Abstract: A system and method for media content management include determining, via a digital vault, that a first stakeholder is authorized to sell a salable content item by holding rights in the salable content item; determining, via the digital vault, whether consent for a nonfungible token (NFT) transaction of any of the stakeholders other than the first stakeholder is required; and the digital vault preventing the sale of the salable content item until consent for the sale is received from the stakeholders from whom consent is required.

Abstract: A non-transitory computer-readable storage medium storing computer-readable program code executable by a processor to receive a transaction request from a user interface, and receive a user-identifier from the user interface, and the user-identifier associated with a user. The program code may be executable to send a first non-audible sound signal to initiate a multifactor authentication process during a first interval, and send a second non-audible sound signal during a second interval, where the second non-audible sound signal comprises a predetermined frequency pattern, associated with the user. The program code may also be executable to receive a third non-audible sound signal, where the third non-audible sound signal, at least in part, is utilized to determine whether to complete the transaction request or not. The first non-audible sound signal, the second non-audible sound signal, and the third non-audible sound signal may comprise a frequency greater than 15 kHz.

Abstract: A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.

Abstract: IoT frameworks require flexible and scalable communication and security schemes that can be deployed on devices of low computational capabilities and memory (e.g., resource-constrained devices). A system is provided including a mesh network of resource-constrained devices creating a self-organizing and collaborative communication topology between the devices, and an attribute-based encryption security scheme integrated with the mesh network that enables the resource-constrained devices to communicate securely in unsecured channels by defining an access policy that can only be satisfied by the authorized resource-constrained devices. In order to integrate the attribute-based encryption scheme with the mesh network of resource-constrained devices, a serializer and deserializer are provided that prepare all communications to go through the attribute-based encryption scheme by converting all data and metadata into a suitable format for transmission over the network.

Abstract: A system and a method are disclosed for verifying a suspicious electronic communication. To this end, a secure communications service may detect an electronic communication comprising an identifier of a purported originator of the electronic communication and an identifier of an intended recipient, and determine that an attribute of the electronic communication corresponds to a suspicious attribute. Responsively, the service may intercept the electronic communication and storing the electronic communication in purgatory memory, so as to prevent the electronic communication from being populated in a private repository of the intended recipient, transmit a verification message, and receive a reply to the verification message that verifies the authenticity of the electronic communication.

Abstract: An apparatus to facilitate protecting data transfer between a secure application and networked devices is disclosed. The apparatus includes a source network interface controller (NIC); and a processor to provide a trusted execution environment (TEE) to run an application, wherein the source NIC operates outside of a trust boundary of the TEE, and wherein the processor is to utilize the application in the TEE to: generate encrypted data of the application; copy the encrypted data to a local shared buffer; interface with the source NIC to initiate a copy, over a network, of the encrypted data from the local shared buffer to a remote buffer of a remote platform; and communicate at least one message with the remote platform to indicate that the encrypted data is available and to enable the remote platform to verify integrity of the encrypted data, wherein the one least one message comprises an authentication tag.

Abstract: An apparatus comprises a processing device that is configured to maintain a list of a managed devices, to generate a seed value and to submit a login request to a first managed device. The processing device is configured to generate a value based at least in part on the seed value and to select a second managed device from the list based at least in part on the value. The processing device is further configured to receive a second factor authentication challenge from the first managed device and to obtain a device key encrypted passcode from the second managed device. The processing device is further configured to provide the device key encrypted passcode to the first managed device and to receive a successful authentication of the login request from the first managed device based at least in part on providing the device key encrypted passcode to the first managed device.

Abstract: Generating anonymized data from events are disclosed. Via a graphical user interface (GUI), an output dataset mode for an anonymized output dataset is received. The output dataset mode is stored or an active stream. The output dataset mode in anonymization configuration information. An anonymized output dataset is produced in accordance with the anonymization configuration information, where the output dataset comprises information related to at least a portion of a plurality of events, wherein the plurality of events each comprise a timestamp and a portion of machine data. Further, the GUI to displays the anonymized output dataset.

Abstract: A system and method provides access to one or more web services requested from a web site by using an app on a smart device, such as a smart phone or tablet, or the smart device itself.

Abstract: An exchange processing system may include multiple exchange components that are respectively included in multiple computing systems. A central exchange component may receive a request to enable access to secured data, the request having identity data encrypted via an identity encryption module and inquiry data encrypted via a first request encryption module. The central exchange component may decrypt the identity data via the identity encryption module, and decrypt the inquiry data via the first request encryption module. Response data may be generated from secured data that is selected based on the identity and inquiry data. The central exchange component may encrypt the response data via a second request encryption module and re-encrypt the identity data via the identity encryption module. The encrypted identity and response data may be provided to a second remote exchange module.

Abstract: A technique, performed by an electronic device, of managing a security key is provided. The electronic device may receive security information from each of at least one other electronic device, determine a master electronic device based on a security level of the electronic device and a security level of a security level of the at least one other electronic device, the security level of the at least one other electronic device being included in the received security information, generate a security key as the electronic device is determined as the master electronic device, and determine a portion to be removed from the security key for each security level of a plurality of electronic devices including the electronic device and the at least one other electronic device, and provide each partial security key from which the determined portion is omitted, to the at least one other electronic device.

Abstract: A key delegation request is received from a host system. The key delegation request includes a new public key. A challenge is generated based on the new public key and a root public key, and the challenge is provided to the host system responsive to the request. A first and second digital signature are received from the host system. The first digital signature is generated by cryptographically signing the challenge using a new private key corresponding to the new public key and the second digital signature is generated by cryptographically signing the challenge using a root private key corresponding to the root public key. The first digital signature is validated using the new public key and the second digital signature is validated using the root public key. Based on successful validation of both signatures, the new public key is utilized in one or more cryptographic operations.

Abstract: Systems and methods are described by which a serving module of a campaign controller identifies a first version of a model which the campaign controller uses to communicate a first simulated phishing communication to a plurality of users. The campaign controller receives a first response from a first user to the simulated phishing communication and a second response from a second user to the simulated phishing communication and determines that the first and second responses are corresponding, for example are the same or similar. The serving module assigns a first user to a first group of users and a second user to a second group of users and identifies a second version of the model to use for the first user and a third version of the model to use for the second user.

Abstract: The present application relates to a method and apparatus for providing fault tolerant provisioning verification for cryptographic keys including receiving, via an interface, a first security key, a second security key, and a first verification data generated in response to the first security key and the second security key, coupling, by a processor, the first security key and the second security key to an electronic controller, receiving, by the processor, a second verification data generated by the electronic controller in response to the first security key and the second security key, and marking, by the processor, the controller as provisioned in response to the first verification data matching the second verification data.

Abstract: Embodiments of the present disclosure provide centralized and coordinate learning techniques for identifying malicious e-mails while maintaining privacy of the analyzed e-mails of different organizations. One or more models may be generated and configured to construct feature sets that may be used to characterize e-mails as malicious or safe. Feedback associated with one or more models trained by a first organization (and other organizations) may be shared with a modelling device to modify parameters of the one or more models, where the modified parameters are configured to improve identification of malicious e-mail threats. The feedback provided by the first organization may not include e-mails received by the first organization, thereby enabling the privacy of the e-mails received by the first organization to be maintained in an confidential manner even though the updated parameters may be shared with a second organization.

Abstract: A system, method, and computer-readable media for providing inline data loss prevention (DLP) within a group-based communication system. A DLP engine is included to apply an organization-specific DLP policy to a user input to determine whether the user input should be displayed in a group-based communication channel of the group-based communication system. Multiple organizations sharing a channel may each have their own respective organization-specific DLP policies applied to incoming and outgoing messages for that organization.

Abstract: Methods and systems for token transfer are described herein. A remote computing device may receive, from a mobile computing device, a public key of a public-private key pair. The public key may be associated with a first application of the mobile computing device. The first application may be configured to send credentials to a second application of the mobile computing device. The second application may be isolated from other applications executable on the mobile computing device. The remote computing device may receive, from the first application, a token. The token may have been previously issued to the first application and may have been encrypted, using the public key, by the first application. The remote computing device may send, to the second application, the token to enable the second application to authenticate with a plurality of services that interact with the second application.

Abstract: A method of sharing encrypted data includes, by an electronic device, receiving a password from a user to perform an action, receiving a salt value, generating a user key using the password and salt value, receiving an encrypted key location identifier value, decrypting the encrypted key location identifier value to obtain a key location identifier, receiving an encrypted read token value, decrypting the encrypted read token value using the user key to obtain a read token value, and transmitting the read token value and the key location identifier to a server electronic device.

Abstract: Various embodiments are directed to a password security warning system. An artificial neural network or other types of models may be used to determine whether a password that is created, input, or proposed by a user via an interface includes one or more predictable or typical transformations or combinations of characters derived from user-specific information. Based on the determination, a warning may be provided to the user.

Abstract: A method includes: receiving, by a computer, a user input corresponding to selection of a link associated with an address; determining, by the computer, that the address would not fit in an address bar of a browser displayed on a screen of the computer; and based on the determination that the address would not fit in the address bar of the browser, displaying, by the computer, in the address bar of the browser, a first element of the address and at least part of a second element of the address, including displaying a first portion of the second element of the address and an ellipsis indication representing a second portion of the second element of the address. The display of the first element of the address is visually distinguished from the display of the first portion of the second element of the address.