Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.

Abstract: A system for implementing Machine-to-Machine (M2M) validation receives a request from a unrecognized computing device to establish a communication with a first trusted computing device. The first trusted computing device sends a query message to a second trusted computing device to determine whether the unrecognized computing device is in a list of trusted devices associated with the second trusted computing device. The first trusted computing device receives a response message from the second trusted computing device indicating that the unrecognized computing device is in the list of trusted devices. In response, to receiving the response message, the first trusted computing device approves the request of the unrecognized computing device.

Abstract: An online authentication system allows a user to define their own logic for multistage authentication, which is provided to an online authentication center and stored as encrypted bytecode based on each user's password. Implementation logic can use third party information sources to provide additional authentication options.

Abstract: A plurality of computing devices are communicatively coupled to each other via a network, and each of the plurality of computing devices is operably coupled to one or more of a plurality of storage devices. The computing devices may use local caches in a coherent manner when accessing the plurality of storage devices.

Abstract: An image processing apparatus is communicable with a system including a censorship function, and includes one or more controllers having one or more processors and one or more memories, and the one or more controllers are configured to transmit an image acquired by reading a display medium to the system, receive a censorship result from the system, and control the image processing apparatus to perform a predetermined operation corresponding to the received censorship result, wherein the predetermined operation is a preset operation to be performed by the image processing apparatus based on the received censorship result.

Abstract: Identification information corresponding to a network resource is extracted from input document data. It is determined whether access to the network resource is appropriate based on the identification information. Based on a result of determination, the output of the document data is restricted, or at least part of the identification information is changed, and the document data is output.

Abstract: Techniques for using suppression filters for presenting content of a network documents are described. In an example, a computer system receives, from a device associated with an account identifier, a request for an online network document. The computer system determines that a first category identifier of a first item category is associated with a suppression filter. The computer system determines that the account identifier is associated with an online item interaction having an interaction time associated with an item that belongs to the first item category. The computer system determines, based on a comparison of the interaction time and the suppression time, that a presentation of the first content in the online network document is prohibited. The computer system sends, to the device in response to the request, network document data that indicates second content about a third item that belongs to a second item category.

Abstract: A method for the rapid, automatic, and adaptative deployment of a cloud environment that is secure, that adapts to different hardware architectures, network architectures, cloud services, technologies, and user needs, and that requires minimal user input. Configuration data may be generated for a collection of software components, which may include user inputs and randomly generated data. This data may be stored in a configuration database that is updated as deployment proceeds. Available hardware such as servers, storage, and networks may be discovered automatically and added to the configuration database. An initial software component may be deployed to coordinate subsequent steps, and then additional software components may be deployed in a sequence that considers dependencies. Software components may be organized into deployment groups. Users may select subsets of the components to deploy. The deployed cloud environment may be tested and validated automatically.

Abstract: In some examples, an electronic device includes a component comprising information, a secure storage, and a controller to generate a digital signature based on the information of the component, and detect a modification of the component based on the digital signature. The controller can also detect a receipt of an invalid credential, and log, to the secure storage, an indication of the modification of the component and an indication of the receipt of the invalid credential.

Abstract: Particular aspects of this disclosure relate to computerized systems for generating and using improved data structures and functionality to efficiently render different multiple access-controlled resources (or properties of access-controlled resources) that are part of a concept. Often times, two or more resources of a concept or properties of a resource are subject to different access controls. This adds computing complexity as to whether or not a user is granted access to the entire concept or resource, a portion of the concept or resource, or none of the concept or resources and what exactly is surfaced back to the user when there are resources or properties the user does and does not have access to. Some embodiments accordingly render an efficient composite view of concepts or resources where some resources or properties are accessible by the requesting user, while other resources or properties are not accessible by the requesting user.

Abstract: The present invention is related to systems and methods that improve the security of computer networks. These systems and methods may be utilized in various applications such as electronic commerce, secure document access, and electronic authentication. The systems and methods include methods for accessing secure accounts without the use of passwords in order to eliminate the need for passwords. In addition, systems and methods further deter automated attacks online using email authentication.

Abstract: A system and method for connecting a processing device to a functional device connected to or in a base unit of a communications network, the base unit having a transmitter and the processing device having a memory, a display and an operating system. A first peripheral device is adapted to be coupled to the processing device via a generic communications protocol, the first peripheral device having a receiver and at least one fixed or configurable endpoint of the functional device exposed on the first peripheral device. The base unit and the first peripheral device is adapted to transmit and receive data respectively over the communications network from the functional device to the processing device via the at least one fixed or configurable endpoint using the generic communications protocol for communication between the processing device and the first peripheral device.

Abstract: A system for managing a financial account in a low cash mode. The system may include a memory storing instructions, and a processor configured to execute the instructions to perform operations. The operations may include providing an interface; providing a notification to a user when a balance in the first account is deemed to be in low cash mode; presenting, when the first account balance is deemed to be in low cash mode, an option for a transfer request; receiving, a selection of the option for the transfer request to connect the first account with a second account; transferring funds from the second account to the first account; notifying the user that funds have been transferred from the second account to the first account; and further notifying the user that the balance in the first account is greater than the threshold value.

Abstract: Various example embodiments of the disclosure relate to an electronic device and a wireless communication connection control method thereof.

Abstract: Embodiments described herein may involve queue versioning. An example implementation may involve a playback device initiating playback of a queue including one or more first audio streams. A queue identification token stored in data storage represents a current version of the queue. The playback device receives, from a computing system, data representing instructions to add one or more second audio streams to the queue, the instructions including an indication of the one or more second audio streams and a first token representing an expected queue version. The playback device determines whether the expected queue version represented by the first token matches the current version of the queue represented by the queue identification token. If not, the playback device foregoes adding the one or more second audio streams to the queue.

Abstract: Technology for identifying that a communication is from a verified enterprise includes receiving, by a device associated with a user, a data packet from a phone network. The data packet can be included in a communication to the device, which can have an application configured to verify communications from at least one enterprise. A token within the data packet can be identified by the application, and the application can compare the token to at least one token identifier associated with the at least one enterprise. In response to the token corresponding to at least one token identifier, the application can verify that the communication is from the at least one enterprise. In response to the communication being verified, the application can display a validation image on the device.

Abstract: Arrangements for dynamic enterprise center access control are provided. In some examples, a user device may be detected and current location and/or user data associated with the detected device may be requested. Upon receiving the location data, a current geographic location of the user device may be determined and an enterprise center at or near the geographic location may be identified. Received user data may be analyzed to identify a user and retrieve access preferences associated with the user. Based on the access preferences, a command to lock or unlock a door (e.g., permit or disable access) to an area within the enterprise center, the enterprise center in general, or the like, may be generated and transmitted to a computing device for execution. Accordingly, the system may activate desired locking configurations based on user preferences. Upon detecting that the user is no longer at the enterprise center, a command to return to default settings may be generated, transmitted and executed.

Abstract: A method and system are provided to integrate IoTs and related components, users and applications into an ecosystem, and then on a per-component basis to provide real-time security solutions. Ecosystem security provides isolation, communications and security for technologies that fulfill a specific function or set of functions and their related and supporting platform elements.

Abstract: The present disclosure relates to a chip booting control method, a chip, a display panel, and an electronic apparatus. The method is applied to a control circuit of a chip, and the chip further includes a buffer. The method includes: reading first booting information from the buffer in response to a chip triggering non-power-down reset, the first booting information being used to boot the chip; determining whether the first booting information satisfies a first preset condition; and booting the chip according to the first booting information in response to the first booting information satisfying the first preset condition.

Abstract: A method at a first domain for obtaining at least one insight from a second domain, the method including registering an application with an anchor in the first domain; providing, from the anchor to the application, a first message signed by the anchor; sending, from the first domain to a network domain, the signed message; receiving, from the network domain, at least one signed token, each of the at least one signed token being for a synthetic sensor on the second domain, where the synthetic sensor provides an insight; sending a request message to the second domain, the request message requesting the insight and including the at least one token; and receiving the insight from a synthetic sensor associated with the at least one token.

Abstract: The disclosed technology addresses the need in the art for a service that can ingest a social network export and restore the integrity of threads within the social network export. The present technology can unite images in the social network export with the caption from the initial post, and with any comments within the thread. Likewise, images in the social network export can be enhanced to include metadata that reflects when the image was posted and any other contextual information that the social network provides in export file.

Abstract: Systems and methods for artificial intelligence systems for identity management systems are disclosed. Embodiments may perform outlier detection and risk assessment based on identity management data, including one or more property graphs or peer groups determined from those property graphs, to determine identity management artifacts with ‘abnormal’ patterns when compared to other related identity management artifacts.

Abstract: The present invention relates to a method and system for monitoring webpages for detecting malicious contents. According to a preferred embodiment the method comprises A) providing a plurality of URLs provided by a subscriber, employing a crawler to visit a URL webpage of said plurality of URLs; B) retrieving an object from said URL webpage by said crawler; C) analyzing said object retrieved by said crawler from said URL webpage, and determining whether said object retrieved is malicious or not; and D) alerting the subscriber, when said retrieved object is deemed malicious. According to one embodiment, the method further comprises E) employing a crawler to visit a URL webpage of a following URL of the plurality of URLs, when the determination of step C) is deemed not malicious; and F) returning to step B).

Abstract: Systems and methods for enforcing media access control (MAC) learning limits (MLLs) on multi-homed access ports comprise configuring MLL violation actions to be performed by a virtual extensible local area network (VxLAN) tunnel endpoint (VTEP). The VTEP is multi-homed to VTEPs and comprises an Ethernet segment (ES) access port. A BGP EVPN or similar protocol may be used to communicate MLL information across VTEPs participating in the multi-homed ES to keep MACs and MLL violation actions consistent. The violation actions may comprise initiating a shutdown message to shut down an ES. Once an MLL violation associated with a MAC that has been received at the VTEP is detected, the VTEP may enforce the MLL by performing one or more of the configured MLL violation actions and propagate the same to other VTEPs.

Abstract: Apparatus, systems, and methods are disclosed that operate to receiving an authentication request at a server associated with an authenticating entity from a requesting party responsive to a request being provided to the requesting party by a client terminal associated with an unauthenticated individual purporting to be an individual account owner previously authenticated with the authenticating entity. A token, from the client terminal associated with the unauthenticated individual is received, and the token includes information associated with the unauthenticated individual and a user permission authorizing the authenticating entity to share a selected portion of the information with a plurality of selected requesting parties. The server associated with the authenticating entity authenticates the unauthenticated individual as the individual account owner based on, inter alia, matching the token to a pre-registered identity uniquely associated with the individual account owner.

Abstract: Aspects of the disclosure relate to computing hardware and software for uniform security access. A computing platform may receive, from a 5G device, a request to access a collaborative experience service. The computing platform may identify whether the 5G device is authenticated. Based on identifying that the 5G device is authenticated, the computing platform may grant the 5G device access to an API that may be used to access the collaborative experience service. The computing platform may identify that attributes of the 5G device comply with a stored security policy, and grant access to the collaborative experience service in response. The computing platform may receive user interaction information from the 5G device, and may input the user interaction information into an anomaly detection model. Based on identifying that the interactions do not comprise an anomaly for the user, the computing platform may maintain the access to the collaborative experience service.

Abstract: Method of mutual authentication of a controllable electronic device (DE) and of its user (USER) able to control it so that it procures him a service (DS), the device (DE) containing sensitive or confidential data (DA) and being arranged so as to—in an operational phase (OP) including a preliminary step of authentication of the user (UAP)—, execute an operation (SO) so as to procure the service (DS), including, furthermore, a prior phase of authentication of the device (SDAP), in which the authenticity of the device (DE) is verified, so that if on completion of the prior phase of authentication of the device (SDAP), the device (DE) is confirmed to be authentic, the user (USER) can execute the operational phase (OP), whilst if the device (DE) is not confirmed to be authentic, the user (USER) can prevent the execution of the operational phase (OP).

Abstract: Techniques are described herein for performing authentication, and also “eager” or “lazy” fetch of data, for restricted webpages based on the restricted webpages being associated with an authentication tier in an AASD registry. Inclusion of a restricted webpage in the AASD registry enables AASD-based authentication for the webpage. According to embodiments, information for a restricted webpage included in the AASD registry includes one or more of the following for the webpage: an identifier, an authentication level, allowed fields, eager fetch fields, one or more sources for one or more fields, etc. When information for a webpage is included in the AASD registry, that information is used to perform eager fetch for one or more fields of the webpage that are not associated with authentication requirements indicated in the AASD registry information, or whose authentication requirements are already fulfilled by the requesting client.

Abstract: An example network manager receives, from a conductor switch of a switch stack, an active configuration. The network manager determines, based on the active configuration, switch model types for a plurality of switches of the switch stack. The network manager determines, based on the switch model types and the active configuration, a number of ports of the plurality of switches of the switch stack and a current configuration of each port of each switch of the switch stack. The network manager updates a device configuration element of a network management user interface to display the current configuration of each port of each switch of the switch stack in a manner that indicates that the switch stack is a single logical switch.

Abstract: Aspects described herein may relate to techniques for detecting login activity to a financial account during a knowledge-based authentication process. The login activity may be related to access to an online interface for the financial account. The detection of login activity during the authentication process my indicate that the integrity of the authentication process is compromised as login access may provide an individual with transaction data that may be used to answer transaction-based authentication questions. As a result of detecting login activity, an alternative authentication process may be initiated or an authentication request related to the financial account may be denied.

Abstract: A method for granting guest access to a control device includes detecting, by a monitoring control unit, a new connection of a guest device to a network, transmitting, by the monitoring control unit and to an authorized device, a request to grant access to the guest device to control a monitoring system, in response to the request, receiving, by the monitoring control unit, approval to grant access to the guest device to control the monitoring system, and in response to the approval, transmitting, by the monitoring control unit and to the guest device, (i) data that allows the guest device to access a web service and (ii) a temporary authentication token.

Abstract: The present disclosure is directed to systems and methods for securely managing and administering an encryption/decryption key using distributed ledger technology (DLT). In some examples, a client may possess a data attribute (or a dataset of data attributes). The client may receive tokenization parameters to apply to the data attribute to encrypt the data attribute. After tokenizing the data attribute, the client may then request the creation of an encryption key to be applied to the token. A third-party key management system (KMS) may create an encryption key and a salt. The salt may be applied to the token, and the salted token may then be encrypted. Additionally, a decryption key may be created and stored securely at the third-party KMS. The client may transmit the encrypted token to a third-party consolidation platform, wherein the consolidation platform requests access to the decryption key to unveil the underlying token.

Abstract: A server system receives a group operation request transmitted by a client. The group operation request is generated by the client in response to a trigger operation of a target group chat function, and includes a target identity and a target group chat function identifier. The server system determines a target group chat function use permission corresponding to the target identity. In accordance with a determination, based on the target group chat function use permission and the target group chat function identifier, that a user corresponding to the target identity has a permission to use the target group chat function, the server system transmits group operation result information to the client.

Abstract: A system for authorizing secured access using cryptographic hash value validations is provided. In particular, the system may receive requests from users and/or computing systems to obtain secured access a particular resource or to execute a certain process. In response, the system may require that the user and/or computing system complete additional required steps (e.g., a computation) before being granted access to the resources or processes. In this way, the system may prevent unauthorized or unintended access to the system's resources or processes.

Abstract: Systems, apparatuses, and methods are described for preauthorizing a batch of access rights licenses, e.g., Digital Rights Management (DRM) licenses, and storing them at a location. The preauthorization may be based on predicting a batch of content items to be viewed. The location may be a content server or a user device. After receiving a request from the user device to play back a content item of the batch of predicted content items, the DRM license may be provided from the storage location instead of performing an authorization operation to obtain one from a DRM server. Providing the DRM license from the storage location may take less time than performing the authorization operation to obtain the DRM license from the DRM server.

Abstract: Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.

Abstract: A first user device may receive, from a second user device, a request to communicatively couple to the first user device, and may establish a communication session with the second user device after receiving the request. The first user device may identify, after establishing the communication session, an inappropriate activity of the second user device relating to the communication session, and perform a set of actions based on identifying the inappropriate activity. The set of actions may include causing the communication session to be restricted, and providing, to a trust platform, a score for the second user device. The score may permit the trust platform to derive a composite score, indicative of a level of trustworthiness of the second user device, that enables other user devices, associated with the trust platform, to determine whether to grant access requests submitted by the second user device.

Abstract: Embodiments disclosed are directed to a computing system that performs steps to perform enhanced device fingerprinting using user contacts data. The computing system receives, from an application, a first plurality of device attributes identifying a client device on which the application is being used. The first plurality of device attributes includes first device identification data and first user contacts data. Subsequently, when a user is attempting to perform a transaction using the application on the client device, the computing system receives, from the application, a second plurality of device attributes identifying the client device on which the application is being used. The second plurality of device attributes includes second device identification data and second user contacts data. The computing system compares the second plurality of device attributes to the first plurality of device attributes to determine whether the user is authorized to perform the transaction.

Abstract: A key management method and a related device are provided. The method includes: receiving key generation request information; generating attribute access policy information on the basis of the key generation request information, the attribute access policy information being an attribute set for encrypting a data key; encrypting the data key on the basis of the attribute set for encrypting the data key; receiving key acquisition request information; on the basis of the attribute set for encrypting the data key, verifying whether attribute information of the key acquisition request information is included in the attribute set for encrypting the data key; and in response to the attribute information of the key acquisition request information being included in the attribute set for encrypting the data key, acquiring a destination data key on the basis of the attribute information of the key acquisition request information.

Abstract: A device configured to receive an access request for a website from an augmented reality device. The device is further configured to determine a user associated with the augmented reality device is authorized to access the website based on user credentials and to identify a user profile for the user associated with the user credentials. The device is further configured to identify information for flagged web pages that are associated with the website within the user profile and to generate a virtual environment with virtual objects that represent the flagged web pages. The device is further configured to provide access to the virtual environment for the augmented reality device.

Abstract: After a host client establishes a multimedia stream with a guest client, host data is received from a host application. A state machine is updated using the host data. The host application executes on the host client. Guest data is received from a guest application. The state machine is updated using the guest data. The guest application executes on the guest client. Transaction data is propagated between the host application and the guest application. The transaction data is presented with the multimedia stream. The transaction data includes the host data and the guest data. Provider data is generated responsive to updating the state machine with the host data and the guest data. The provider data is sent to the guest client. The provider data is presented with the multimedia stream by the guest application on the guest client.

Abstract: A system and method for connecting a processing device to a functional device connected to or in a base unit of a communications network, the base unit having a transmitter and the processing device having a memory, a display and an operating system. A first peripheral device is adapted to be coupled to the processing device via a generic communications protocol, the first peripheral device having a receiver and at least one fixed or configurable endpoint of the functional device exposed on the first peripheral device. The base unit and the first peripheral device is adapted to transmit and receive data respectively over the communications network from the functional device to the processing device via the at least one fixed or configurable endpoint using the generic communications protocol for communication between the processing device and the first peripheral device.

Abstract: In some examples, a computing device may implement a method that includes receiving microservice profile information at a microservice profiler, performing lexical analysis of the microservice profile information (where the lexical analysis produces tokenized information), generating microservice modification information by performing machine learning analysis of one or more inputs (where the one or more inputs comprise the tokenized information), and outputting the microservice modification information from the microservice profiler. The microservice profile information describes one or more characteristics of a microservice. The lexical analysis is performed by a lexical analysis engine of the microservice profiler, and the machine learning analysis is performed by a machine learning system of the microservice profiler.

Abstract: A method of coordinating engagement with a laundry appliance may include receiving one or more table conditions from an owner account for a notification table. The method may also include receiving a communication request from a remote user device of a guest user and recording a guest account to the notification table based on the received communication request. The method may still further include receiving a status signal from the laundry appliance and transmitting a notice signal to the guest account based on the status signal and the one or more table conditions.

Abstract: Embodiments are provided for a dropsite. In some embodiments, information is received on a creation location and a date and time of creation of a content item, and a determination is made if (i) the date and time of creation is within a predefined span of time, and (ii) the creation location is within a predefined geographical area to permit association of the content item with a shared folder whose inclusion criteria match said date and time and geographic location.

Abstract: A dual-mode mobile device and a method for coordinating calls for the dual-mode mobile device over a first and second connection within a controlled environment is disclosed. The method includes communications between a monitoring server and the dual-mode mobile device over the first connection while the dual-mode mobile device conducts the call over the second connection. The monitoring server transmits control messages to the dual-mode mobile device to control operations of the dual-mode mobile device and establishment of the call and also monitors operations of the dual-mode mobile device as well as the communications transmitted and received by the dual-mode mobile device during the call.

Abstract: Disclosed herein are system, method, and computer program product embodiments for categorizing customer complaints on social media using a model trained on customer voice calls or chats with agents. Additionally, users interested in monitoring regulatory compliance issues based on customer complaints can receive notifications regarding complaints that are linked to regulatory topic areas, without the need to manually scan vast numbers of social media postings.

Abstract: Embodiments of the invention are directed to an automated account restoration system. In some embodiments, the system determines a state of an account based on a likelihood that the account has been compromised. If the account is determined to be in a low-risk state, then upon an successful login to that account, a verification cookie may be generated which is unique to a user device used to access the account. If the account is determined to be in a high-risk state, then system may prevent access to the account except by user devices that include a valid verification cookie.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to provide authenticated and authorized communication, node protection, and prevention of a compromised node from contaminating other nodes.

Abstract: The present disclosure provides methods and devices for key management. In one example, a method of key management comprises: obtaining, at a user device, a number of users in a group of users and a minimum number of users for restoring a transaction key; randomly generating the transaction key; splitting the transaction key into a plurality of sub-keys, the number of sub-keys being the same as the number of users; and sending the plurality of sub-keys to a management device, each of the plurality of sub-keys being encrypted with a public key of a user corresponding to a sub-key.