Abstract: A computing device is described that selectively displays or suppresses personalized information on a lock screen based on the results of a biometric user authentication process. In embodiments, a measure of confidence that a user of the computing device is an authorized user is determined based on biometric data collected by one or more biometric sensors. If it is determined that the measure of confidence satisfies a criterion, then personal information associated with the user is selectively rendered to the lock screen while the computing device is in the locked state. If it determined that the measure of confidence does not satisfy the criterion, then such personal information may be suppressed from the lock screen. The application of the foregoing technique to selectively provide or deny access to certain functionality of the computing device via the lock screen is also described.

Abstract: An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.

Abstract: A Domain Name System (“DNS”) package and a method for providing domain name resolution services in a partitioned network are disclosed. The system may include one or more built-in root name servers; one or more built-in top level domain (“TLD”) name servers; and a recursive name server. The recursive name server may be configured to query the one or more built-in root name servers during domain name resolution. Moreover, the one or more built-in root name servers may be configured to provide a network address corresponding to one of the built-in TLD name servers in response to a domain name resolution query sent by the recursive name server.

Abstract: A method and apparatus for identifying a risky user and a server. The method includes: extracting historical published information of users indicated by preset user identifiers; for each user indicated by each of the user identifiers, performing the following steps of identifying a risky user: extracting a feature vector from the historical published information of the user, and inputting the extracted feature vector to a pre-trained information identifying model to obtain an information identifying result corresponding to the historical published information of the user, the information identifying model being used to characterize a corresponding relation between the feature vector and the information identifying result; and determining the user as a risky user, in response to the information identifying result corresponding to the historical published information of the user indicating the historical published information of the user as risk information.

Abstract: Systems and methods for automatic content remediation notification are disclosed herein. The system can include memory that can contain a content library database. The system can include a first user device and one or more servers. The one or more servers can: receive a content aggregation creation request from the first user device; identify content information associated with a set of the plurality of data packets; apply a filter request to the set of the plurality of data packets; automatically provide information relating to data packets in the restricted set of data packets to the first user device; receive content aggregate information identifying a content aggregate from the first user device; evaluate the content aggregate according to the metadata associated with the data packets of the content aggregate; and output an indicator of the evaluation result to the first user device.

Abstract: Systems and methods are described for performing blockchain validation of user identity and authority. In various aspects one or more processors receive a first blockchain ID and a second blockchain ID, where each of the first blockchain ID and the second blockchain ID is associated with a user and is further associated with a first and second blockchain, respectively. A plurality of blockchain transactions may be aggregated where the plurality of blockchain transactions includes at least a first blockchain transaction associated with the first blockchain and a second blockchain transaction associated with the second blockchain. A first validation event providing a first indication of validity for the user may be identified based on the first blockchain transaction or the second blockchain transaction.

Abstract: Techniques are disclosed relating to authenticating a user based on a partial password. In one embodiment, a computer system stores masking criteria defining how a mask is to be applied to generated passwords. In some embodiments, the computer system receives a request from a user to generate a one-time password. In response to the request, in some embodiments, the computer system generates the one-time password having a sequence of characters, applies the mask to the generated one-time password to select a subset of the sequence of characters usable to authenticate the user, and presents the selected subset of characters to the user as a partial password for authentication.

Abstract: A method, computer system, and a computer program product for restricting and anonymizing a graphical user interface for a remote access session is provided. The present invention may include receiving a remote access request, from a third party, to fix a problem associated with a client computer. The present invention may also include determining the problem associated with the client computer utilizing a cognitive processing system. The present invention may then include determining a plurality of appropriate permissions for the graphical user interface of the client computer for fixing the determined problem utilizing the cognitive processing system. The present invention may further include presenting the determined problem and the determined plurality of appropriate permissions to a user. The present invention may also include receiving a user confirmation, wherein the user confirmation indicates the user agrees with the determined problem.

Abstract: Provided herein are methods and systems for multi-person authentication and validation systems for sharing of images. The multi-person authentication and validation system may identify the respective representations of one or more individuals captured in an image, and request authorization for sharing the image from the one or more individuals captured in the image. In some instances, the multi-person authentication and validation system may provide a different image version for sharing if at least one of the one or more individuals denies authorization.

Abstract: Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for end-to-end encryption during a secure communication session. According to the present disclosure, a first device receives an invitation to a secure communication session. The invitation includes a token, which the first device transmits to the call initiating device. Next, the first device performs a three-way handshake with the call initiating device to negotiate a first encryption key and a second encryption key for the secure communication session. The first device encrypts first communication data using the first encryption key and transmits the encrypted first communication data to the call initiating device.

Abstract: The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser at which time device fingerprints and Session ID information are collected. By collecting device fingerprints and session information at several locations among the pages delivered by the server throughout an online session, and not only one time or at log-in, a comparison between the fingerprints in association with a Session ID can identify the likelihood of session tampering and man-in-the middle attacks.

Abstract: Techniques for discovery and management of applications in a computing environment of an organization are disclosed. A security management system discovers use of applications within a computing environment to manage access to applications for minimizing security threats and risks in a computing environment of the organization. The security management system can obtain network data about network traffic to identify unique applications. The security management system can perform analysis and correlation, including use of one or more data sources, to determine information about an application. The system can compute a measure of security for an application (“an application risk score”) and a user (“a user risk score”). The score may be analyzed to determine a threat of security posed by the application based on use of the application. The security system can perform one or more instructions to configure access permitted by an application, whether access is denied or restricted.

Abstract: Systems and methods for enforcing label-based mandatory access control are provided. A first label may be assigned to a resource. An event associated with a resource may be detected. The resource may be relabeled, in response to detection of the event, from a first label to a second label in accordance with a transition rule. The transition rule may be included in a security policy. The transition rule may indicate that the resource is to be relabeled to the second label if the event is detected. Access to the resource may be controlled according to an access rule in the security policy. The access rule may be applicable to the resource based on the access rule identifying the second label assigned to the resource.

Abstract: Disclosed are various approaches for validating public keys pinned to services or servers on private networks. A client device can request a first certificate from a trust service. The client device can then validate that the first certificate from the trust service is signed by a preinstalled certificate stored on the client device. Subsequently, the client device can receive a uniform resource locator identifying a network location of an secure sockets layer (SSL) pinning service, wherein the SSL pinning service is configured to provide a hash value for a first public key issued to a computing device. Finally, the client device can receive a second public key from the trust service, wherein the second public key is configured to encrypt network traffic sent to the SSL pinning service.

Abstract: Computing resource service providers may operate a plurality of computing resources in a distributed computing environment. In addition, the computing resource server providers may provide customers with access to applications and/or services. The applications and/or services may include sensitive data. Sensitive data in the distributed computing environment may be tracked by analyzing source code associated with the applications and/or services. Analysis of the source code may include detecting operations associated with databases and generating schemas associated with the databases based at least in part on attributes included in the source code. Sensitive data may be detected based at least in part on the schemas generated by analyzing the source code.

Abstract: A method and apparatus of a device for security management by sandboxing third-party components is described. The device can determine whether a third-party component supports network access. If the third-party component supports network access, the device can request a user input regarding whether to restrict the network access of the component. The device can receive a user input to restrict network access of the third-party component. Upon receiving the user input to restrict network access, the device can construct a sandbox for the third-party component to restrict network access of the component and prevent the component from performing data exfiltration. Other embodiments are also described and claimed.

Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.

Abstract: Endpoints in a network environment include remote file systems mounted thereto that reference a file system generator that responds to file system commands with deception data. Requests to list the contents of a directory are intercepted, such as while a response is passed up through an IO stack. The response is modified to include references to deception files and directories that do not actually exist on the system hosting the file system generator. The number of the deception files and directories may be randomly selected. Requests to read deception files are answered by generating a file having a file type corresponding to the deception file. Deception files may be written back to the system by an attacker and then deleted.

Abstract: Methods, systems, and devices for facilitating joint submissions. In an example embodiment, a system may facilitate a joint submission from multiple devices. For example, a primary device may receive data for a joint submission with a peripheral device, and the data may be segmented into sensitive and non-sensitive data.