Abstract: Disclosed herein are systems and methods executing a security server that perform various processes using alert elements containing various data fields indicating threats of fraud or attempts to penetrate an enterprise network. Using alert elements, the security server generate integrated alerts that are associated with customers of the system and assign a risk score for the integrated alerts, which the security server uses to store and sort the integrated alerts according to a priority, based on the relative risk scores. Analyst computers may query and fetch integrated alerts from an integrate alert database, and then present the integrate alerts to be addressed by an analyst according to the priority level of the respective integrated alerts. This allows to ensure that the right customer, is worked by the right analyst, at the right time, to maximize fraud prevention and minimize customer impact.

Abstract: Systems and methods for providing controlled access to a system by a user device include receiving, from a user device, a request including a current context. The method includes receiving a request for access to a computing resource, the request including a current context, the current context defining a user space and a resource space. The user device evaluates the current context against a security policy. The user device determines that the user device is permitted to access the computing resource based on the request in response to the evaluating the current context against the security policy. In response to determining that the user device is permitted to access the computing resource, accessing the computing resource as requested.

Abstract: Apparatuses, methods, systems, and program products are presented for securing data based on randomization. An apparatus includes a security component that is configured to determine, during compile time of an application, at least one random value used to determine a partition size, a set of storage locations, and an access threshold for a data element during execution of the application. An apparatus includes a partition module that is configured to partition a data element into a plurality of data segments that each have a size that is randomly determined, during execution of an application, based on at least one random value to determine the partition size. An apparatus includes a storage module that is configured to randomly determine a first set of storage locations for a plurality of data segments, during execution of an application, based on at least one random value for the set of storage locations.

Abstract: The present disclosure describes techniques for accessing user accounts and data from any computing device. It may be determined whether an account of a user exists in a cloud service in response to receiving information associated with the user from any computing device. Data associated with the account may be stored by the cloud service. There may be a plurality of types of data associated with a plurality of security levels. The plurality of security levels may correspond to different security requirements. The data associated with the account may belong to at least one of the plurality of types of data. An instance of the account may be deployed to the computing device in response to determining that the account exists in the cloud service. The instance of the account may enable the user to access services via the computing device.

Abstract: Methods and supporting systems for managing secure communications and establishing authenticated communications between processes of a computer application operating across network domains are provided. Authentication agents operate on servers hosting application processes, wherein each authentication agent has access to policies related to each of the application processes. An authentication agent operating on an originating server intercepts transmissions from an originating application processes and appends a trust profile associated with the originating application process. The transmission is released to a receiving server, where it is intercepted and validated at the receiving server by a second authentication agent on the receiving server.

Abstract: Systems, methods, apparatuses, and computer program products for providing an anti-piracy framework for Deep Neural Networks (DNN). A method may include receiving authorized raw input at a protective transform module. The method may also include receiving unauthorized raw input at a restrictive deep neural network. The method may further include processing the authorized raw input at the protective transform module to generate a processed input. In addition, the method may include feeding the processed input into the restrictive deep neural network. The method may also include generating a result based on the processed input and the unauthorized raw input. Further, the result may include a different learning performance between the authorized raw input and the unauthorized raw input.

Abstract: In an approach for bypassing security vulnerable and anomalous devices in a multi-device workflow, a processor monitors behavior and network traffic of a plurality of smart devices within a multi-smart device system. A processor identifies a first smart device of the plurality of smart devices with at least one of a security vulnerability and an anomaly. A processor identifies a multi-smart device workflow that includes the first smart device. A processor identifies a function of the first smart device within the multi-smart device workflow. A processor determines whether an alternative smart device can replace the first smart device within the multi-smart device workflow. Responsive to resolution of the at least one of the security vulnerability and the anomaly, a processor re-establishes the workflow with the first smart device.

Abstract: Methods and systems for multiple channel authentication are described. In one embodiment, a request for an interaction is initiated from within a mobile application. The request may include authentication information and contextual information relating to a current exchange between the mobile application and an organization. The user may be authenticated with the authentication information and the request may be routed to a representative based on the contextual information to continue the exchange.

Abstract: Embodiments disclosed herein describe a server, for example a security awareness server or an artificial intelligence machine learning system that establishes a risk score or vulnerable for a user of a security awareness system, or for a group of users of a security awareness system. The server may create a frequency score for a user, which predicts the frequency at which the user is to be hit with a malicious attack. The frequency score may be based on at least a job score, which may be represented by a value that is based on the type of job the user has, and a breach score that may be represented by a value that is based on the user's level of exposure to email.

Abstract: A technique of protecting data from ransomware attacks identifies a set of blocks written to a data object between first and second points in time, determines a set of attributes of the set of blocks, and, in response to the set of attributes indicating a likelihood of a ransomware attack, secures a state of the data object as of the first point in time.

Abstract: A user using a client computer registers with a server computer over a computer network by submitting a biometric scan of a body part of the user. The user commands the client computer to encrypt an electronic file. The client computer generates a private key, encrypts the electronic file and transmits the key to the server computer. The client computer saves the encrypted file. The encrypted file and the key are saved at different physical locations. The owner of the file is able to grant permission to other registered users to unlock the encrypted file.

Abstract: An anti-virus chip includes a first connection terminal, a second connection terminal, a detection unit and a processing unit. The first connection terminal and the second connection terminal are respectively coupled to a connection port and a system circuit of an electronic device. The detection unit detects whether the connection port is connected to an external device via the first connection terminal. When the detection unit detects that the connection port is connected to the external device, the processing unit performs a virus-scan program on the external device to determine whether a virus exists in the external device. When determining that a virus does not exist in the external device, the processing unit establishes a first transmission path between the first connection terminal and the second connection terminal. When determining that a virus exists in the external device, the processing unit does not establish the first transmission path.

Abstract: Aspects of the invention include systems and methods for to detecting security vulnerabilities using modeled attribute propagation. A non-limited example of a computer-implemented method includes generating a model of a device under test, the model comprising a data path similar to the device under test and an attribute network. The method further includes detecting protected data that is introduced into the model and marking the protected data with an attribute. An end point of the marked protected data is detected along the data path. In response to the end point being indicative of a vulnerability, an alert is issued.

Abstract: An entity can disseminate nonces by introducing them into various aspects of network traffic, and then listening for them, thereby detecting eavesdroppers on the Internet. A nonce may be numeric, alphanumeric, or otherwise; nonces are contextually appropriate to how they are disseminated. Preferably, a nonce is disseminated by incorporating it into some aspect of network traffic. For example, a nonce can be placed in a network identifier such as an IP address or domain name label. Correlating the circumstances under which the nonce was disseminated and under which it was observed to “propagate”, intelligence about who is eavesdropping on what portions of the Internet can be derived. Such intelligence can be put to many uses, including reporting on eavesdroppers, routing traffic around eavesdroppers, developing reputation scores, and adopting enhanced obfuscation/privacy/security techniques.

Abstract: Disclosed herein is a web-based videoconference system that allows for video avatars to navigate within the three-dimensional virtual environment. The system and methods provided include those for: (1) using zones in a three-dimensional virtual environment for limiting audio and video, (2) access control using zones, (3) access control of the three-dimensional virtual environment itself, and (4) controlling user connections in a three dimensional virtual environment.

Abstract: A method and system for automatic device provisioning includes a computer system for authenticating a user using a first device. The computer system receives a request for automatic provisioning of a second device. An authentication token and a request identifier of the request is associated with a provisioning data structure for the user. The request including the authentication token is sent to a third device. The computer system receives a unique identifier for the second device from the third device. Based on a determination that the unique identifier and the authentication token of the second device match the unique identifier and authentication token in the provisioning data structure, authenticate the second device, retrieve a configuration profile for the user, and cause application of the configuration profile to one or more settings of the second device.

Abstract: A method for preventing ransomware attacks on a computing system. By controlling the access to a calling interface through which cryptographic functions, such as the random number generator, can be accessed to generate strong encryption keys the method allows to efficiently terminate cryptographic ransomware attacks on the system before they can start doing any damage. If the access to the cryptographic functions, such as the random number generator, is not granted, the ransomware is unable to build a strong encryption key, and it is unable to deploy its intended effect.

Abstract: Techniques are disclosed to provide application extension-based authentication on a device under third party management. In various embodiments, a unique identifier associated with an authentication app is stored on the device. An app extension framework that enables a native app to request, via an app extension associated with the authentication app, access to a service with which the native app is associated is provided. The authentication app is configured to use the unique identifier to determine a security posture of the device and to grant or deny access to the service based at least in part on the security posture of the device.

Abstract: Disclosed herein are systems and method for scanning objects of a computing device, by an anti-malware, using a white list created for an organization based on data of the organization. In one aspect, an exemplary method comprises obtaining one or more objects of the organization from the computing device, and for each obtained object of the one or more objects, computing a hash value of the obtained object, determining whether the obtained object is whitelisted, and scanning the obtained object based on whether the obtained object is whitelisted, wherein the whitelist is created based on scanning of objects stored in archives of the organization, and the obtained object is determined as being whitelisted when the computed hash value of the obtained object matches a hash value of an object in a whitelist created for the organization.

Abstract: An operation for restricting an operation for an application of a mobile information terminal by a user other than an authorized user of the mobile information terminal is received. Whether or not the user is the authorized user of the mobile information terminal is authenticated. When the user is authenticated to be the authorized user, the operation for the application of the mobile information terminal is allowed. When the user is not authenticated to be the authorized user, the operation for the application of the mobile information terminal is restricted.