Abstract: A device and method manage digital data. The device and method may receive a trusted-phrase text string at a client device. The device and method may receive an application pin number (APN) associated with a user. The device and method may process the APN to determine a selector value. The device and method may extract a portion of the trusted-phrase text string based on the selector value to yield a sub-trusted-phrase text string, generating a storage access ID (SAID), the SAID including the APN and the sub-trusted-phrase-text string encrypted using the trusted-phrase text string as an encryption phrase; and, outputting the SAID to an external device, for creation of a data storage location at a storage server, the data storage location having a name based on the SAID. The device and method may include ability to recover the trusted-phrase text string.

Abstract: Systems and methods for predictive analysis of potential attack patterns based on contextual security information are described.

Abstract: Methods and systems for secure geolocation-based data access control include a server that captures a data access request from a remote device and determines whether the requestor geolocation corresponds to a non-restricted zone or a restricted zone. The server determines whether the requestor identity has permission to receive a full view or a masked view of data. The server retrieves data responsive to the data query and generates a response to the data access request, the response including a full view or a masked view of the retrieved data. When the generated response comprises a masked view, the server determines that the user of the remote device has requested a full view of the responsive data, authenticates the remote device using the requestor identity, and updates the generated response to comprise the full view of the retrieved data. The server device transmits the generated response to the remote device.

Abstract: A computer-implemented method, a computer program product, and a computer system for log anomaly detection. A computer receives a windowed log of incoming raw log messages. A computer compares statistical distribution metrics of entities in the windowed log with a statistical distribution extracted from a real-time statistical model for the entities. In response to the statistical distribution metrics being statistically different from the statistical distribution extracted from the real-time statistical model for the entities, a computer tags the windowed log as an entity anomaly. A computer computes a distance between an average word embedding vector in the windowed log and a statistical distribution extracted form a real-time statistical model for word embeddings. In response to the distance being greater than a predetermined threshold, a computer tags the windowed log as a word embedding anomaly. A computer sends to a user an alert with an anomaly severity level.

Abstract: The present disclosure provides systems and methods for predicting attack types and likelihood the attack types will occur for new vulnerabilities. According to the present disclosure, the method includes receiving a disclosure of a new vulnerability, the disclosure comprising a plurality of vulnerability details. The method includes developing a series of vulnerability features associated with the details of the new vulnerability. The method includes extracting each of the vulnerability features into intermediate inputs. The method includes providing each of the intermediate inputs to one or more attack type classifiers to thereby determine if an attack type is associated with the new vulnerability. The method includes determining ranking for each of the one or more attacks occurring for the new vulnerability. The method finally includes assigning one or more attack type labels to the new vulnerability based on each attack type associated with the new vulnerability. Other aspects are also described.

Abstract: The present disclosure relates to systems and methods for using haptic vibration for inter-device communication. In one implementation, a system for inter-device communication using haptic vibration may include at least one force gauge configured to measure displacements caused by an external device in contact with the at least one force gauge; at least one memory storing instructions; and at least one processor configured to execute the instructions to: receive an identifier associated with a user; retrieve a pattern associated with the received identifier; receive, from the at least one force gauge, one or more measurements over a period of time; assess a degree of difference between the received one or more measurements and the retrieved pattern; and, when the degree of difference is below a threshold, authenticate the user.

Abstract: A wireless LAN communication system which achieves convenience where a terminal of a user who is external to an organization can temporarily use the system while ensuring security. For example, a first terminal is used by a user internal to an organization and a second terminal is used by a user external to the organization. A communication device has a display function and the first terminal connects to the communication device via a wireless LAN access point device. The second terminal connects, under permission from the first terminal, to the communication device via the wireless LAN access point. The second terminal uses the display function of the communication device through the connection via the wireless LAN access point. The first terminal and the communication device confirm whether the permission is to be continued or terminated to make the second terminal unable to use the display function.

Abstract: A method and an apparatus for custom development of a payment application, a computer equipment and a storage medium. The method includes: acquiring a resource file uploaded by a user terminal to an application market server through an application market client; writing the resource file into a device operation service; acquiring the resource file from the device operation service through a device operation interface, and saving the same in a storage space of an application; and loading the resource file saved in the storage space of the application through the application, and executing a function of the resource file.

Abstract: A microcontroller is provided and comprises a central repository, a processing device, and a firewall. Rule repository memory in the central repository stores one or more access rules defining an access permission of a software context to one or more target resources of the microcontroller. The firewall receives a bus transaction initiated based on an instruction and determines whether any access rule stored in memory of the firewall defines the access permission of the software context to a destination resource. If no access rule stored in the firewall memory defines the access permission, the firewall communicates a miss query condition to the central repository. The central repository searches the rule repository memory for an access rule defining the access permission of the software context to the destination resource, and if a related access rule is found, the related access rule is stored in the firewall memory.

Abstract: Systems and methods for authenticating a user may include transmitting a request for a first set of information after validation of authentication information; receiving a response comprising the first set of information; parsing the first set of information using one or more template-based algorithms by scanning one or more websites to determine publicly available information associated with a user; comparing compare one or more results of the parsing with a second set of information to yield compromised information associated with the user; eliminating one or more portions of the second set of information based on the comparison; presenting a third set of information to authenticate the user based on the elimination and by supplementing the first set of information with a fourth set of information; and presenting a fifth set of information to authenticate the user if the third set of information fails to reach a predetermined threshold number.

Abstract: A computer processing system configured to effectuate lower-order masking in a higher-order masked design that includes a DOM Multiplication gate of order M operably configured to receive M+1 data shares for each of a plurality of variables and operably configured to perform a lower order masking of N. As used herein, M is greater than N, by disabling at least one cross-domain computation of the M+1 data shares between N+1 data shares and M?N data shares. To that end, the system and method of effectuating lower-ordered masking in a higher-order masked design beneficially by being operable to disable cross-domain computations to perform the lower-order masked operations.

Abstract: Systems and methods for securing data transmissions using distance measurements are disclosed. A mobile device (such as a smart phone) and a base station can use ultra-wideband technology to determine the distance between the two devices. The distance measurements produced by the mobile device and the base station can be compared, directly or indirectly by the mobile device, the base station, and/or an access device to determine whether the mobile device is present at an access device or if the mobile device is not present at the access device (as expected during a relay attack). If the mobile device is not present at the access device, the access device can prevent or cancel an interaction based on the data transfer (e.g., opening a locked door of a secure building in response to receiving an access credential from the mobile device).

Abstract: Computer-implemented methods and systems are provided for the detection of software presence remotely through the web browser by detecting the presence of webinjects in a web browser that visits a detection webpage. The methods can include delivering a detection webpage to a web browser, in which the detection webpage has detection code configured to detect a presence of the webinject in the detection webpage; and inspecting, by the detection code, rendering of content of the detection webpage in the browser to detect webinject content in the detection webpage by the webinject, the webinject content including one or more Hypertext Markup Language (HTML) components. The method can further include, if webinject content is detected, generating a fingerprint for each of the one or more HTML components; transmitting the one or more fingerprints to an external server; and classifying, by the external server, the webinject based on the one or more fingerprints.

Abstract: Embodiments of the present invention provide a system for establishing a secure session to authenticate DNS requests via dynamically configurable trusted network interface controllers. The system is configured for receiving a DNS request from a first device, wherein the DNS request comprises a unique authentication package, wherein the unique authentication package comprises encrypted data, in response to receiving the DNS request, initiating a handshaking protocol with the first device, establishing a handshaking session with the first device based on the encrypted data using the handshaking protocol, receiving a query associated with the DNS request, wherein the query is generated using a handshaking algorithm associated with the handshaking protocol, and performing at least one action in response to receiving the query.

Abstract: The present application relates to a method for managing and controlling a system permission, a data center, a management and control apparatus, and a storage medium. The method for managing and controlling a system permission includes: obtaining personnel change information, wherein the personnel change information includes personal information of a changed person and information about a position change mode of the changed person; obtaining a current permission interface of the changed person based on the personal information; determining, based on the permission interface, whether the changed person has an operation permission for a current object system; if the changed person has the operation permission for the current object system, determining whether the position change mode of the changed person is transfer; sending a notification message if the position change mode of the changed person is the transfer.

Abstract: Low power devices are able to utilize encryption in communication. Low power devices typically cannot send/receive large amounts of data since sending/receiving more data uses more power. Implementing a key exchange with a small encrypted payload enables secure communication between the devices. A one-way data stream is implemented. The one-way data stream is able to be encrypted.

Abstract: In certain embodiments, a physical network access token at a network access terminal may be authenticated for modification of records at a remote server system. In some embodiments, a set of records and counterpart records having the same record identifiers and resource amounts may be stored independently on a physical token or user device and the remote server system. When a connection is established between an access terminal and the physical token (e.g., for authenticating a modification of record(s)), the access terminal may transmit input data to the token, which may use the input data with the records stored on the token to generate authentication data, which may be used by the remote server to authenticate a network action requested via the token.

Abstract: Disclosed are various embodiments for managing voice-driven application. In one embodiment, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to initiate a management session between a voice application service and a management service based on receiving a first request from the voice application service. The program instructions can cause the computing device to initiate an application session between a voice-driven application and the management service based at least in part on a second request received from the voice application service. The program instructions can cause the computing device to enforce a compliance policy on a data request for the voice-driven application. The data response can be transmitted to the voice application. The voice application service can provide the data response to the client device for playback.

Abstract: A container image builder determines that a first container image is to be built. The container image builder initiates a build container from a build container image. The build container identifies a first dependency to be incorporated into the first container image. The build container accesses vulnerability data that identifies a plurality of dependencies that have one or more vulnerabilities. Based on the vulnerability data, it is determined that the first dependency is devoid of vulnerabilities. In response to determining that the first dependency is devoid of vulnerabilities, the first container image is generated to include the first dependency.

Abstract: Systems, methods, and devices configured to build and utilize an intelligent cipher transfer object are provided. The. intelligent cipher transfer object includes a set of participants protected by cloaking patterns. A portable dynamic rule set, which includes executable code for managing access to the protected set of participants, is included within the intelligent cipher transfer object. For a given user, the intelligent cipher transfer object may provide access to some of the participants while preventing access to other participants, based on the portable dynamic rule set therein.