Abstract: A processing system including a processor, a first memory, a state machine configured to transition between a plurality of states, and an access filter. The first memory stores instructions that are executable by the processor, where execution of the instructions causes the processor to initiate transactions with one or more hardware resources. The access filter may filter the transactions initiated by the processor by selectively denying access to the hardware resources based at least in part on a current state of the state machine. The access filter may also filter transactions initiated by one or more of the hardware resources based at least in part on the current state of the state machine.

Abstract: Techniques for intelligently deciding the optimal authenticator(s) from amongst those supported by an electronic device are described. The authentication system according to some embodiments may include a dynamic machine learner that incorporates the attributes of: (i) user behavior attributes (e.g., preferred authenticator); (ii) device attributes (e.g., hardware and software specifications, applications, etc.); and (iii) operating environment attributes (e.g., ambient light, noise, etc.), as well as the interplay between the aforementioned attributes over time to make the decision. In some embodiments, the authentication activities and patterns of other users of similar type (e.g., users exhibiting similar behavior across different operating environments) can also be learned and employed to improve the decision making process over time.

Abstract: In one embodiment, a network security device is configured to monitor data traffic between a first device and a second device. The network security device may be configured to intercept a first initial message of a first encrypted handshaking procedure for a first secure communication session between the first device and the second device, the first initial message specifying a hostname that has been encrypted using first key information associated with the network security device, decrypt at least a portion of the first initial message using the first key information to determine the hostname, re-encrypt the hostname using second key information associated with the second device, and send, to the second device, a second initial message of a second encrypted handshaking procedure for a second secure communication session between the network security device and the second device, the second initial message specifying the hostname re-encrypted using the second key information.

Abstract: Based on context received regarding a mobile communications device a server determines whether an existing network connection employed by the mobile communications device offers a level of security that is appropriate. When the server determines that the level of security is appropriate, the mobile communications device is allowed to continue using the network connection. Otherwise, the server directs the mobile communications device to terminate the network connection.

Abstract: Resource allocation to workloads is disclosed. Telemetry data associated with existing or previously executed workloads is stored and used to develop models. Telemetry data from new workloads are collected and, using the models, a fingerprint is extracted and compared to the fingerprints of previous workloads. This allows the initial allocation of resources to the new workload to be improved and aids in resource allocation convergence.

Abstract: Embodiments disclosed herein describe a server, for example a security awareness server or an artificial intelligence machine learning system that establishes a risk score or vulnerable for a user of a security awareness system, or for a group of users of a security awareness system. The server may create a frequency score for a user, which predicts the frequency at which the user is to be hit with a malicious attack. The frequency score may be based on at least a job score, which may be represented by a value that is based on the type of job the user has, and a breach score that may be represented by a value that is based on the user's level of exposure to email.

Abstract: A method for controlling third-party access of a protected data resource is disclosed. The method includes: receiving an access token associated with a first application, the access token indicating access permissions for the first application to access a user account at a protected data resource; receiving a first request to perform a first access operation of accessing the user account using the access token; determining whether the first access operation is permitted based on the access permissions; in response to determining that the first access operation is not permitted: modifying the first request to obtain a second request for performing a second access operation of accessing the user account using the access token, the second access operation complying with the access permissions for the first application; transmitting the second request to a server associated with the protected data resource.

Abstract: A communication device mounted at a vehicle, the communication device including: a blocking section that, in a case in which communication with a second mobile device that is different from a first mobile device that transmits key information for the vehicle is interrupted, performs a blocking process to block an unlocking of the vehicle or a starting of the vehicle that is performed based on received key information.

Abstract: The present invention discloses a method and a system for user authentication in an offline mobile calibration or checklist performing device. At first, the work is assigned online in a Calibration Management Software (CMS), where the relevant data is selected and sent to a mobile device. In the field environment as offline, the mobile device requests user credentials from the user, and if valid, the user is able to perform the assigned task. With each obtained result, credentials are asked for saving the results into the mobile device. When the user returns from the field, he/she connects the mobile device with the CMS, and transfers the obtained work data from the mobile device to the CMS.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for dynamic stepped multi-level authentication. The invention is structured for progressively authenticating transmitted activity processing data over escalating authentication levels using electronic communications between network devices over separate communication channels. Specifically, the invention is structured to authenticate the first activity for a first authentication level based on determining a spatial congruence of the user device and the resource instrument device associated with the first activity. Moreover, the invention is structured to trigger a second authentication level requirement above the first authentication level based on at least the first authentication level and resource activity processing data.

Abstract: To allow secure communications between a video capturing device and mobile devices, an association process includes providing a unique pattern, such as a QR code, to the mobile device in proximity to the video capturing device. The unique pattern is used by the mobile device to request pairing with the client device, either directly or via a cloud-based system. The QR code includes an identifier or “shared secret” that allows the client device to verify the pairing request originates from the mobile device in close proximity. The association process may also involve cryptographic keys to further secure communications and may also involve a process to retrieve a mobile app without additional user intervention. Once the devices are associated, they can communicate directly using wireless communications, such as cellular or WiFi, and transfer video data and other data automatically.

Abstract: Systems, methods, and devices for using a Uniform Resource Locator (URL) parameter to pass variables between authentication, authorization, and accounting (AAA) servers and a portal so as to intelligently select and display a different captive portal landing page on a user equipment (UE) device based on any combination of the geographic location of the UE device, the service set identifier (SSID) of the access point, the UE device's media access control (MAC) address.

Abstract: Securing data using random bits uses a TRNG disk with a plurality of random bits and a universally unique identifier (UUID). At least one TRNG disk copy is created, which is identical to the TRNG disk. The TRNG disk copy is stored in a separate physical location than the TRNG disk. Source data is received and encrypted with a block of random bits of the TRNG disk to produce encrypted data. The block of random bits of the TRNG disk has a bit offset which is a positional address of the block of random bits within the TRNG disk. The encrypted source data, the UUID, and the bit offset of the TRNG disk are communicated from a first location to at least a second location. The encrypted source data is decrypted at the second location using the UUID, the offset of the TRNG disk, and the TRNG disk copy.

Abstract: An expert interface component can automatically connect a system user with a system support expert. A user interface module can present a threat-tracking graphical user interface and a query interface component integrated into the threat-tracking graphical user interface to a system user belonging to a client team to review a potential cyber threat and receive a query for assistance. The query interface component can allow the system user to digitally grab a visual data container displaying information and containing a data object. The query interface component can collect the visual data container from the threat-tracking graphical user interface into a collection window of the query interface component. A communication module provides an incident ticket containing the query and the visual data container to a system support expert at a remote platform.

Abstract: A system and method allows an app to be used to signal a server to authenticate a user using two factor authentication. The app is one previously associated with a user account, optionally using a different form of two factor authentication.

Abstract: A third party intermediary and a data protection method, system, and non-transitory computer readable medium, include executing a program, via the processor, using zero-knowledge verifiable computing to remove private content from a pre-approved version of a content to ensure privacy of a condition of a user from a provider of the content.

Abstract: A method, computer system, and computer program product are provided for peer risk benchmarking. Customer data for a first network is obtained, wherein the customer data comprises a role of one or more network devices in the first network and a plurality of risk reports corresponding to the one or more network devices, and wherein each risk report is associated with a particular dimension of a plurality of dimensions of risk for the one or more network devices. A network profile image is generated by processing the plurality of risk reports. A generative adversarial network generates a synthetic network profile image from the network profile image, wherein the synthetic network profile image does not include the customer data. A second network is evaluated using the synthetic network profile image to identify differences between the first network and the second network.

Abstract: A method is disclosed. A digital assistant device receives a biometric sample from a user and then converts the biometric sample to a biometric template. The digital assistant device can scan for user devices in communication range of the digital assistant device, thereby receiving user device identifiers. The digital assistant device can transmit, to a server computer, an authentication request comprising the biometric template and at least one user device identifier. The digital assistant device can then receive a cryptogram request message comprising the at least one user device identifier, from the server computer. The digital assistant device can transmit, to a user device corresponding to the at least one user device identifier, the cryptogram request message and can then receive a cryptogram. The digital assistant device can then transmit the cryptogram to the server computer. The server computer verifies the cryptogram before further processing of a transaction.

Abstract: Various arrangements for wireless network provisioning using a pre-shared key (PSK) are presented. A plurality of wireless network access profiles that indicate a plurality of PSKs may be stored. An access point may receive, from a wireless device, a first value based at on the PSK. The access point can transmit the first value to a cloud-based provisioning system. A plurality of values based on the plurality of PSKs of the plurality of wireless network access profiles may be created and a match between a second value of the plurality of values and the transmitted first value may be identified. A third value may be provided to the access point based on the PSK of the wireless network access profile of the plurality of wireless network access profiles used to generate the value. Network access can then be granted based on the third value.

Abstract: Embodiments of systems and methods for detecting expected user intervention across multiple blades during a Keyboard, Video, and Mouse (KVM) session are discussed. In an embodiment, a chassis may include an Enclosure Controller (EC) coupled to a plurality of Information Handling Systems (IHSs) in a chassis, the EC comprising: a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the EC to: select a first IHS to initiate a first KVM session; register for a notification from the first IHS while the first IHS performs one or more operations; switch to a second IHS to initiate a second KVM session; and during the second KVM session, receive the notification.

Abstract: A communications apparatus includes a transceiver and a processor. The processor is configured to perform operations comprising: performing a Non Access Stratum (NAS) security mode command procedure to derive a set of NAS key(s); transmitting a NAS security mode complete message to a network device for informing that the NAS security mode command procedure is complete; receiving an RRCReconfiguration message indicating derivation of a set of Access Stratum (AS) keys from the network device when an acknowledge message associated with the NAS security mode complete message has not been received; and performing a NAS procedure to communicate with the network device by using the set of NAS key(s).

Abstract: A method, system and computer-usable medium for redisplaying data at a remote access client system from a secure computing environment. The redisplaying data includes receiving a request form the remote access client system for data, inspecting the request for potential unauthorized or malicious retransmission. Modifying the data, by filtering audio data or transforming graphical data prior to sending the requested data is performed to prevent the unauthorized or malicious retransmission.

Abstract: The invention is a method for communication between a server and a user equipment through a set of command/response pairs. The user equipment uses an IMSI field of an Attach Request frame as defined by ETSI TS 124.008 to convey a command to the server. The server uses an Authentication parameter RAND field or an Authentication parameter AUTN field of an Authentication Request frame as defined by ETSI TS 124.008 to convey a response corresponding to the received command. The server sends the Authentication Request frame in response to the Attach Request frame.

Abstract: A HEMS controller receives, from each of a plurality of devices requesting registration in a HEMS, an electronic certificate of the device in a continuous registration mode in which a plurality of devices can be continuously registered in the HEMS. The HEMS controller 14 determines whether or not to permit registration in the HEMS for each device based on an attribute indicated by the electronic certificate of each of the plurality of devices.

Abstract: Provided is a wireless communication terminal. The wireless communication terminal includes: a transceiver configured for transmitting/receiving a wireless signal; and a processor configured for controlling an operation of the wireless communication terminal. The transceiver receives a first frame indicating that there is data to be transmitted from a base wireless communication terminal to a plurality of wireless communication terminals including the wireless communication terminal and receives data based on the first frame. The base wireless communication terminal is any one wireless communication terminal different from the plurality of wireless communication terminals.

Abstract: A method for accessing customer data includes receiving an access request requesting access to customer data stored on a storage abstraction. The access request includes a justification that specifies a purpose/reason for requesting access to the customer data. The method also includes validating the justification, and after validating the justification, transmitting the justification to an external key management service associated with a customer of the customer data. The external key management service is configured to grant or deny access to the customer data based on the justification. The method also includes receiving an approved access token from the external key management service when the external key management service grants access to the customer data and accessing the customer data stored on the storage abstraction using the approved access token received from the external key management service.

Abstract: A system and method of protecting a computer includes providing a whitelist of known applications and a set of rules for determining if a program is benign. Upon an attempt to initiate a program, determining if the program is in the whitelist and if the program is in the whitelist, allowing the program to run. If the program is not in the whitelist, determining if the program is benign based upon the set of rules or strategy and presenting the rule/strategy to the user. If the user accepts the rule/strategy, running the program and updating the whitelist for allowing future attempts to run the program and any other program that conforms to the one rule. If the program is not determined to be benign, the program is not allowed to execution unless a specific override is made.

Abstract: Disclosed in the present invention are an integrity protection control method, a network device and computer storage medium, the method comprising: acquiring parameter configuration information, wherein the parameter configuration information is parameter configuration information saved by a network device or parameter configuration information acquired from a core network side; and on the basis of the parameter configuration information, determining whether it is necessary to start integrity protection for a quality of service (QoS) data flow.

Abstract: An authentication correlation (AC) computing device is provided. The AC computing device includes a processor and a memory. The AC computing device receives a first authentication request from a requesting computer device including an account identifier, a first timestamp, and at least one authentication factor, and determines a first security level of the first authentication request. The AC computing device stores the first security level and the first timestamp. The AC computing device is also configured to receive a second authentication request including the account identifier and a second timestamp, determine that the second authentication satisfies an authentication rule based on the account identifier, the second timestamp, and the stored authentication data wherein the rule defines a timeframe and an authentication threshold, and generate an authentication response based on the determination and the authentication rule wherein the authentication response includes an approval indicator.

Abstract: A method for processing an application is applied to a terminal including a main space occupied by a main system and a clone space occupied by a clone system. The method includes: acquiring a cross-space processing instruction sent by a first system in a first space is acquired; and performing corresponding processing on a target application in a second space based on the cross-space processing instruction, wherein the first space is the main space and the second space is the clone space, or the first space is the clone space and the second space is the main space.

Abstract: Systems and methods for improved brand interaction including a method for brand promotion comprising the steps of: receiving a media broadcast signal comprising a media signal and a unique promotion code with a media receiver; reading said unique promotion code from said media broadcast; broadcasting said promotion code using a communication network associated with the media receiver; receiving the promotion code with a computing device; correlating the promotion code with a promotion database; receiving social link data from the promotion database; wherein the computing device is adapted to provide user engagement with the link data.

Abstract: Various embodiments of the invention disclosed herein provide techniques for automatically exposing 3D production assets to an editorial workstation in a content creation pipeline. A production asset management system transmits, to an editorial workstation, a first content library that includes first metadata associated with a 3D production asset that is included in an editorial cut. The first metadata allows a user to see what versions of the 3D production asset are available for incorporation into the editorial cut. The production asset management system retrieves second metadata associated with a second version of the 3D production asset from a production database. The production asset management system retrieves, based on the second metadata, the second version of the 3D production asset from the production database. The production asset management system transmits the second version of the 3D production asset to the editorial workstation for incorporation into the editorial cut.

Abstract: A system has an evaluation server that includes at least one database storing a plurality of cybersecurity awareness evaluations, the database connected to the server, a plurality of clients connected to the server and configured to run at least one of the cybersecurity awareness evaluations for play by users on user devices, the users performing actions in the evaluation including offensive actions and defensive actions, and an evaluation dashboard including an interface configured to display scoring results of the cybersecurity awareness evaluations as determined by the server, the scoring results including a plurality of offensive component scores for at least one of the users, a plurality of defensive component scores for at least one of the users, at least one composite offensive score for at least one of the users and at least one composite defensive score for at least one of the users, the composite offensive score being determined based on a plurality of the component offensive scores and the composit

Abstract: A method for pairing a first network device with a second network device is provided. The method may include receiving a first signal corresponding to a first pairing sequence received at the first network device, receiving a second signal corresponding to a second pairing sequence received at the second network device, comparing the first pairing sequence with the second pairing sequence, and pairing the first network device and the second network device when the second pairing sequence correlates to the first pairing sequence.

Abstract: An image processing apparatus including a transmission function for transmitting an image sets whether to permit use of a destination not previously registered. The image processing apparatus also receives, from an external apparatus, data including at least a destination field. The image processing apparatus sets the transmission destination based on destination information included in the destination field of the received data upon a condition that a setting is set permitting use of a previously un-registered destination and does not set the transmission destination based on the destination information included in the destination field of the received data upon a condition that a setting is set prohibiting use of a previously un-registered destination.

Abstract: To ensure that an electronic device is a secure electronic device, a communication device transmits a request to authenticate the electronic device to a remote electronic device across a network. The communication device receives a security challenge. One or more processors of the electronic device obtain a response to the security challenge using a secret key stored in an encrypted memory of the electronic device. The communication device then transmits the response to the response to the security challenge to the remote electronic device. If the remote electronic device recognizes the response, it transmits a shared secret content marker, which can optionally be presented at a user interface of the electronic device. The request can be automatically initiated by a companion electronic device.

Abstract: Systems and methods for securely calling APIs on an API gateway from applications that need first party authentication are disclosed. In one embodiment, a method may include: (1) receiving, from a protected service, an authentication system token/cookie identifier, a first plurality of user identifying attributes, and a request to create an oAuth access token; (2) creating an attribute string; (3) encrypting the attribute string with a private key, resulting in the oAuth access token; (4) sending the oAuth access token to the first party computer application; (5) receiving, from the first party computer application, a request to access a backend service, a second plurality of user identifying attributes, and the oAuth access token; (6) decrypting the oAuth access token; (7) validating the decrypted oAuth access token; (8) inserting the authentication system token/cookie identifier into the request to access; and (9) communicating the request to the backend service.

Abstract: In non-limiting examples of the present disclosure, systems, methods and devices for providing cross-device access to one-time passwords are presented. A user may provide sign-in credentials to a secure service via an application or website user interface. The user may be prompted to authenticate the user's identity by confirming a one-time-password sent from the secure service to a secondary device via an electronic message. The secondary device may analyze received messages, or message notifications, to determine whether they include a one-time-password. If a one-time-password is identified in a received message, the one-time-password may be automatically sent from the secondary device to a target computing device. The one-time-password may be sent securely to the target computing device via Bluetooth, a public-private key process, and/or a cloud-based authentication mechanism. The one-time-password may be automatically inserted into a one-time-password field or copied to a notepad or password manager.

Abstract: One or more implementations of the present specification provide a blockchain-based data authorization method and apparatus. The method can include receiving, by a blockchain node, an authentication transaction submitted by a privacy computing platform, where the authentication transaction queries whether a data user has obtained authorization of target data possessed by a data owner, and in response to determining that the data user has obtained authorization of the target data, executing, by the blockchain node, a smart contract invoked by the authentication transaction to provide an authorization token to the privacy computing platform that instructs the privacy computing platform to obtain the target data, and send a computational result of one or more predetermined computational operations based on the target data to the data user.

Abstract: The presented application is a method for enabling verifiable trust in collaborative data sharing environments. The architecture supports the human-in-the-loop paradigm by establishing trust between participants, including human researchers and AI systems, by making all data transformations transparent and verifiable by all participants.

Abstract: A method is disclosed in which information based at least partially on a search query information being associated with a user and/or a group of users is obtained. Personal information associated with the user and/or the group of users is extracted from the obtained information. At least one user profile is created based at least partially on the extracted personal information. One or more pieces of attribute information are determined for enriching the personal information of the created user profile. Further, the determined one or more pieces of attribute information are allocated to the user profile and/or to personal information included in the user profile. It is further disclosed an according apparatus, computer program and system.

Abstract: In some aspects, the disclosure is directed to methods and systems for easy and intuitive control over network configurations and security for transient or guest devices, and remote control of additional devices, either directly in some implementations, or indirectly via a hosted interface by a control device in other implementations, eliminating the need for pairing or otherwise establishing communications between the guest devices and the additional devices. This may improve network security overall and particularly encourage segregation of untrusted devices, while still providing enhanced functionality and control over other network devices in a secure manner.

Abstract: A method of monitoring and reporting of packets including their attribution to their origin processes from a user space application without installing proprietary drivers, rather using only infrastructures and capabilities supplied by the operating system (OS). The method relies on correlation between packets received from a packet capture library and a kernel monitoring mechanism that supplies an event with the process ID which is executed on the same time frame for transmitting or receiving of that traffic. The attribution between the event and the packet is based on the 4-tuple (or other exemplar) that exists on both the event and the packet where the “4-tuple” is a set of: source address, source port, destination address, destination port.

Abstract: An example operation may include one or more of generating, by a data management node, a profile token based on a data profile of a data provider (DP) node, receiving, by the data management node, a transaction request from a service provider (SP) node to access data from the DP node over a blockchain, acquiring, by the data management node, consent of the SP node based on the profile token, generating, by the data management node, a consent token based the consent of the SP node, and allowing access to data of the DP node by the SP node based on a verification of the consent token.

Abstract: Systems and methods for monitoring user activity at a mobile device. A method comprises capturing one or more display frames associated with content being displayed by an application executing on of the mobile device; capturing textual information associated with the content being displayed by the application; detecting user input associated with the content being displayed by the application; and evaluating collected data including the captured display frames, the captured textual information, and the detected user input to identify an activity of interest or concern associated with the application.

Abstract: An application server receives from a user device a first request to create a data file that is to be stored at a third-party storage server. Responsive to receiving the first request to create a data file that is to be stored at the third-party storage server, the application server sends to the third-party storage server a second request indicating that the data file is to be created at the third-party storage server. An indication that the data file has been created at the third-party storage server is received from the third-party storage server. Responsive to receiving the indication that the data file has been created at the third-party storage server, the application server generates an instance of the data file that is stored at the application server. The application server provides to the user device the instance of the data file for edit via a relevant application.

Abstract: A process, system, and non-transient computer readable medium that provides device automation support for the dynamic activation, authentication, and accounting of network access and network access devices while enabling seamless multi-vendor support for change of authorization through multiple network protocols. The process, system, and non-transient computer readable media also provides security threat remediation that can be automated at the device, network access, traffic inspection, and/or threat protection level by taking action on a device by triggering actions in a bidirectional manner.

Abstract: The subject matter of this specification can be implemented in, among other things, methods, systems, and computer-readable storage media. A method can include receiving a first request to retrieve an identifier token associated with a user account. The method can further include generating a first alphanumeric sequence associated with the user account and performing a randomization procedure on the first alphanumeric sequence to generate a second alphanumeric sequence. The method can further include generating the identifier token for a subscriber associated with the user account to provide to a second device. The method can further include receiving, from a third device, a second request including a second identifier token having a third alphanumeric sequence, the second request being associated with performing an action using sensitive data associated with the user account. The method can further include sending data including the second request to the third device.

Abstract: A method for handling data radio bearer (DRB) integrity check failure (ICF), network equipment and a terminal are provided. The method includes: acquiring an ICF event of a DRB for a terminal; and performing a predetermined handling operation according to the ICF event. An intact data transmission over the DRB is achieved by acquiring the ICF event of the DRB for the terminal and further performing the predetermined handling operation for data integrity protection according to the ICF event.

Abstract: A mobile application privacy analysis system is described, where the system scans a mobile device to identify files associated with a particular SDK and generates a tokenized name for the SDK. The tokenized name includes tokens representing the SDK vendor and one or more functions of the SDK. Using the tokenized name, the system then determines corresponding categories for each functionality token and score for each such category. Based on the scores, the system determines the most significant category and assigns that category to the SDK for use in privacy analysis. The system may also, or instead, determine a vendor category using the vendor token and assign that category to the SDK. Weighting factors may be applied to the scores for the categories associated with the functionality tokens and vendor tokens.