Abstract: Techniques for detecting emails that pertain to Internet services are disclosed. Information about such emails can be recognized by performing a discrete analysis of the email before delivering the email to the user and determining whether a corrective action is warranted. Such emails can be recognized by heuristic pattern analysis that scans incoming emails for patterns known to pertain to certain Internet services. Emails relating to other Internet services can be detected by a machine learning classifier that uses labeled training data. These accesses to Internet services can be written to a database. In many implementations, such discrete analysis is performed after an email has been classified as legitimate by one or both of a spam filter and a malware detector. An aggregate analysis, whose output can also update the database, can provide a broad picture of Internet service usage within a set of email users (e.g., by department).

Abstract: A data security server system includes a first network proxy, a data classifier, an operation pipeline module, a vault database, security infrastructure, and second network proxy that function as secure data tunnel mechanisms through which network data containing sensitive information passes through. The data classifier identifies data payloads having data fields that require processing and routes these data payloads to an operation pipeline module which can redact, tokenize or otherwise process sensitive data before the data payload exits the system. The data classifier also reverses the process by identifying data payloads having redacted or tokenize data fields and restoring the sensitive data to these data fields.

Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.

Abstract: Utterances of at least two speakers in a speech signal may be distinguished and the associated speaker identified by use of diarization together with automatic speech recognition of identifying words and phrases commonly in the speech signal. The diarization process clusters turns of the conversation while recognized special form phrases and entity names identify the speakers. A trained probabilistic model deduces which entity name(s) correspond to the clusters.

Abstract: A portable radio device incorporating active thermal mitigation systems, and methods of use thereof. An example radio device incorporating an active thermal mitigation system may comprise a portable radio device selectively connectable or otherwise interoperable with a power adapter or battery device, wherein the power adapter or battery device includes an active thermal mitigation system. The system may include a micro-fan, blower, or other similar device configured to generate airflow, and may be configured to direct a flow of air or other fluid towards the radio device. The system may further include one or more fins or other features for directing and/or enhancing fluid flow, as well as sensors and control features to vary flow depending on temperature of the radio device or other variables. Thus, the system allows for the continuous cooling the radio device via convection without requiring the incorporation of the active thermal mitigation system within the radio device.

Abstract: A method includes identifying a first group of objects generated by security tools during a first time interval and containing cotemporal, analogous characteristics identifying a first endpoint device connected to a computer network; based on the first group of objects, confirming detection of the first endpoint device by a first security tool and a second security tool during the first time interval; identifying a second group of objects generated by security tools during a second time interval and containing cotemporal, analogous characteristics identifying the first endpoint device; based on the second group of objects, confirming detection of the first endpoint device by the second security tool during the second time interval; and responsive to absence of detection of the first endpoint device by the first security tool during the second time interval, generating a source remove event specifying removal of the first security tool from the first endpoint device.

Abstract: A method of obtaining and automatically providing secure authentication information includes registering a client device over a data line, storing information and a changeable value for authentication in subsequent telephone-only transactions. In the subsequent transactions, a telephone call placed from the client device to an interactive voice response server is intercepted and modified to include dialing of a delay and at least a passcode, the passcode being based on the unique information and the changeable value, where the changeable value is updated for every call session. The interactive voice response server forwards the passcode and a client device identifier to an authentication function, which compares the received passcode to plural passcodes generated based on information and iterations of a value stored in correspondence with the client device identifier. Authentication is confirmed when a generated passcode matches the passcode from the client device.

Abstract: Systems and methods to produce shared secret data are generally described. In some examples, a first device may receive a first public key from a second device. The first device may produce a first public key based on the first public key of the second device. The respective private keys of each device may be associated with the first public keys of each device. Each device may produce a second public key based of respective private keys and the other devices first public key. Each device may transmit a second public key to the other device. The first device may produce the shared secret data based on its private key and the second public key of the second device. The second device may produce the shared secret data based on its private key and the second public key of the first device.

Abstract: A system and method of providing pin-level encryption to low-information signals is provided. The system comprises a first system and a second system communicatively coupled together. The second system comprises a signal generator and a one-time pad (OTP) key mixer. An emanator is communicatively coupled to the first system and the second system and is configured to emanate an OTP key to both the first system and the second system. The OTP key mixer is configured to apply the OTP key to a low-information signal from the signal generator prior to transmitting the low-information signal to the first system.

Abstract: A system for generating channel-compensated features of a speech signal includes a channel noise simulator that degrades the speech signal, a feed forward convolutional neural network (CNN) that generates channel-compensated features of the degraded speech signal, and a loss function that computes a difference between the channel-compensated features and handcrafted features for the same raw speech signal. Each loss result may be used to update connection weights of the CNN until a predetermined threshold loss is satisfied, and the CNN may be used as a front-end for a deep neural network (DNN) for speaker recognition/verification. The DNN may include convolutional layers, a bottleneck features layer, multiple fully-connected layers and an output layer. The bottleneck features may be used to update connection weights of the convolutional layers, and dropout may be applied to the convolutional layers.

Abstract: Disclosed techniques include integrated cybersecurity state change buffer service. A plurality of network-connected cybersecurity threat protection applications is accessed. A background synchronization service is initiated. The background synchronization service receives status from at least one of the plurality of cybersecurity threat protection applications. The status comprises high-volume incoming status data. The status is monitored, using the background synchronization service. A real-time state change in the status is identified, based on the monitoring. The identifying a real-time state change includes quantifying incoming data associated with the status. An actionable response is triggered, based on the state change that was identified. The actionable response enables self-healing of a connected security orchestration, automation, and response (SOAR) application system. The status is processed, using the background synchronization service, to provide the actionable response.

Abstract: The application is applicable for use in conjunction with a system that includes connected vehicle communications in which vehicles in the system each have an onboard processor subsystem and associated sensors, the processor subsystem controlling the generation, transmission, and receiving of messages communicated between vehicles for purposes including crash avoidance. A method is set forth for determining, by a given vehicle receiving messages, the occurrence of misbehavior, including the following steps: processing received messages by performing a plurality of plausibility determinations to obtain a respective number of plausibility measurements; determining at least one context for the region at which the given vehicle is located; weighting the plurality of plausibility measurements in accordance with values determined from the at least one context to obtain a respective plurality of plausibility indicator values; and deriving a misbehavior confidence indicator using the plausibility indicator values.

Abstract: Systems and methods of cyber hardening software by modifying one or more assembly source files. In some embodiments, the disclosed SME tool transparently and seamlessly integrates into the build process of the assembly source files being modified. For example, upon integration of the disclosed SME tool into the application's development environment, the modifications in the final executable are transparent to the developer and can support other cyber hardening techniques. The SME tool includes a preprocessing tool for identifying attributes (e.g., functions) associated with the assembly source file. The SME tool also includes a transformation tool for making modifications of the assembly source file. In some embodiments, the transformations correspond to applying one or more transformations to the attributes associated with the assembly source file.

Abstract: This technology maintains de-identified visit data to a plurality of websites from assigned user identifiers (UIDs) corresponding to a plurality of clients. The assigned UIDs include a different assigned UID for each client-website pair, the de-identified visit data associating the assigned UIDs to a plurality of groups. A first group from the groups is determined based on first request data corresponding to a first request from a client to a web server system. First group visit data describing visits to a set of the websites by assigned UIDs belonging to the first group is obtained from the de-identified visit data. Affinity data, comprising at least one affinity score for at least one of the websites, is generated based on the first group visit data. Generation of affiliate content based on the affinity data is caused, where the affiliate content corresponds to the at least one of the websites.

Abstract: A computer-implemented method of providing data governance as data flows within and between networks, comprising: using a global computing device, retrieving data stored in a plurality of local ledgers and written by a plurality of local computing devices, wherein validity of the data stored in the plurality of local ledgers has not been verified prior to writing; using the global computing device, determining that the plurality of local ledgers is cryptographically consistent and, in response to the determination, updating a global ledger with the data stored in the plurality of local ledgers.

Abstract: A method non-transitory computer readable medium, device and system that receives one of one or more requests from a client to a web server system. An interstitial page is served to the client and comprises instrumentation code that, when executed at the client, collects telemetry data. The telemetry data is received and a threat analysis is performed on the telemetry data collected in association with the one of the requests. A determination is made on when, based on the performing the threat analysis, that the one of the requests is from a potential attacker. When the determination indicates the one of the requests is not from the potential attacker then the one of the requests is allowed.

Abstract: Embodiments described herein provide for automatically classifying the types of devices that place calls to a call center. A call center system can detect whether an incoming call originated from voice assistant device using trained classification models received from a call analysis service. Embodiments described herein provide for methods and systems in which a computer executes machine learning algorithms that programmatically train (or otherwise generate) global or tailored classification models based on the various types of features of an audio signal and call data. A classification model is deployed to one or more call centers, where the model is used by call center computers executing classification processes for determining whether incoming telephone calls originated from a voice assistant device, such as Amazon Alexa® and Google Home®, or another type of device (e.g., cellular/mobile phone, landline phone, VoIP).

Abstract: A method for monitoring endpoint devices affiliated with a computer network includes: for each security technology, accessing a set of objects generated by the security technology during a time interval and representing characteristics endpoint devices configured with the security technology, partitioning object groups representing individual endpoint devices, and aggregating characteristics represented in each object group into an endpoint device container associated with the security technology and containing identifying data and status data representing one endpoint device; identifying a first subset of endpoint devices configured with first and second security technologies based on correspondence between data contained endpoint device containers associated with the first and second security technologies; and identifying a second subset of endpoint devices configured with the first security technology and excluding the second security technology based on absence of correspondence between data contained in

Abstract: Provision of a virtual secure cryptoprocessor (VSC) for a guest virtual machine (VM), part of a first guest, of a hypervisor of a computer system, includes (i) storing guest VM state and VSC state together in an encrypted virtual hard disk drive file, (ii) storing a decryption key in a sealed partition, of a second guest, sealed against a physical secure cryptoprocessor, (iii) based on verifying that a host computing environment of the computer system is in a trusted state and on booting the hypervisor thereon, unsealing the sealed partition of the second guest, the unsealing providing the decryption key, and decrypting the encrypted virtual hard disk drive file using the decryption key, where the decrypting decrypts the stored guest VM state for execution of the guest VM and decrypts the VSC state to provide the VSC for use by the guest VM.

Abstract: Disclosed are systems and methods including computing-processes executing machine-learning architectures for voice biometrics, in which the machine-learning architecture implements one or more language compensation functions. Embodiments include an embedding extraction engine (sometimes referred to as an “embedding extractor”) that extracts speaker embeddings and determines a speaker similarity score for determine or verifying the likelihood that speakers in different audio signals are the same speaker. The machine-learning architecture further includes a multi-class language classifier that determines a language likelihood score that indicates the likelihood that a particular audio signal includes a spoken language. The features and functions of the machine-learning architecture described herein may implement the various language compensation techniques to provide more accurate speaker recognition results, regardless of the language spoken by the speaker.