Abstract: Security techniques for device assisted services are provided. In some embodiments, secure service measurement and/or control execution partition is provided. In some embodiments, implementing a service profile executed at least in part in a secure execution environment of a processor of a communications device for assisting control of the communications device use of a service on a wireless network, in which the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network; monitoring use of the service based on the service profile; and verifying the use of the service based on the monitored use of the service.

Abstract: A detection device that detects unauthorized communication in an on-vehicle network mounted on a vehicle includes: a monitoring unit that monitors first information that indicates a state or control related to the vehicle and that is transmitted in the on-vehicle network; a prediction unit that predicts an occurrence of second information in the on-vehicle network that indicates the state or control related to the vehicle based on the first information monitored by the monitoring unit; and a determination unit that determines, in a case where the second information is transmitted in the on-vehicle network, whether or not the transmitted second information is unauthorized, based on a result of prediction performed by the prediction unit.

Abstract: Embodiments disclosed herein are related to the deauthorization of a private key associated with a decentralized identifier. While a user of a computing system is authenticated as a decentralized identifier, the system detects user input, and determines based on that user input that the private key associated with the decentralized identity is to be revoked. In response to this determination, the private key is deauthorized so that the private key cannot be used to perform actions for the decentralized identity at least until the private key is restored.

Abstract: A computer-implemented method, system and computer program product for utilizing multi-factor authentication to authenticate an Internet of Things (IoT) device. The identity credentials of neighboring IoT device(s) are obtained by the IoT device to be authenticated. Upon providing a request to the authentication system to prove its identity, the IoT device provides the authentication system a first factor credential, such as a username and password. The authentication system, upon confirming the accuracy of the first factor credential, challenges the IoT device to provide the second factor credential. After receiving the challenge from the authentication system to provide the second factor credential, the IoT device returns the second factor credential that was generated based on the obtained identity credentials from the neighboring IoT device(s).

Abstract: The disclosed computer-implemented method for detecting malicious in-application transactions may include identifying an application running on a computing device, wherein the application is granted access to a payment system, monitoring data between the application and the payment system, determining at least one characteristic associated with the application, determining the at least one characteristic is associated with a malicious transaction on the payment system, and performing at least one action to prevent the malicious transaction. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems for performing exchange of data with third-party applications are described. The method includes receiving a request for performing document related operation on document using a third-party application. The method includes converting third-party application into containerized application using containerization mechanism. The method includes allocating virtual secured space to containerized application. The method includes encrypting document using public key of containerized application. The method includes providing encrypted document to containerized application that implements limitations on encrypted document. The method includes facilitating performance of document related operation on encrypted document to create updated document. The encrypted document is decrypted using private key of containerized application before performing document related operation on encrypted document.

Abstract: If authentication information used for communication has not been determined in a case where authentication is required in communication with a network device, a communication unit of a management system attempts the authentication processing with the network device by using information for one piece each in order from among shared authentication information that has been managed. If the authentication has succeeded, a storage unit stores the authentication information used in the authentication in association with the network device. If the authentication information to be used for the communication has been stored in a case where the authentication is required in communication with the network device, the communication unit performs communication using the stored authentication information without performing an attempt.

Abstract: Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.

Abstract: Methods and systems are provided for preventing unauthorized communication with an end device on a network, the system comprising an external device and a communication device.

Abstract: A database management system stores an entry in a journal. The journal, upon storage of the entry, comprising a hierarchy of nodes. A node in the hierarchy comprises a hash value computed by application of a symmetric hash operator to hash values of first and second child nodes. The symmetric hash operator generates equivalent output irrespective of the order of the operands. A cryptographic proof of the entry comprises successive application of the symmetric hash operator to a list of hashes from the hierarchy.

Abstract: The technology disclosed describes a computer-implemented method. The computer-implemented method includes disambiguating a bypassed login event that caused a client to access a cloud application but bypassed a network security system configured to intermediate traffic between the client and the cloud application. The network security system receives from the client an incoming request to access a resource on the cloud application over an application session. The bypassed login event preceded the incoming request. The network security system analyzes the incoming request and detects absence of instance metadata required to determine whether the bypassed login event emanated from a controlled account or an uncontrolled account. The network security system holds the incoming request, generates a synthetic request, and injects the synthetic request into the application session and transmits the synthetic request to the cloud application.

Abstract: Embodiments disclosed herein are related to making a determination that a wearable device that is configured to host or access a DID management module is in contact with the skin of a DID owner. A determination is then made that the DID owner is authorized to use a DID that is associated with the DID management module. Finally, one or more DID-related functions are performed using the DID that is associated with the DID management module by communicating with a second computing system that is associated with a second DID. The wearable device allows the one or more DID-related functions to be performed in a portable and secure manner.

Abstract: An apparatus is provided which comprises: a phase detector to receive a reference clock and a feedback clock; and one or more switchable heat elements controllable by an output of the phase detector, wherein the one or more switchable heat elements are coupled to a physically unclonable function circuit.

Abstract: A disclosed apparatus includes a connection detector to detect a communication as including a request to connect to a device at a data link layer of an Open Systems Interconnection model; a threat monitor to determine whether the communication is a threat; and a threat manager to, when the threat monitor determines the communication is a threat, at least one of generate a notification to prompt a user about the threat or block the communication.

Abstract: Embodiments herein describe providing a certificate signed by a local CA to an unauthenticated server rather than obtaining a certificated signed by a third-party CA. A server that already has a certificate that was signed by a third-party CA may want to establish secure connection with an unauthenticated server which does not have a signed certificate. The unauthenticated server needs a certificate signed by a CA trusted by the server that already has a signed certificate (referred to herein as the authenticated server). To do so, the unauthenticated server sends login credentials to the authenticated server so that this server knows it can trust the unauthenticated server. In turn, the authenticated server can send its signed certificate to the unauthenticated server so it can verify the authenticated server. Once verified, the authenticated server generates a signed certificate for the unauthenticated server using a local CA.

Abstract: Natural language contractual geographic resource restrictions (CGRR) are converted by computer into a set of machine logic based rule(s), and then the set of machine logic based rule(s) is used to control access to a set of computing resources in accordance with the CGRR in the operative contract. In some embodiments, the CGRR restrict access based on the geography of the prospective user, or customer, of the computing resources.

Abstract: An account management system receives, from a user computing device, a request for a virtual access card and a user account identifier associated with an account hub system account. The system receives, from the account hub computing system, account hub system account metadata associated with the user account hub system account. The system transmits, to the account hub computing system, a request for an access card identifier and a virtual access payload. The system receives, from the account hub computing system, the access card identifier and the virtual access payload. The system provides, to the user computing device, the access card identifier and the virtual access payload, the user computing device communicating the access card identifier and the virtual access payload to a reader computing device via a wireless communication channel.

Abstract: Some embodiments provide a method for providing insight into applicability of policies that authorize access to at least one service through application programming interface (API) calls by multiple users. The method receives at least one authorization policy that defines access to the service by the users, where the policy includes two or more access rules. The method identifies a subset of unnecessary access rules in the received policy, based on a set of contextual data that is associated with the users, and filters the received policy by removing the identified subset of unnecessary access rules. The method receives a query regarding access to the service from a particular set of one or more users, and uses the filtered policy to provide a response to the query that describes access to the service for the particular user set.

Abstract: The presented application is a method for enabling verifiable trust in collaborative data sharing environments. The architecture supports the human-in-the-loop paradigm by establishing trust between participants, including human researchers and AI systems, by making all data transformations transparent and verifiable by all participants.

Abstract: In one embodiment, a traffic analysis service obtains telemetry data regarding encrypted traffic associated with a particular device in the network, wherein the telemetry data comprises Transport Layer Security (TLS) features of the traffic. The service determines, based on the TLS features from the obtained telemetry data, a set of one or more TLS fingerprints for the traffic associated with the particular device. The service calculates a measure of similarity between the set of one or more TLS fingerprints for the traffic associated with the particular device and a set of one or more TLS fingerprints of traffic associated with a second device. The service determines, based on the measure of similarity, that the particular device and the second device were operated by the same user.