Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

Abstract: Secure user authentication using a OTP involve pre-storing an application on a first device for generating a valid OTP for the user responsive to receiving entry of a valid PIN, no part of the valid PIN is stored on the first device and pre-storing on a back-end server the valid PIN and a valid shared secret for the user. Upon receiving entry of a purported PIN, a purported shared secret is dynamically synthesized on the first device by the application based on the purported PIN and a purported OTP is generated on the first device. When entry of the purported OTP is received by the server in an attempt to log on the server from a second device, the server cryptographically calculates a window of OTPs, and logs on to the server from the second device is allowed if the calculated window of OTPs corresponds to the received OTP.

Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: A method including configuring a security device to store, in a database, a trusted fingerprint determined based at least in part on encrypting trusted connection information included in a trusted transmission packet received from a trusted source application; configuring the security device to determine a current fingerprint based at least in part on encrypting current connection information included in a current transmission packet received from a current source application; configuring the security device to compare the current fingerprint with the trusted fingerprint; and configuring the security device to process the current transmission packet based at least in part on a result of comparing the current fingerprint with the trusted fingerprint. Various other aspects are contemplated.

Abstract: In an embodiment, an operating system includes a device manager that is a central repository of device information. Device drivers may communicate with the device manager over respective channels, and may request channel identifiers (Cids) to communicate with resources related to the respective devices. The device manager may provide values for resource access (or handles that the resources may use to access values). In an embodiment, the device drivers do not have the ability to allocate resources for a peripheral device. Accordingly, the security of the system may be increased. Furthermore, the resource allocation may be centrally located, simplifying the process of updating resource allocation when needed. Additionally, the device manager may delay response to requests from a given device driver until its dependencies are clear (e.g., other device drivers and hardware initializations). Thus, startup scripts may be avoided in some embodiments.

Abstract: Systems and Computer Readable Media for enabling methods for multi-party authorization including a security component determining that a request for the performance of an action on a computing device is from a first party. The security component initiates transmissions to the computing device of first and second information indicating knowledge of first and second secrets provisioned on the computing device. The computing device, upon verifying the knowledge of first and second secrets, then permits the requested action.

Abstract: A system for suspending a computing device suspected of being infected by a malicious code is configured to receive a signal to initiate a suspension procedure of the computing device. The system captures states of instructions that are being executed by a processor of the computing device, where the instructions comprise the malicious code. The system prioritizes the operation of a kill switch button over the instructions being executed by the processor. The system sends notification signals to servers managing a user account associated with a user currently logged in at the computing device, indicating that the computing device is suspected of having been infected by the malicious code. In response to sending the notification signals to the servers, the user account is suspended. The system terminates network connections of the computing device such that the computing device is disconnected from other devices.

Abstract: A method implemented in a content management system (CMS) is provided, for providing integration between APPS configured for use with an editor application of the CMS, including: installing a first APP and a second APP in a content project of the CMS, wherein installing the first and second APPs enables functionalities of the first and second APPs to be accessed for the content project through the editor application, wherein the editor application provides an interface for editing the content project; receiving from the first APP a request to invoke an action by the second APP; responsive to receiving the request, then validating contents of the request; responsive to successful validation of the request, then sending an acknowledgement to the first APP, and generating a call to the second APP to invoke the action by the second APP.

Abstract: Systems and methods for dynamically restricting rendering of unauthorized content included in information resources are provided herein. A computing device can identify an information resource including a content object specifying one or more graphical characteristics. The computing device can determine that the content object corresponds to a restricted content object by applying at least one of an action-based detection policy to detect actions performed on the information resource or a visual-based detection policy to detect the graphical characteristics of the content object. The computing device can modify by applying a content rendering restriction policy the information resource to alter rendering of the content element on the information resource responsive to the determination.

Abstract: Security systems for microelectronic devices physically lock the hardware itself and serve as a first line of defense by preventing overwriting, modification, manipulation or erasure of data stored in a device's memory. Implementations of the security systems can respond to lock/unlock commands that do not require signal or software interactivity with the functionality of the protected device, and which therefore may be consistent across devices.

Abstract: Methods, apparatuses, or computer program products are disclosed providing for the dynamic data classification of data objects. Examples enable prediction of candidate data classification labels for data objects associated with one or more applications, services, or computing devices. Examples enable the assignment of one or more data classification labels to a data object for transmission to one or more computing devices. Examples enable the interactive and progressive application of machine learning techniques to data classification systems to assign data classification labels with probable certainty. Examples enable the tracking, monitoring, storage, sorting, and retrieval of labeled data objects. Examples provide for access control configuration of services to restrict or allow access to data objects based on data classifications and other service parameters.

Abstract: A process includes, in a computer system, acquiring a first measurement that corresponds to a software container. Acquiring the measurement includes a hardware processor of the computer system measuring a given layer of a plurality of layers of layered file system structure corresponding to the software container. The given layer includes a plurality of files, and the first measurement includes a measurement of the plurality of files. The process includes storing the first measurement in a secure memory of the computer system. A content of the secure memory is used to verify an integrity of the software container.

Abstract: A method for managing an application permission and an electronic device includes an electronic device that displays a home screen, where the home screen includes an icon of a first application. In response to a first operation from the user on the icon, the electronic device displays a first interface, and when displaying the first interface, the electronic device allows the first application to use a first application permission. In response to a second operation of the user on the first interface, the electronic device displays a second interface, and when displaying the second interface, the electronic device rejects the first application to use the first application permission.

Abstract: A method and/or system for processing an application for launch to determine whether it might be legitimate or non-legitimate, and if non-legitimate taking security action.

Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station.

Abstract: Systems and methods include receiving a trained machine learning model that has been processed with training information removed therefrom, wherein the training information is utilized in training of the trained machine learning model; monitoring traffic, inline at the node, including processing the traffic with the trained machine learning model; obtaining a verdict on the traffic based on the trained machine learning model; and performing an action on the traffic based on the verdict.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: receiving, from a first application, a request to obtain first account data for a user account associated with a protected data resource; generating fake data for at least a portion of the requested first account data; providing, to the first application, a first data set in response to the request, the first data set including at least the generated fake data; monitoring use of the first data set by the first application; detecting a trigger condition indicating misuse of account data based on monitoring use of the first data set by the first application; in response to detecting the trigger condition, generating a notification identifying the misuse of account data; and transmitting the notification to a computing device associated with an application user.

Abstract: Systems and methods for protected verification of user information are provided. Multiple computing systems may transmit or receive communications from one or more other computing systems as part of the protected user information verification. For example, a user may utilize a verification service to independently verify the user's information to third-party systems without the verification service actually storing, receiving, accessing, or otherwise coming into contact with the user-specific information that it is verifying. In this way, the system can protect a user's personal information while streamlining the user's verification with one or more third parties.

Abstract: A system and method for utilizing permissioned data is disclosed. A user may grant permission to share certain data over a platform. A third party may seek targeted attributes and match the targeted attributes with the shared attributes of a user. A user may agree to accept communications directly from the third party.