Abstract: Methods, media, and systems for a changing a private channel in a channel-based communication system from an “invited-members” mode to a “whitelisted groups” mode. When in a whitelisted-groups mode, the channel administrator can whitelist one or more groups for channel membership. The whitelisted groups may be external groups managed by an identity provider. Based on the whitelisted groups, users cannot be added to the private channel without being a member of one of the whitelisted groups. Users are also automatically removed from the channel if they are no longer in one of the whitelisted groups for any reason.

Abstract: A method and system for provisioning a first computing device and authenticating the provisioned first computing device are disclosed, comprising sending a request to prepare the first computing device, including providing a request identifier and an authentication token to be stored on the provisioned first computing device, receiving a unique identifier of the provisioned first computing device, storing the request identifier, the authentication token, and the received unique identifier in a provisioning data structure, and authenticating the provisioned first computing device on the network based on a determination that a unique identifier and the authentication token stored on the provisioned first computing device requesting authentication match both the authentication token and the received unique identifier of the provisioned first computing device in the provisioning data structure.

Abstract: Systems, methods, and vehicles for verifying integrity of automotive software. In one implementation, an electronic processor is configured to receive a power-up signal and randomly select one of a plurality of fingerprints. The electronic processor is also configured to retrieve a set of data stored in the memory cells of the selected fingerprint. The electronic processor is further configured to calculate a pre-boot verification value for the selected fingerprint using a one-way cryptographic function with a secret key and the retrieved set of data. The electronic processor is also configured to compare the pre-boot verification value to a reference verification value for the selected fingerprint. The electronic processor is further configured to release a security halt on the software image when the pre-boot verification value matches the reference verification value for the selected fingerprint.

Abstract: A system for automatic authentication of service requests includes authentication of a remote access device. This authentication may be accomplished automatically prior to text or audio communication between a customer and a service agent. In some embodiments, authentication is accomplished automatically by authentication of the remote access device or accomplished by asking the customer questions. A single authentication of the remote access device may be used to authenticate a service request transferred between service agents. The authentication of the remote device may include, for example, use of a personal identification number, a fingerprint, a photograph, and/or a hardware identifier.

Abstract: Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a trusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable passive scanning of a network. Through the disclosed techniques, methods and/or apparatuses, endpoint passive scanners are deployed at endpoints of the network to provide more comprehensive view of assets and asset information of the network. Also, this can enable better correlation of network data to location, and also enable improved vulnerability analysis for endpoint products.

Abstract: Data is received that characterizes artefacts associated with each of a plurality of layers of a first machine learning model. Fingerprints are then generated for each of the artefacts in the layers of the first machine learning model. These generated fingerprints collectively form a model indicator for the first machine learning model. It is then determined whether the first machine learning model is derived from another machine learning model by performing a similarity analysis between the model indicator for the first machine learning model and model indicators generated for each of a plurality of reference machine learning models each comprising a respective set of fingerprints. Data characterizing the determination can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: The present disclosure generally relates to systems and methods that intelligently generate reassignment value conditions for reassigning access rights. The systems and methods include executing a trained contextual machine-learning model to generate predictions of value components of the reassignment value condition, which once satisfied, enables an access-right requestor to have an assigned access right reassigned to the access-right requestor.

Abstract: In an embodiment, a computer-implemented method for providing dynamic mechanisms for resource-path-based, dynamic group membership support for local and external membership groups is described. A method comprises: detecting, by a group resolver implemented in a management and control plane, that information about an object stored in the plane was created or updated; determining whether a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group; in response to determining that a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group: distributing the information about the object to network agents implemented in transport nodes to cause the network agents to automatically update a group membership policy associated with the membership group; and wherein the group membership policy affects packet forwarding behavior of a forwarding node.

Abstract: The present disclosure relates generally to security solutions. More specifically, techniques (e.g., systems, methods, and devices) are provided to implement an incentivized-based intrusion detection system to detect malicious acts against an asset. The incentive may lure or facilitate the actor to provide information detecting malicious actions against an asset.

Abstract: Methods, systems, and apparatuses are described herein for improving the accuracy of authentication questions using transaction limitations provided by users. A request for access to an account associated with a user may be received from a user device. An account restrictions database may be queried to determine one or more transaction rules associated with the account. The one or more transaction rules may have been created by the user and indicate limitations on financial transactions that may be performed via the account. An authentication question may be generated that is associated with a violation of the one or more transaction rules. The authentication question may be provided to the user device, and a response to the authentication question may be received. Access to the account may be provided to the user device based on the response.

Abstract: Systems and methods for providing least privilege access to a resource within a secured server are disclosed. The systems and method can include receiving an access request from a client requesting access to the resource, the access request comprising a role or policy associated with the client and one or more actions associated with the resource. A rules engine can be initialized, the engine defining one or more rules usable by the system to determine whether the access request complies with a least privilege policy. The systems and method can analyze the role or policy and the access request with the rules engine to determine whether the access request complies with the least privilege policy. When the access request complies with the rules, access to the resource can be granted; when the access request does not comply with the rules, access to the resource can be denied.

Abstract: A communication device may receive from a server authentication information, and may register the authentication information in a memory. The communication device may send first location information in the communication device to the server. The communication device may register a first password in the memory in a case where the authentication information is received from the server and a registration request is received from the terminal device. The communication device may send the authentication information and second location information in the communication device to the server in a case where a first change instruction is obtained after the authentication information and the first password have been registered in the memory. The communication device may change the first password in the memory to a second password in a case where a change request is received from the terminal device.

Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.

Abstract: The systems and methods disclosed herein comprise computer-based platforms configured for automated early-stage application security monitoring for allowing users (e.g., application developers) to make decisions at the early stage of the application development.

Abstract: A client request message is received at a policy enforcement system from a client-side application intended for a server-side application. The client request message is forwarded to a server-side application. An application response message from the server-side application is intercepted at the policy enforcement system in response to the client request message, resulting in an intercepted application response message. The intercepted application response message is analyzed in view of context information and a network policy. Code to inject into the intercepted application response message is determined based on the analyzing. The code has instructions for eliminating accumulation of stale computing sessions. The code is injected into the intercepted application response message, resulting in a modified message. The modified message is forwarded to the client-side application for automatically executing the instructions on the client-side application.

Abstract: The present disclosure prevents the leakage of user data by preserving user data working not in an electronic computing machine. A part of a storage area of a main memory of a user terminal is used as a RAM disk. User data working is encrypted and stored in the RAM disk. The user data stored in the RAM disk is sent to a network storage, the RAM disk and the network storage are synchronized. Since the user data is controlled by using a driverware technology inside the electronic computing machine, and sent to the network, therefore the security is ensured.

Abstract: Example embodiments of systems and methods for data transmission between a contactless card, a client device, and one or more servers are provided. The contactless card may include one or more processors and memory, which may include one or more applets. The client device may include one or more processors and memory. The client device may be in data communication with the contactless card. One or more servers may be in data communication with the client device. A first set of information may be transmitted from the contactless card to the client device. The first set of information may include one or more links to activate the contactless card via a designated email program. Upon validation of the first set of information by the one or more servers, the contactless card may be activated.

Abstract: Methods, computer-readable media, software, and apparatuses may assist a user in automatically updating their personal information across a plurality of entities which have previously stored the user's personal information.

Abstract: The present disclosure describes systems and methods for hardware-assisted malware detection. One such system comprises a memory; and a hardware processor of a computing device operatively coupled to the memory. The hardware processor is configured to execute a software application suspected of being malware; monitor behavior of the software application at run-time; and acquire an input time sequence of data records based on a trace analysis of the software application, wherein the input time sequence comprises a plurality of features of the software application. The hardware processor is further configured to classify the software application as being a malicious software application based on the plurality of features of the software application; and output a ranking of a subset plurality of features by their respective contributions towards the classification of the software application as being malicious software.