Abstract: Techniques for signer-initiated electronic document signing via an electronic signature service using a mobile or other client device are described. Example embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of documents and corresponding electronic signatures. In some embodiments, when a signer user receives a hard copy (e.g., paper) signature document, the signer may capture an image of the signature document with a camera of a mobile device. The signer can then import the captured image into the ESS for signature, storage, and/or transmission to other parties.

Abstract: An authentication server is connected to a client device via a network and includes: an uninterruptible power supply (UPS) that supplies power to the authentication server upon interruption of a main power supply; a storage that stores a database including: a piece of user information of a user of the client device; and a piece of authentication information for the user to log into the client device or a predetermined server on the network via the client device; and a processor that, once the UPS starts to supply the power to the authentication server, transmits to the client device the piece of authentication information corresponding to the piece of user information before the authentication server is shut down.

Abstract: A computer-implemented method of instantiating a machine learning model with a host processing system is provided. The host processing system includes a trusted execution environment (TEE) and an untrusted processing system (UPS). The method includes: preparing, with the host processing system, a compiler encoding an architecture of the machine learning model; receiving, from a client processing system, source data; and producing, with the compiler, software based on the received source data and model parameters stored on the host processing system. The software includes an untrusted software component for performance on the UPS and a trusted software component for performance on the TEE. The untrusted software component and the trusted software component are configured to, when performed in concert, instantiate the machine learning model.

Abstract: The disclosed technology is generally directed to device security in an IoT environment. For example, such technology is usable in IoT security. In one example of the technology, a set of security rules that is associated with an expected condition of at least one IoT device is stored. IoT data associated with the at least one IoT device is received. The IoT data may be aggregated data that includes at least two different types of data. A determination is made, based on the IoT data, as to whether the set of security rules has been violated. An alert is selectively sent based on the determination.

Abstract: Systems, methods, and related technologies for access control management are described. The access control management may be customized for an entity and be configured on an enforcement point closest to the entity. In certain aspects, an entity communicatively coupled to a network is selected and one or more characteristics of the entity determined. An access policy may be selected based on the one or more characteristics of the entity and one or more enforcement points closest to the entity determined. One or more access rules to be assigned to the one or more enforcement points based on the access policy may be determined and the one or more access rules assigned to or configured on the one or more enforcement points closest to the entity.

Abstract: An electronic device includes one or more sensors capturing media content from an environment of the electronic device. A location detector determines whether the environment of the electronic device is situated at a location of residence of an authorized user of the electronic device. A user interface receives user input requesting transmission of the media content to another electronic device located outside the location of residence of the authorized user of the electronic device. One or more processors preclude transmission of the media content to the other electronic device in response to the user input when the location detector determines that one or more sensors captured the media content at the location of residence of the authorized user of the electronic device.

Abstract: Aspects of the disclosure relate to identification of confidential data, in a message, and encryption of the confidential data. A computing platform may determine, based on a knowledge base, confidential data in a first message transmitted over one or more computing networks. The computing platform may encrypt the confidential data in the message. The computing platform may generate a second message based on encrypted confidential data. Further, the computing platform may update a header, corresponding to the second message, to indicate an encryption technique used for the encrypted confidential data. The computing platform may further encrypt the header of the second message, and transmit the second message.

Abstract: Various embodiments are provided for preventing disclosure of confidential data in a computing environment are provided. Data may be inspected prior to publication to a communication channels. Selected portions of the data may be extracted. The selected portions of the data may be filtered according to degree of appropriateness defined in one or more publishing policies or rules prior to sending the filtered data to the communication channel.

Abstract: The technology described herein helps improve email security within a multi-tenant email service. In particular, the technology described herein helps make it more difficult for a first tenant of the email service to impersonate a second tenant of the email service by validating the sending domain before the email leaves the multi-tenant email service. In particular, the technology runs a sending-side source validation on an email. If the source validation fails, the email is still sent, but using a source IP address that will cause the email to fail a receiving-side email authentication tests, such as the sender policy framework (SPF) email authentication test. In contrast, if the source validation passes, the email is sent using a source IP address that will cause the email to pass the receiving-side email authentication tests.

Abstract: Systems and methods implemented by an application executed on a user device for service discovery and connectivity include, responsive to joining a new network, performing a Dynamic Host Configuration Protocol (DHCP) operation to obtain network configuration parameters; receiving a DHCP message in response with the network configuration parameters; via an application executed on the user device for service discovery and connectivity analyzing data in the DHCP message to determine one or more forwarding profiles on the new network, wherein the one or more forwarding profiles are based on a location or trust of the new network; and automatically installing the determined one or more forwarding profiles.

Abstract: Techniques are disclosed relating to detecting data leaks using targeted scanning. For example, in various embodiments, a scanner module may monitor communications between a user device and a server system, where the user device requests access to a resource provided via the server system. The scanner module may perform various data loss prevention operations to detect the leaking of sensitive data associated with an organization. For example, the scanner module may perform an initial scan of the resource to capture an initial version of the resource at an establishment of a connection between the user device and the server system. The scanner module may perform a subsequent scan that captures a subsequent version of the resource. Based on the initial and subsequent versions of the resource, the scanner module may determine whether any data loss prevention rules have been violated and, if so, initiate one or more corrective actions.

Abstract: Disclosed herein includes a system, a method, and a device for preventing replay attacks in a cluster. A first node in the cluster having a plurality of nodes can receive an indication of a node event. The first node can access a first sequence number from a storage corresponding to a previous communication between the plurality of nodes. The first node can adjust the first sequence number by a delta indicative of an average number of communications between the plurality of nodes in the cluster in a determined time period to generate a second sequence number. The first node can transmit a packet including the second sequence number to the plurality of nodes in the cluster. The second sequence number can be used by the plurality of nodes to reset a starting sequence number for communications between the plurality of nodes to prevent replay attacks in the cluster.

Abstract: Work support system and method with device sharing and development system for multi-platform application disclosed. The work support system with device sharing may include a user terminal in which a service application is installed and executed, a device configured for executing a predetermined operation according to a control command, a device terminal directly connected to the device, and a device sharing server configured for enabling the user terminal to use the device by communicating with the user terminal and the device terminal, managing information of the device that is sharable, and allowing a sharing of the device under a predetermined condition in response to a request from the user terminal.

Abstract: Systems and methods for deriving confidence scores based on device sharing are disclosed. In embodiments, a method includes receiving, by a computing device, sharing event data from a remote computing device in a comparative confidence environment, the sharing event data including usage data regarding the sharing of an electronic device between a first participant and a second participant obtained by the remote computing device during a sharing event; calculating, by the computing device, a comparative confidence score for the first participant and the second participant based on the sharing event data; and enabling, by the computing device, the first participant to gain access to a resource of the second participant based on the comparative confidence score.

Abstract: An electronic device comprises one or more sensors capturing media content while the electronic device is situated at a media content capture location. A user interface receives user input requesting transmission of the media content to another electronic device situated at another electronic device location. One or more processors determine whether the media content capture location and the another electronic device location are substantially different locations, and at least temporarily preclude, in response to the user input, the transmission of the media content to the other electronic device when the media content capture location and the another electronic device location are substantially different locations.

Abstract: A system for authenticating a user associated with a plurality of user devices using a plurality of types of authentication information. The system includes an electronic computing device including an electronic processor. The electronic processor is configured to receive, from a user device, a request to access sensitive information and send, to the user device, a request for a first accuracy measurement for a first type of authentication information. When first accuracy measurement is below a predetermined threshold, the electronic processor sends to the user device a request for a second accuracy measurement for a second type of authentication information. When the second accuracy measurement is above or equal to the predetermined threshold, the electronic processor authenticates the user and lowers the predetermined threshold for each user device associated with a user profile, records an anomaly associated with the first type of the authentication information, or both.

Abstract: Methods and apparatuses for automatic determination of a content security policy for a network resource are described. A proxy server receives from a first authenticated client device a first request for a first network resource, retrieves the first network resource and transmits a first response to the first client device that includes a content tracker that causes the client device to report information on additional network resources identified when the first client device interprets the first network resource. A content security policy is determined based on the reported information. The proxy server receives, from a second client device, a second request for the first network resource. The proxy server transmits, to the second client device, a second response that includes the content security policy that is determined based on the information on the additional network resources.

Abstract: A method and system for controlling distribution of information items of a subject is proposed. The method and system comprises verifying compliance of a combination of new information items (to be received by a target computing system) and available information items (already available to the target computing system) with one or more sharing rules; a receipt of the new information items by the target computing system is controlled according to a result of this verification.

Abstract: A system and method for providing access to data of a first party including receiving information for identifying the first party, authenticating the first party using the received information for identifying the first party and generating a first read-only personal identification number (PIN). The first read-only PIN is associated with a first set of access rights for the data of the first party and provided to a second party. The first read-only PIN is stored with the first set of access rights in a computer database. A third party receives the first read-only PIN from the second party, authenticates the received first read-only PIN using the stored first read-only PIN and provides the second party with access to at least a portion of the data of the first party using the first set of access rights associated with the first read-only PIN if the received first read-only PIN is authenticated.

Abstract: Storing and executing an application in a personal storage with a user-granted permission in a decentralized network that implements a distributed edger. First, receiving a request from an entity for storing an application in a data storage that is associated with a DID owner. The application is configured to use data stored in the data storage as one or more inputs to generate one or more results. Next, one or more characteristics of the application associated with the entity is identified. Based on identified one or more characteristics, a write permission is to be granted to the entity, and the application is stored in the data storage. Thereafter, the application stored in the data storage is executed using data stored in the data storage.