Abstract: Examples disclosed herein relate to acquisition of a device fingerprint from an instance of a client application. Examples include association of a target device fingerprint, based on device context information, with a target user account in a remote service, and acquisition of an application device fingerprint from an unpaired instance of a client application.

Abstract: A system and method for providing data such as credentials to a third-party service while protecting the data from being transmitted to unintended locations. The system receives a first request containing encrypted data and information identifying the third-party service, validates that the first request is to be transmitted to the third-party service, generates a second request by replacing the encrypted data from the first request with unencrypted data, and transmits the second request to the third-party service.

Abstract: A method to provide negotiation control to data such that a person or entity can negotiate the use of data gathered beyond what is needed for a particular use by a third party transaction.

Abstract: The disclosed computer-implemented method for verifying connection integrity may include (i) receiving a request from a client to initiate a connection to a server via a middlebox, (ii) receiving, from the client, via a side protocol executing in parallel with a transport layer security protocol, a request for a certificate for the middlebox, (iii) sending, to the client, via the side protocol, the certificate, (iv) receiving, from the client, via the side protocol, a request for an additional certificate from a device upstream of the middlebox, (v) requesting, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vi) receiving, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vii) sending, to the client, via the side protocol, the additional certificate, and (viii) relaying data via the connection. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments of the present disclosure relate to a method and apparatus for document retrieval. The method comprises: determining, in response to receiving a request to retrieve a document from a user, information for the user; obtaining, based on the determined information, ACL information for the user from an ACL index, the ACL index indicating access right of at least one user to the document; and determining, based on the ACL information of the user, a document to be provided to the user from retrieved documents in response to the request. According to the embodiments of the present disclosure, the retrieval efficiency may be enhanced.

Abstract: The present invention discloses a hardware control logic based data forwarding control method and a corresponding data forwarding control system. The method includes: externally connecting a terminal protection device to a protected host, and taking over all the data interfaces of the protected host; and controlling by a hardware control logic in the terminal protection device the connection and/or disconnection of a physical circuit corresponding to data forwarding when an external device interacts data with the protected host via the terminal protection device, so as to control the data interaction between the external device and the protected host.

Abstract: The claimed invention is a method for encryption synchronization and user authentication, which allows a user to set up an encrypted mark created by using an encryption algorithm and a user-provided encryption key. The method does not leave any information that would be used by internal staff or an authentication service provider to acquire user account credentials, and thus preventing hackers from acquiring such information to be used to gain unauthorized access to stored user data.

Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one memory. The operations may include: extracting, from an icon associated with a file, one or more features; assigning, based at least on the one or more features, the icon to one of a plurality of clusters; and generating, based at least on the cluster to which the icon is assigned, a classification for the file associated with the icon. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract: A super-shield system for protecting a computer from malicious software uses a whitelist to determine is a program is safe to run. As new malicious software are created, inadvertent attempts at execution of executables including such malicious software is prevented being that the new malicious software are not listed in the whitelist. When attempts are made to run unknown software, the executable is forwarded to a server where further analysis is performed to determine if the executable contains suspect code (e.g., malicious software).

Abstract: Embodiments described herein include an electronic beacon system mounted to an unmanned aerial system (UAS) broadcasting identification and sensor data including a UAS identification code, global positioning system data and other telemetry information. In certain embodiments, identification and global positioning system data of the unmanned aerial system is transmitted to and displayed upon a mobile handheld device. Other embodiments include using the identification data to ascertain the identity of the owner/operator of an unmanned aerial system. Related systems, hardware, firmware, and software are disclosed.

Abstract: Systems and methods relating to alerting users as to user information to be exchanged during transactions. A user information system (UIS) information circuit and an associated user information database populates an account with user information received from at least one of the user and a plurality of entities. A user information request relating to a transaction is received from an entity computing system associated with an entity over a network via a network interface circuit. A security circuit sends an alert including an approval request containing an identification of user information requested in the user information request to a user computing device associated with the user over the network. The security circuit receives an approval of the approval request from the user computing device, and the UIS information circuit provides the approved information to the entity to complete the transaction.

Abstract: An information processing device of the present disclosure includes: a first storage section for reading only that stores first data beforehand, and restricts reading of the first data after a first event; an operation section that performs one or both of encoding and decoding with use of key data, and restricts, after a second event, change of the key data to be used; a second storage section being readable and writeable and including a plurality of storage regions for each of which access conditions are set, the second storage section that restricts change of the access conditions after a third event; and an information processor that controls the first storage section, the operation section, and the second storage section to perform information processing.

Abstract: Techniques described herein provide location-based access control to secured resources. Generally described, configurations disclosed herein enable a system to dynamically modify access to secured resources based on one or more location-related actions. For example, techniques disclosed herein can enable a computing system to control access to resources such as computing devices, display devices, secured locations, and secured data. In some configurations, the techniques disclosed herein can enable controlled access to secured resources based, at least in part, on an invitation associated with a location and positioning data indicating a location of a user.

Abstract: A computer-implemented method includes identifying a data transmission session associated with a display-oriented data transmission scheme; identifying an outbound data stream associated with the data transmission session; and determining one or more protected fields associated with the outbound data stream. The computer-implemented method further includes determining a client attempt to write to at least one of the one or more protected fields; and in response to determining said client attempt, determining an intrusion detection report. A corresponding computer program product and computer system are also disclosed.

Abstract: A system and method for executing privileged code in a process are described. The method includes establishing, by an authorized library, a privileged function. The privileged function has a first privilege level used by a processor that is executing the privileged function, while preserving a different privilege level for a process invoking the privileged function. The method includes communicating, to a computer process, access information of the privileged function, to allow the computer process to invoke the privileged function. The method includes executing the privileged function for the computer process. Executing the privileged function includes setting a processor that is being used by the computer process to use the first privilege level associated with the privileged function, executing the privileged function with that processor at the first privilege level, then restoring that processor to a previous privilege level, and returning control of that processor to the computer process.

Abstract: A system for protecting a computer from malicious software uses a whitelist to determine is a program is safe to run. As new malicious software is created, attempts at execution of executables including such malicious software are prevented being that the new malicious software is not listed in the whitelist. When such attempts are made, the executable is forwarded to a server where further analysis is performed to determine if the executable contains suspect code (e.g., malicious software) including running the executable in a sandbox to analyze how the executable behaves and running industry virus scanners against the executable to see if those scanners can find a virus. If such research finds that the executable is well-behaved, the executable is added to the whitelist and future execution is allowed.

Abstract: Systems and methods for enhanced mobile device authentication are disclosed. Systems and methods for enhanced mobile authentication are disclosed. In one embodiment, method for electronic device authentication may include (1) a server comprising at least one computer processor communicating a one-time passcode to an electronic device over a first communication channel; (2) the server receiving, from the electronic device over a second communication channel the one-time passcode encrypted with a private key associated with the electronic device; (3) the server decrypting the one-time passcode using a public key; (4) the server validating the one-time passcode; (5) the server generating a device identifier for the electronic device; and (6) the server persisting an association between the device identifier and the electronic device.

Abstract: A computer-implemented method for controlling access to credentials may include (i) maintaining, by a computing device, a set of applications for which attempting to access digital credentials comprises anomalous behavior, (ii) monitoring, by the computing device, each application within the set of applications for attempts to access digital credentials, (iii) automatically detecting, while monitoring for attempts to access digital credentials, an attempt of an application in the set of applications to access a digital credential, and (iv) performing, in response to detecting the attempt to access the digital credential, a security action to secure the digital credential. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. The apparatus may be a service processor. The service processor sends to a DHCP server a request-to-acquire for acquiring an IP address. The service processor then receives a response from the DHCP server. The response includes a first user name. The service processor further configures a user account in association with the first user name on the service processor. The user account allows access to the service processor.

Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.