Abstract: Techniques for controlling the performance of remote operations on computing devices within a video processing environment are described. One embodiment determines to perform a remote operation on a remote device in a media processing environment and determines a signal chain within the media processing environment that includes the remote device. An operational status of the signal chain is determined, based on a media processing schedule for the signal chain. Upon determining that the operational status indicates that the remote device is available for performance of the remote operation, embodiments initiate the performance of the remote operation on the remote device.

Abstract: Techniques for selectively initiating security scanning operations on remote devices are described. Embodiments determine to perform a security scanning operation on a remote device in a media processing environment. A signal chain within the media processing environment that includes the remote device is determined. Embodiments determine an operational status of the signal chain, based on a media processing schedule for the signal chain. Upon determining that the operational status indicates that the remote device is available for performance of the security scanning operation, performance of the security scanning operation on the remote device is initiated.

Abstract: Systems and methods for detecting attacks using a handshake request are provided. A plurality of devices can receive a plurality of handshake requests to establish TLS connections that include a respective application request. At least one of the plurality of handshake requests can include a first application request. The plurality of devices can record each of the respective application requests to a registry of application requests. A first device of the plurality of devices can receive a subsequent handshake request to establish a subsequent TLS connection that includes the first application request. The first device can query, prior to accepting the first application request, the registry for the first application request. The first device can determine whether to accept or reject the first application request responsive to identifying from the query that the first application request has not been or has been recorded in the registry.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying copyrighted material based on embedded copyright information. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with the textual content, wherein the text and the copyright information are recorded on a blockchain of a blockchain network; adding, by the computing device, one or more function words to the textual content without altering a meaning of the textual content; and embedding, by the computing device, the unique ID in the function words to produce an information-embedded textual content that enables retrieval of the copyright information from the blockchain based on the unique ID.

Abstract: Methods, apparatus and articles of manufacture to use artificial intelligence to define encryption and security policies in a software defined data center are disclosed. Example apparatus include a language parser to parse a natural language statement into a policy statement that defines a distributed network encryption policy or a distributed network security policy. Example apparatus also include a comparator to compare the policy statement to a set of reference policy templates and a template configurer to select a first policy template from the set of reference policy templates in response to the comparator determining the first policy template corresponds to the policy statement. A policy distributor distributes a policy rule defined by the first policy template for enforcement at network nodes of a software defined data center. The policy rule is a distributed network encryption policy rule or a security policy rule.

Abstract: A device may receive first information associated with a set of security rules. The first information may identify a set of security actions a device is to implement when the set of security rules applies to traffic. The device may determine a manner in which the set of security rules is to apply using the first information. The device may determine whether the manner in which the set of security rules is to apply and an intent of a network security policy or a manner in which a set of previously defined security rules is to apply match to determine whether the set of security rules conflicts with the network security policy or whether the set of security rules and the set of previously defined security rules are related. The device may perform an action.

Abstract: A mechanism is provided for controlling execution of a computer program. An execution of unallowed software may be prohibited. Structural elements of a graphical user interface of the computer program are detected. The detected structural elements are compared with a stored signature, each signature comprising structural elements of a graphical user interface of allowed computer programs. Upon not finding a matching signature among the stored signatures when comparing, further executing of the computer program is inhibited.

Abstract: Examples of the present disclosure describe systems and methods of delegating authorization to access isolated collections of data. In aspects, a request to access an isolated collection of resource identifiers and relationships may be received by an application. The resource identifiers may correspond to resources in one or more remote data repositories. Upon receiving the request, the application may interrogate a remote data repository to determine whether the requestor is currently authorized to access the one or more resources corresponding to the resource identifiers in the isolated collection. If the requestor is determined to be authorized, the application may use an authorization indication provided by the remote data repository to provide the requestor with access to the isolated collection. If the requestor is determined to be unauthorized, the application may prohibit access to the isolated collection.

Abstract: A technique to cache content securely within edge network environments, even within portions of that network that might be considered less secure than what a customer desires, while still providing the acceleration and off-loading benefits of the edge network. The approach ensures that customer confidential data (whether content, keys, etc.) are not exposed either in transit or at rest. In this approach, only encrypted copies of the customer's content objects are maintained within the portion of the edge network, but without any need to manage the encryption keys. To take full advantage of the secure content caching technique, preferably the encrypted content (or portions thereof) are pre-positioned within the edge network portion to improve performance of secure content delivery from the environment.

Abstract: A technique to cache content securely within edge network environments, even within portions of that network that might be considered less secure than what a customer desires, while still providing the acceleration and off-loading benefits of the edge network. The approach ensures that customer confidential data (whether content, keys, etc.) are not exposed either in transit or at rest. In this approach, only encrypted copies of the customer's content objects are maintained within the portion of the edge network, but without any need to manage the encryption keys. To take full advantage of the secure content caching technique, preferably the encrypted content (or portions thereof) are pre-positioned within the edge network portion to improve performance of secure content delivery from the environment.

Abstract: Computerized techniques to determine and verify maliciousness of an object are described. A malware detection system intercepts in-bound network traffic at a periphery of a network to capture and analyze behaviors of content of network traffic monitored during execution in a virtual machine. One or more endpoint devices on the network also monitor for behaviors during normal processing. Correlation of the behaviors captured by the malware detection system and the one or more endpoint devices may verify a classification by the malware detection system of maliciousness of the content. The malware detection system may communicate with the one or more endpoint devices to influence detection and reporting of behaviors by those device(s).

Abstract: Embodiments of the present disclosure disclose a data authentication method, a data authentication apparatus, and a data authentication system. An embodiment of the data authentication method comprises: in response to receiving an authentication request submitted to authentication nodes in an authentication system for authenticating that a vehicle passes self-driving scene testing, verifying the authentication request, the authentication request containing simulation data regarding self-driving testing of the vehicle in a simulated driving scene and authentication award information; in the case of passing the verifying, generating an award record for an authentication node that completes verification first based on the authentication award information, and writing a verification result and the award record into a distributed data block chain corresponding to the authentication system.

Abstract: Methods, systems, and apparatuses in a computing device enable user access to a resource. The method includes receiving, from a user, a request for access to a resource; accessing an authentication flow for granting access to the resource; obtaining first claims for a user from a first claims provider in the authentication flow; determining a second claims provider in the authentication flow, the second claims provider having a trust relationship with the claims facilitator; directing the user to the second claims provider; receiving second claims for the user from the second claims provider; and enabling the user to access the resource in response to at least the received first and second claims.

Abstract: A method includes detecting a change to one or more of: a credential of set of storage units supporting a logical storage vault and access control information for a user group affiliated with the logical storage vault. The method further includes, in response to the detecting, determining, whether the logical storage vault is in a relationship with another logical storage vault. When the logical storage vault is in the relationship, determining whether the logical storage vault is an originating vault or a subservient vault. When the logical storage vault is the originating vault, sending updated access control information to the second set of storage units regarding a change to the access control information. When the logical storage vault is the subservient vault, sending an updated credential of the set of storage units to the computing device regarding a change to the credential of the set of storage units.

Abstract: A first risk analysis of a message is performed. In the event the first risk analysis results in a determination that the message meets a first criteria, at least a portion of the message is modified prior to sending a modified version of the message to a specified recipient of the message, and a second risk analysis of the message is performed. The first risk analysis is performed before sending the modified version of the message and the modified version of the message is sent to the specified recipient of the message prior to a conclusion of the second risk analysis. In the event the second risk analysis results in a determination that the message meets a second criteria, content of the message that was previously prevented from being accessed by the specified recipient is provided to the specified recipient of the message.

Abstract: Methods, systems, storage media for authentication are described. On the methods includes receiving, at a smart contract on a distributed ledger, a signed authentication challenge. The method includes verifying the identity of the user who signed authentication challenge. The method includes raising an event that indicates that the user has been authenticated; wherein a server listens for events from the smart contract, and associates a session between the browser and the server with the user based on the event.

Abstract: In some examples, geographical track data obfuscation may include ascertaining geographical data points that include a first data point and subsequent data points. For each of the subsequent data points, a delta degree value may be determined as a difference between a subsequent data point and a corresponding previous data point. A first format preserving encryption (FPE) may be applied to encrypt longitude and latitude values of the first data point. A second FPE may be applied by applying a translation of a plurality of translations to encrypt each delta degree value. A total distance traveled, a total time, and/or a total elevation gain may be extracted from the encrypted first data point and the encrypted delta degree values.

Abstract: An authentication control method, system, and computer program product, includes performing an initial calibration to login to a registered device by detecting a plurality of biological signals, biometric signals, and idiosyncratic signals of a user and selecting a combination of the plurality of biological signals, biometric signals, and idiosyncratic signals to use in an initial calibration-authentication score, computing a login-authentication score at a time of the login based on a user input of signals corresponding to the signals of the initial calibration-authentication score, and allowing the login to the registered device if the login-authentication score is within a predetermined threshold of the initial calibration-authentication score.

Abstract: A method and device for realizing a verification code are provided. In some embodiments, a character verification code is obtained and displayed when it is determined to perform identity verification. The character verification code has an incorrect character based on a priori knowledge. The user is prompted to input a correct character corresponding to the incorrect character in the character verification code. Verification information is received. It is determined that the verification is successful when the verification information corresponds to the correct character of the prior knowledge; otherwise, the verification failed.

Abstract: Techniques and mechanisms are disclosed for a data intake and query system to generate “meta-notable” events by applying a meta-notable event rule to a collection of notable event data. A meta-notable event rule specifies one or more patterns of notable event instances defined by a set of notable event states and a set of transition rules (also referred to as association rules) indicating conditions for transitioning from one notable event state to another. The set of notable event states includes at least one start state and at least one end state. A meta-notable event is generated when a set of analyzed notable events satisfies a set of transition rules linking a start state to an end state (including transitions through any intermediary states between the start state and the end state).