponding to an internal audit score despite use of externally observable security characteristics. Also, the method and system may include use of multiple security characterizations all solely derived from externally observable characteristics of the third party computer system.