Abstract: Multifactor authentication of secure transmission of data, including, receiving, from a first computing device associated with a first user, identifying information associated with a second user; transmitting, based on the identifying information, a request for data; receiving the data from a second computing device associated with the second user; dynamically generating a textual statement, at least a portion of the textual statement based on at least a first portion of the data; receiving, via a first communication channel, a first communication that includes a media recording reciting the dynamically generated textual statement; receiving, via a second communication channel, a second communication indicating a second portion of the data; verifying, based on the first communication and the second communication, an authenticity of the second user; and transmitting the data to the first computing device in response to the verification.

Abstract: In an embodiment, a method includes receiving, via a processor, identity provider (IDP)/single sign on (SSO) data that is associated with an IDP and an SSO entity. The IDP and the SSO entity manage access to a plurality of cloud-based applications for a plurality of user compute devices for a plurality of users. The method further includes generating, via the processor and without accessing the plurality of cloud-based applications, analytics based on the IDP/SSO data. The method further includes causing, via the processor, an action based on the analytics.

Abstract: An example method comprises receiving, by a secure content system, an email from a sender to a recipient, scanning the contents of the email, evaluating the contents of the email based on a plurality of security rules, storing the sensitive data within a secure storage, generating a replacement email including a security link and not including at least the sensitive data, the security link providing a requester access to the sensitive data providing that a security function is satisfied, sending the replacement email including the security link to the recipient, receiving a request to access the sensitive data, the request being related to the security function challenging the requester using the security function, receiving, from the requester, a response to the security function, determining if the security function is satisfied by the response, and if the security function is satisfied, providing access to the sensitive data to the requester.

Abstract: A system for treating an aneurysm in a blood vessel or vein, wherein the aneurysm has a dome, an interior, and a neck. The system includes a shape memory polymer foam in the interior of the aneurysm between the dome and the neck. The shape memory polymer foam has pores that include a first multiplicity of pores having a first pore size and a second multiplicity of pores having a second pore size. The second pore size is larger than said first pore size. The first multiplicity of pores are located in the neck of the aneurysm. The second multiplicity of pores are located in the dome of the aneurysm.

Abstract: A system for real-time security and facility supervision includes a plurality of cameras that continuously generate and stream audiovisual data. A computing device receives the streams and generates virtual rooms that include one or more of the streams. The computing device also monitors the streams and uses image recognition techniques to determine whether an event is occurring at the location being monitored. Upon detecting an event, the computing device matches a corresponding agent computing device to the virtual room where the event was detected.

Abstract: Embodiments described herein provide for systems and methods for voice-based cross-channel enrollment and authentication. The systems control for and mitigate against variations in audio signals received across any number of communications channels by training and employing a neural network architecture comprising a speaker verification neural network and a bandwidth expansion neural network. The bandwidth expansion neural network is trained on narrowband audio signals to produce and generate estimated wideband audio signals corresponding to the narrowband audio signals. These estimated wideband audio signals may be fed into one or more downstream applications, such as the speaker verification neural network or embedding extraction neural network. The speaker verification neural network can then compare and score inbound embeddings for a current call against enrolled embeddings, regardless of the channel used to receive the inbound signal or enrollment signal.

Abstract: Embodiments disclosed herein include software processes executed by a computer for encoding and decoding watermarks for a speech signal in a call signal communicated via telephony channels. An encoder uses Linear Predictive Coding (LPC) to analyzes the call signal's spectral envelope and embeds the watermark into the LPC log-spectrum of the speech signal of the call signal. The encoder may reduce the watermark's strength at a formant peak of the speech signal, balancing the watermark's robustness and detectability. A deep decoder includes a neural network architecture trained on watermarked and watermark-free speech signals having various types of degradation to extract a feature vector of a call signal and compute a watermark detection score for one or more frames or for the call signal. At inference time, the deep decoder detects the watermark when the watermark detection score satisfies a detection threshold.

Abstract: A method of obtaining and automatically providing secure authentication information includes registering a client device over a data line, storing information and a changeable value for authentication in subsequent telephone-only transactions. In the subsequent transactions, a telephone call placed from the client device to an interactive voice response server is intercepted and modified to include dialing of a delay and at least a passcode, the passcode being based on the unique information and the changeable value, where the changeable value is updated for every call session. The interactive voice response server forwards the passcode and a client device identifier to an authentication function, which compares the received passcode to plural passcodes generated based on information and iterations of a value stored in correspondence with the client device identifier. Authentication is confirmed when a generated passcode matches the passcode from the client device.

Abstract: Embodiments described herein provide for passive caller verification and/or passive fraud risk assessments for calls to customer call centers. Systems and methods may be used in real time as a call is coming into a call center. An analytics server of an analytics service looks at the purported Caller ID of the call, as well as the unaltered carrier metadata, which the analytics server then uses to generate or retrieve one or more probability scores using one or more lookup tables and/or a machine-learning model. A probability score indicates the likelihood that information derived using the Caller ID information has occurred or should occur given the carrier metadata received with the inbound call. The one or more probability scores be used to generate a risk score for the current call that indicates the probability of the call being valid (e.g., originated from a verified caller or calling device, non-fraudulent).

Abstract: A system and a method are disclosed for verifying a suspicious electronic communication. To this end, a secure communications service may detect an electronic communication comprising an identifier of a purported originator of the electronic communication and an identifier of an intended recipient, and determine that an attribute of the electronic communication corresponds to a suspicious attribute. Responsively, the service may intercept the electronic communication and storing the electronic communication in purgatory memory, so as to prevent the electronic communication from being populated in a private repository of the intended recipient, transmit a verification message, and receive a reply to the verification message that verifies the authenticity of the electronic communication.

Abstract: Providing policy check functionality to file uploads is disclosed. An attempted file upload is detected at a browser isolation system. A user of a client is prompted to provide a credential associated with the file and usable to access contents of the file. A policy is applied to the file upload.

Abstract: Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner.

Abstract: Memory access control in a virtualization environment is provided. Sets of page tables are maintained, with each set corresponding to a given hypervisor application and guest virtual machine (VM), and each set including mappings to a subset of the guest VM memory to thereby limit an amount of the quest VM memory that is accessible Presentation of these sets is controlled to present just one of the sets at any given time for hypervisor processing to access guest VM memory.

Abstract: A method comprises communicating training data to a computing device to in situ train a user on how to identify potential security incidents; tracking performance of the user based on the training data; and storing a profile of the user in a database, the profile indicating a level of performance of the user.

Abstract: An access control server may receive, from an access requester, an access request for accessing a protected autonomous program protocol stored on a blockchain. The access control server may analyze parameters related to the access requester to determine whether the access requester is authorized to access the protected autonomous program protocol. An access control server may generate a cryptographic signature associated with the access request. An access control autonomous protocol recorded on the blockchain may receive the cryptographic signature, verify the cryptographic signature, and store proof of authorization in association with the protected autonomous program protocol. The proof of authorization is accessible by the protected autonomous program protocol to verify that the access requester is authorized to access the protected autonomous program protocol.

Abstract: A cloud security control platform and method enforces security controls across multiple cloud environments, services and disparate teams while providing a frictionless “Permissions on Demand” mechanism for approvals and exceptions. In contrast to the prior art, security is evaluated on a permission by permission basis, with the default being that all permissions are denied and then only given to a particular identity on an as-needed basis. This approach reduces the security risks associated with the vast capabilities available in Public Cloud environments and permits an organization that uses the platform to grant access, approve exceptions and delegate approvals with the appropriate compliance.

Abstract: Disclosed is a system for customizing protections provided to different application programming interfaces (“APIs”) and different functions of an API based on different API context and user context associated with the different APIs and the different functions of each API. The system receives a particular API, determines API context for proper usage of one or more functions of the particular API, and determines user context associated with endpoints properly accessing the one or more functions. The system generates a model for differentiating between proper and improper use of the one or more functions based on contextual relationships between different combinations of the API context and the user context. The system monitors usage of the one or more functions based on the model, and performs an action that is associated with the model in response to the usage violating the contextual relationships for the one or more functions.

Abstract: The embodiments execute machine-learning architectures for biometric-based identity recognition (e.g., speaker recognition, facial recognition) and deepfake detection (e.g., speaker deepfake detection, facial deepfake detection). The machine-learning architecture includes layers defining multiple scoring components, including sub-architectures for speaker deepfake detection, speaker recognition, facial deepfake detection, facial recognition, and lip-sync estimation engine. The machine-learning architecture extracts and analyzes various types of low-level features from both audio data and visual data, combines the various scores, and uses the scores to determine the likelihood that the audiovisual data contains deepfake content and the likelihood that a claimed identity of a person in the video matches to the identity of an expected or enrolled person.

Abstract: The embodiments execute machine-learning architectures for biometric-based identity recognition (e.g., speaker recognition, facial recognition) and deepfake detection (e.g., speaker deepfake detection, facial deepfake detection). The machine-learning architecture includes layers defining multiple scoring components, including sub-architectures for speaker deepfake detection, speaker recognition, facial deepfake detection, facial recognition, and lip-sync estimation engine. The machine-learning architecture extracts and analyzes various types of low-level features from both audio data and visual data, combines the various scores, and uses the scores to determine the likelihood that the audiovisual data contains deepfake content and the likelihood that a claimed identity of a person in the video matches to the identity of an expected or enrolled person.