Abstract: A system for decrypting encrypted data may include a data storage server that may store encrypted data in a server memory, communicate a portion of the encrypted data to a first user device, and generate an access code for decrypting the portion of the encrypted data. The data storage device may also communicate the access code to a second user device. The first user device may display, on a first device display, a visual representation of the portion of the encrypted data. The second user device may acquire the visual representation of the portion of the encrypted data from the first device display, decrypt the portion of the encrypted data based upon the access code and the visual representation, and display the decrypted portion of the encrypted data on a second device display.

Abstract: Methods for authenticating a user account are generally described. In various examples, the methods may comprise performing a first handshake comprising sending authentication data to a first computing device. The authentication data may include a handshake identifier, a user token, and an encryption key. In some examples, the methods may further comprise storing the handshake identifier, the user token, and the encryption key in a database. The methods may further comprise receiving a request for verification of a transaction. The request may comprise the handshake identifier and an encrypted user token. The user token and the encryption key may be retrieved from the database based at least in part on the handshake identifier of the request. The encryption key may be used to decrypt the encrypted user token. A determination may be made that the decrypted user token matches the user token retrieved from the database.

Abstract: Methods, systems, and computer devices are included for data backup. An example method includes receiving an activation signal from a hardware input of a data storage device that is operating in a read-only mode. In response to receiving the activation signal, a backup application is provided from the data storage device to a computing device that is communicatively coupled to the data storage device. An authenticated session is established between the data storage device and the backup application that is executed on the computing device. Backup data from the computing device is received via the authenticated session. The authenticated session causes the data storage device to operate in at least a write mode with respect to the received backup data during the authenticated session. The received backup data is written to the data storage device. If the authenticated session is terminated, the data storage device returns to a read-only mode.

Abstract: A security inspection system verifying a security system of electronic equipment may include an inspector having: a communicator connecting wireless diagnostic communication with the electronic equipment entering a process line; a KMS inspection portion inspecting a management state of generation and destruction of encryption key of a key management system device included in the electronic equipment; an application firewall inspection portion inspecting security policy of an application firewall disposed in a gateway of the electronic equipment; a version inspection portion updating at least one of a patch program and a firmware of the security system included in the electronic equipment; a database storing a program and data for a security inspection of the electronic equipment; and a controller performing diagnostic test of a firewall installation state, an encryption key management state, a transmission/reception state of an encrypted message, or blocking of abnormal data of the security system.

Abstract: Improved systems and techniques are disclosed for controlling the security states of anti-theft security systems such as product display assemblies using security fobs. According to an example embodiment, a manager security fob and another security fob that is to be authorized for use in controlling the security status of a product display assembly can interact with a system in accordance with a defined sequence to add the another security fob to an authorization list for the product display assembly. For example, the defined sequence can be a connection of the manager security fob with the system, followed by a disconnection of the manager security fob from the system, followed a connection of the another security fob with the system within a defined window.

Abstract: This disclosure relates to systems, devices, and methods for receiving security configuration information and malware state information for a plurality of client devices, the security configuration information comprising identification of at least one of security parameters, hardware configurations, or software configurations of each of the plurality of client devices, and the malware state information comprising identification of at least one or more types of malware on each of the plurality of devices. The security configuration information and malware state information may be analyzed to identify which client devices from the plurality of devices have a security configuration that places the identified client devices in a vulnerable security state.

Abstract: Techniques facilitating cloud-native extensibility provided to security analytics are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components can comprise a security component that implements an instance of an encapsulated security application. The encapsulated security application can be embedded into a container image as an extended analytic script. The computer executable components can also comprise an execution component that applies the instance of the encapsulated security application to a simulated system state of a computing device during subsequent scanning operations that result in respective analytics for scanning operations of the subsequent scanning operations.

Abstract: Example method includes: identifying three relationships about a network function in an intent-based stateful network—(1) the network function forwarding a network packet implies that at least one previous network packet was received by the network function in the same direction prior to the network packet is forwarded, (2) an established state in the network function implies that at least one previous network packet was received at the network function, (3) the network function receiving the network packet as a downward network function implies the network packet was previously sent by a second network function acting as an upward network function; encoding the network function using a combination of at least one of the three identified relationships; and verifying a plurality of network intents in the intent-based stateful network based at least in part on the encoding of the network function.

Abstract: Analysis of samples for maliciousness is disclosed. A sample is executed and one or more network activities associated with executing the sample are recorded. The recorded network activities are compared to a malware profile. The malware profile comprises a set of network activities taken by a known malicious application during execution of the known malicious application. A verdict of “malicious” is assigned to the sample based at least in part on a determination that the recorded network activities match the malware profile.

Abstract: In response to receiving a second verification record of a second location and time at which a user is verified as present by a second internet of things (loT) device based on biometric input recognition, a proximity service maintains the second verification record in association with a user identifier only if travel between the second location and a first location previously recorded at a first time prior to the second time is feasible as determined by a mapping service. In response to receiving a verification request for verifying feasibility of the proximity of an authorized user of an account identifier at a third location at which the account identifier is presented with a transaction request and detecting the second verification record is maintained, the proximity service verifies the feasibility of the proximity of the authorized user as present at the third location in view of the second location and time.

Abstract: A system to generate a graphical user interface to display a presentation of a set of shared user groups between users of a social networking service is described. Embodiments of the present disclosure relate generally to systems for: receiving an identification of a second user from a user account of a first user; identifying a user group that includes the first user and the second user in response to the identification of the second user from the user account of the first user; retrieving user identifiers of the first user and the second user, wherein the user identifiers may include graphical avatars; generating a group identifier based on the user identifiers; and causing display of a presentation of the user group at a client device.

Abstract: Systems and methods for providing access to media content by connecting, to a public device, a private device that has an installed application associated with the media content. A media guidance application may receive a communication from a private device, running a private interface application, requesting to access content using the public device. In response, the media guidance application may retrieve, at the public device, a public interface application associated with the private interface application, from a content provider of the content. The private interface application may be configured to control a graphical user interface of the public interface application. Accordingly, the user may be able to access content via the public device when the private device is within a predetermined proximity to the public device.

Abstract: A security service of a computing resource service provider provides security scores for application program interfaces (APIs) and other security information to an API marketplace or other endpoints. The security score may be based at least in part on component information associated with computing resources implementing the API. The security service may obtain access to the computing resources and collect various components from the computing resources. The components may then be used to determine a security score of an API offered from consumption on the API marketplace. The security service may then publish the security score to the API marketplace or other endpoint.

Abstract: The present invention discloses a software security verification method, a device, and a system, and relates to the communications field, so as to resolve a problem in the prior art that security verification on a VNF packet increases a VNF instantiation delay and reduces VNF instantiation performance. In a specific solution, after a first device receives an instantiation request of a VNF, the first device performs security verification on a stored VNF packet of the VNF when or after starting to instantiate the VNF according to the instantiation request of the VNF, and the first device sends first result information to a second device when security verification on the VNF packet of the VNF succeeds. The first result information includes information that security verification on the VNF packet of the VNF succeeds. The present invention is applied to software security verification.

Abstract: A method for access control on an electronic device includes the step of generating, by an electronic device, a certificate signed by a keymaster, the electronic device running an operating system, the operating system capable of distinguishing between applications and application processes and providing an execution environment. The method also includes the steps of indicating, by the certificate, an access privilege for an approved accessor and receiving from an application, a request subject to the access privilege indicated by the certificate. The method further includes the steps of identifying the application from which the request subject to the access privilege was received and determining, using the certificate, whether the application is an approved accessor.

Abstract: Detecting and blocking content that can develop undesired behavior by artificial intelligence (AI) entities toward users during a learning process is provided. Input information is received for a set of one or more AI entities. Characteristics of the input information are evaluated based on rules of a selected policy from a set of policies and learned characteristics of information associated with a corpus of information. It is determined whether a result of evaluating the characteristics of the input information exceeds a predefined threshold. In response to determining that the result of evaluating the characteristics of the input information exceeds the predefined threshold, the input information for the set of AI entities is filtered by performing a selective filtering action, using a firewall, based on context of the input information.

Abstract: A method and apparatus for dynamic integration of a covert namespace are provided. A Software-Defined Networking (SDN) controller is configured to send a request for workload transfer to an endpoint where the endpoint is connected to a virtual switch. The SDN controller determines that a connection between the endpoint and the virtual switch is secure based on a tenant-specific policy associated with the endpoint. A first covert namespace is configured to be connected between the endpoint and the virtual switch to communicate to the endpoint and the virtual switch directly. The operations of the virtual switch are executed using the first covert namespace according to the tenant-specific policy. A workload is caused to be transmitted to the endpoint through the first covert namespace.

Abstract: An example operation may include one or more of connecting to a blockchain configured to store an identity trait of a user, retrieving the identity trait from the blockchain, establishing a trust group homomorphism digital signature algorithm (DSA) for the user based on a private key, creating a zero knowledge succinct non-interactive argument of knowledge (zkSNARK) proof constructed based on a DSA of a trait in the trust group homomorphism DSA as witness data, and obtaining further trust information related to the user from the witness data.

Abstract: Systems, computer program products, and methods are described herein for cross platform user event record aggregation system. The present invention is configured to receive one or more exposure events from one or more detection systems; determine that a combination of at least a portion of the one or more exposure events indicates an intrusion in at least one of the one or more detection systems, thereby requiring elevated review of each exposure event; initiate the elevated review based on at least the indication of the intrusion; determine whether the intrusion is benign or harmful; and re-train the machine learning algorithm based on at least determining whether the intrusion is benign or harmful, thereby adjusting the score for future incidents of each exposure event in the combination of at least a portion of the one or more exposure events.

Abstract: Disclosed embodiments provide techniques for data communication to mobile electronic devices utilizing nodes equipped with directional transmitters. The mobile electronic devices are classified as registered or unregistered. A current location for each mobile electronic device in an area is determined. A registered mobile electronic device is identified from a group of mobile electronic devices. Based on the determined location, a distance to a registered mobile electronic device from a transmitter is determined. The transmitter is a directional transmitter, capable of transmitting along a sector. A sector corresponding to the registered mobile electronic device based on an angle range and distance from a transmitter to the registered mobile electronic device is determined.