Abstract: Techniques are described herein for assembling/evaluating automated assistant responses for privacy concerns. In various implementations, a free-form natural language input may be received from a first user and may include a request for information pertaining to a second user. Multiple data sources may be identified that are accessible by an automated assistant to retrieve data associated with the second user. The multiple data sources may collectively include sufficient data to formulate a natural language response to the request. Respective privacy scores associated with the multiple data sources may be used to determine an aggregate privacy score associated with responding to the request. The natural language response may then be output at a client device operated by the first user in response to a determination that the aggregate privacy score associated with the natural language response satisfies a privacy criterion established for the second user with respect to the first user.

Abstract: A network management system is configured to detect one or more malicious activities at one or more devices connected to a network. The network management system is configured to determine a malware root of the one or more malicious activities and generate a network-wide indicating a hierarchical relationship between the malicious activities spawned by the malware root and the malware root. The malicious activities spawned by the malware root represented in the network-wide malware include the one or more malicious activities and include a plurality of malicious activities spawned across a plurality of devices connected to the network.

Abstract: In response to identifying one or more applications on a computing device, terms and conditions associated with the one or more applications are identified. A knowledge base based on the identified terms and conditions is generated. The knowledge base includes a determination of sensitive information of a user required by each of the identified one or more applications. Secondary associations of the identified one or more applications are identified from a plurality of external data sources with information related to the identified one or more applications. In response to identifying the secondary associations, it is determined whether sensitive information about the user is found in one or more of the identified secondary associations. In response to determining that sensitive information about the user is found, an advisory is transmitted to the user.

Abstract: A user authentication system includes a main body device and an authentication device. The main body device has an authentication code transmission requesting unit, a verification unit, and an unlocking unit. The authentication code transmission requesting unit generates an authentication code transmission request including a first value, and transmits the authentication code transmission request to the authentication device. The authentication device generates an authentication code in response to the first value in the authentication code transmission request, and transmits the authentication code to the main body device. The verification unit determines that authentication is successful if the authentication code is received from the authentication device. When the verification unit determines that the authentication is successful, the unlocking unit enables a predetermined functionality.

Abstract: Mobile device security techniques are described. For a specific computing device, for each of a plurality of distinct security categories, a risk score is determined. The determined risk scores are aggregated to obtain an overall risk score.

Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.

Abstract: A segmentation server generates vulnerability exposure scores associated with workloads operating in a segmented computing environment. The segmentation server may automatically aggregate the vulnerability exposure scores in various ways to generate vulnerability exposure information representative of workloads in an administrative domain controlled by the segmentation server. The aggregated vulnerability exposure information may be presented in a manner that enables an administrator to easily evaluate different segmentation strategies and assess the risks associated with each of them. Moreover, the segmentation server can automatically generate a segmentation policy that modifies a configured segmentation strategy based on the vulnerability exposure scores to reduce exposure to certain vulnerabilities without impeding operation of the workloads.

Abstract: Systems and methods are provided for performing operations comprising: storing a set of input data; generating a noise distribution based on a two-step function, wherein a height of the two-step function is determined by a privacy parameter, a width of the two-step function is determined by minimizing a variance of the noise distribution, and wherein a mean of the two-step function is determined by a value of the set of input data to be privatized; applying the noise distribution to the set of input data to generate privatized noisy output data; and transmitting the resulting privatized noisy output data in response to a request for a portion of, or a complete set of, the input data.

Abstract: Systems, methods, and software described herein provide for identifying and implementing security actions within a computing environment. In one example, a method of operating an advisement system to provide security actions in a computing environment includes identifying communication interactions between a plurality of computing assets and, after identifying the communication interactions, identifying a security incident in a first computing asset. The method further provides identifying at least one related computing asset to the first asset based on the communication interactions, and determining the security actions to be taken in the first computing asset and the related computing asset.

Abstract: Examples of techniques for handling fine time measurement ranging requests are described. In an example, an access point (AP) may receive a ranging request for initiating a Fine Timing Measurement (FTM) session. Responsive to determining that the client device is associated with the AP, it is determined that the ranging request is received after a threshold time from expiry of an FTM burst period of the client device. It is determined that the ranging request is within an FTM acceptance threshold of the AP. A number of consecutive unsuccessful FTM bursts between the AP and the client device is determined. In response to determining that the number of consecutive unsuccessful FTM bursts is less than an unsuccessful burst threshold of the AP, the FTM session may be initiated based on the ranging request.

Abstract: A method, performed by an observer node, of securing a network, includes: receiving a signal over the network; determining, based on a frequency characteristic of the received signal, which is determined according to a physical characteristic of a node, which transmits the received signal, a node, which has transmitted the received signal among a plurality of nodes included in the network; comparing a pre-learned signal pattern of the determined transmission node with a pattern of the received signal to determine whether the determined transmission node is a malicious node; and blocking the signal transmitted from the malicious node by determining that the transmission node is a malicious node.

Abstract: Embodiments for providing demographic reach with anonymity by a processor. User data access may be managed via a data access agent by generating a unique user privacy profile having a selected level of anonymity for each relationship between a user and an application service.

Abstract: A method and apparatus with selective combined authentication performs a single authentication based on a first modality among plural modalities, and in response to the single authentication having failed, determines whether to perform a combined authentication by a combination of two or more of the plural modalities, and selectively, depending on a result of the determining of whether to perform the combined authentication, performs the combined authentication.

Abstract: There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.

Abstract: A method to control the display of content on a screen connected to a processing platform, the content including access conditions, and the method including acquiring an image within a sensitive area, the sensitive area being an area within which content displayed on the screen would be within the field of view of an observer placed thereat, detecting a number of potential observers within the sensitive area, acquiring a number of credentials from the detected observers within the sensitive area, if the number of credentials is below the number of detected observers, disabling the display of the content, if the number of credentials equal the number of detected observers, comparing each credential with the access conditions and if all credentials match the access conditions, enabling display of the content.

Abstract: A user device and a server conduct a secure online transaction. The user device transmits received user login and credentials to the server, as well as one or more properties of the user device, such as a list of applications stored on the user device. The server transmits one or more restrictions back to the user device, such as which ports to close, which applications to close, and what features of applications and the operating system should be limited during the transaction. After implementing the restrictions, the user device and the server conduct the online transaction. A unique ID may be transmitted throughout the transaction and the unique ID may be a hash. After the transaction, the user device purges transaction data, restores normal operation, and notifies the server. The transaction may be conducted in a second tunnel and the other communication via a first tunnel.

Abstract: A virtual keyboard rendered on a separate computing device is independent of the user's computer. A virtual keyboard displayed on the user's computer screen is blank without any alphanumeric characters. Another virtual keyboard displayed on the user's independent computing device has a randomly generated layout of alphanumeric characters on a keypad. The user enters a password by pressing the blank keys of the blank keyboard on his computer screen with reference to the other virtual keyboard. The position sequence of these entered keys is sent to an application on a remote server computer. The remote server computer shares a virtual keyboard having the randomly generated layout of characters with the independent computing device via an online or off-line technique. When online, an encoded image of the encrypted layout is sent to the client computer and displayed for scanning by the device.

Abstract: A data packet transits through a series of network nodes (a series of intermediate hops) while being transmitted from a source node to a destination node. A network node (router, gateway, server, or any network device) that handles the data packet, adds new information to the file header of the data packet. The new header information identifies the previous and next network nodes in the transmission path. The network node further validates information provided by a previous node, and generates further new header information that attests as to the validity of the information provided by the previous node. The network node secures and signs the new information cryptographically, and adds the new information to the file header. If a malicious actor attempts to tamper with the data packet, or routing thereof, the secured header information renders such tampering discoverable, enabling performance of a responsive action.

Abstract: A method for personal data administration in a multi-actor environment is performed by a system that includes a data management process managed by a remote server. The system includes a user profile that is associated to a user PC device and includes a set of data management protocols and a user data registry. The system also includes a third-party account that is associated to an account ID and a third-party data registry. The method begins when a data transmission notification is received by the remote server. The remote server analyzes the notification to select an appropriate protocol from the data management protocols. The method then executes the data management protocol, makes a record of the interaction, and transmits an outgoing data packet to the third-party account. The method then monitors the outgoing data packet to determine if the user data contained therein has been transferred interacted or tampered with.

Abstract: In a malware detection device, first characters in a network traffic flow are compared with a plurality of entries within a ternary content addressable memory (TCAM), the plurality of entries including a first entry that constitutes a first segment of a malware signature. In response to an output from the first TCAM indicating that the first characters match the first entry, a variable-character expression engine determines whether second characters in the network traffic flow match a first variable-length regular expression, the variable-length regular expression corresponding to a second segment of the malware signature. A comparand value is generated that includes third characters in the network traffic flow and an expression-match value that indicates whether the second characters match the first variable-length regular expression. The TCAM compares the first comparand value with the plurality of entries therein as part of a determination whether the network traffic flow contains the malware signature.