Abstract: A method of authenticating and authorizing a wireless communication device for access to a communication service. The method comprises receiving a service request from a wireless communication device by a access node, parsing the service request by the access node, based on parsing the service request, determining by the access node that the wireless communication device is seeking combined authentication and service authorization, sending the service request by the access node to a hyperledger gateway, receiving an authentication success response associated with the wireless communication device and a service authorization success response by the access node from the hyperledger gateway, and sending the service request by the access node to a communication service computer system, whereby the service request is both authenticated and authorized by the hyperledger gateway in a combined transaction and a requested communication service is provided to the wireless communication device.

Abstract: The present disclosure relates to techniques for automated and adaptive cloud security management. Embodiments provide for, at an electronic device configured to interface with a cloud computing environment, initiating one or more transactions in the cloud computing environment using a first identifier to cause a first service of the cloud computing environment to generate a first set of data including the first identifier and a second identifier, and a second service of the cloud computing environment to generate a second set of data including a third identifier and a fourth identifier. Embodiments also provide for automatically determining whether the first identifier corresponds to the third identifier, and, in accordance with a determination that the first identifier corresponds to the third identifier, associating the second identifier and the fourth identifier to generate a linkage between the first and second services.

Abstract: Techniques are disclosed relating to securely storing data at a computing device that is managed by an external entity. In some embodiments, a computing device maintains a first file system volume having data that is accessible to a user of the computing device and that is not managed by an entity external to the computing device. The computing device receives, from the entity external, a first request to configure the computing device to store data that is accessible to the user and managed by the external entity. In response to the first request, the computing device creates a second distinct file system volume to store the data managed by the external entity. In response to a second request from the external entity, the computing device subsequently removes the second file system volume.

Abstract: The present invention is directed to an information processing apparatus, comprising: upon accepting updating of a program, switching a predetermined verification function that is included in verification functions to an enabled state or a disabled state based on setting information regarding the verification functions for verifying validity of programs; and updating the program, wherein the control method further includes switching the predetermined verification function to the disabled state before the program is updated, and switching the predetermined verification function to the enabled state after updating of the program is ended.

Abstract: Systems and methods for controlling and tracking computer devices using a secure communication path between a central server and a machine control-file watchdog program. One or more machine control-files can be generated to control, limit and track a computer device using a machine control-file watchdog program. The system sets limits on the computer device to ensure the user operating the computer device stays within a restricted set of usage limitations. The machine control-file watchdog program protects the one or more machine control-files and additionally can report on all activities performed by the computer device to the central server.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes by analyzing user response times to authentication questions. A request for access to an account may be received. Transaction data associated with a user of that account may be retrieved, and a list of merchants may be generated based on the transaction data. A blocklist may be retrieved, and the list of merchants may be filtered based on the blocklist. An authentication question may be presented. The authentication question may relate to the list of merchants. User responses may be received, and response times for the user responses may be measured. Based on the response times and the response times for other users, an average response time for the merchants may be determined. Based on the average response time for a particular merchant exceeding a threshold, the particular merchant may be added to the blocklist.

Abstract: Embodiments of the present invention provide a system for authenticating process operations on a network using context locked progressive session tokens. The system is configured for receiving a first request associated with a first process operation from a user device, authorizing the first request, generating a first session token associated with the first process operation, transmitting the first session token to the user device, wherein the first session token is used to validate a second process operation associated with the application, receiving a second request associated with the second process operation from the user device, authorizing the second request, generating a second session token associated with the second process operation using at least the first session token, and transmitting the second session token to the user device, wherein the second session token is used to validate subsequent process operation associated with the application.

Abstract: A computer-implemented method for delivering restricted-access resources hosted on an origin server using a CDN comprising a plurality of CDN servers is provided.

Abstract: A set of one or more media items is identified by a first computer system configured to host media items for various users. The set of media items has a first relationship. A content analysis is performed on the set of one or more media items. The content analysis is based on a first machine-learning model. A first content pattern contained within the set of media items is determined based on the content analysis. A first set of one or more altered media items is generated in response to the first content pattern.

Abstract: A system includes a database configured to store a plurality of datasets and a monitoring system communicatively coupled to the database. The monitoring system is configured to perform operations that include receiving information, which has user information associated with a user and determining whether the received information is indicative of an update to a data access right associated with the user, in which the update to the data access right comprises a change in accessibility of a dataset of the plurality of datasets. The monitoring system is also configured to perform operations that include outputting a notification indicative of reviewing the user information associated with the user in response to determining the received information is indicative of an update to the data access right associated with the user.

Abstract: A bus filter driver and security agent components configured to retrieve and analyze firmware images are described herein. The bus filter driver may attach to a bus device associated with a memory component and retrieve a firmware image of firmware stored on the memory component. The bus filter driver may also retrieve hardware metadata. A kernel-mode component of the security agent may then retrieve the firmware image and hardware metadata from the bus filter driver and provide the firmware image and hardware metadata to a user-mode component of the security agent for security analysis. The security agent components may then provide results of the analysis and/or the firmware image and hardware metadata to a remote security service to determine a security status for the firmware.

Abstract: A system includes one or more privacy vaults. At least one of the one or more privacy vaults is associated with at least one individual user, stores contents associated with the associated at least one individual user, and stores specific identification of a plurality of third-party entities, authorized to access at least a portion of the contents stored by the one or more privacy vaults, along with access permissions, one or more of the access permissions defined for each of the plurality of third-party entities. At least one of the access permissions defines accessibility of the contents for at least one of the plurality of third-party entities for which the at least one access permission is defined.

Abstract: The technology described herein improves data security and software functionality in an integrated application deployment. Security is improved by providing granular permission management to application resources at the application program interface (API) level. This granular control allows the primary application to provide access to only the minimal resources the secondary application needs to complete a task. The technology described herein provides a more efficient access control scheme by facilitating group management of permissions. The technology described herein also improves an application update process by eliminating the need for permissions to be reassigned every time a primary application or secondary application is updated. Finally, the technology described herein provides a centralized permission enforcement that is independent of the primary or secondary application.

Abstract: A regional lock-state control system for operation within a region, includes a server, a plurality of mobile devices and a plurality of lock assembles. The server is configured to initiate a lock-state event. The mobile devices are each configured to receive a wireless lock-state directive from the server upon the lock-state event, and send a wireless lock lock-state directive to the server. The lock assemblies are each configured to receive a lock-state command associated with the lock-state directive from the plurality of mobile devices, and are each configured to transmit an advertisement that includes data on a lock-state.

Abstract: A method for setting an operation time range of mailbox content and instant messaging content in a system is disclosed in the present invention, wherein a method for setting an operation time of mailbox content includes: selecting a role, a user or an employee as a mailbox user; setting a permission time range for each mailbox user, wherein said permission time range includes one or more of the following types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, and a time range from a start time to a deadline; and the content within the permission time range of the mailbox user in a mailbox account used by the mailbox user being operated by said mailbox user.

Abstract: A system for providing a Domain Name System (DNS) service may include providing an agent for installation on a subscriber device. The subscriber device may be connected to the DNS service via an entry point device. The system includes receiving, from the agent, agent data indicative of a subscriber identifier and a unique identifier associated with the entry point device. The system may then determine, based on the agent data, a current Internet Protocol (IP) address associated with the entry point device and associate the unique identifier with the subscriber identifier. The system may then dynamically map the subscriber identifier to the current IP address and provide DNS service to the subscriber device based on the current IP address.

Abstract: A method consistent with embodiments of the present disclosure may begin with retrieving a message to be electronically transmitted. The method may proceed with digitally securing the message by generating a first digital signature for the message. The first digital signature may be added to a list of digital signatures for inclusion in the message. A list of allowed anticipated changes may be retrieved. In accordance to embodiments disclosed herein, the message may be pre-signed for the allowed anticipated changes. Pre-signing the message may comprise editing the message with each allowed anticipated change, generating a subsequent digital signature for the message edited with the allowed anticipated change, and adding the subsequent digital signature to the list of digital signatures for inclusion in the electronic message. This process may be repeated for each allowed anticipated change in the allowed anticipated changes.

Abstract: An authentication method involves comparing a 2D description of an authentication device, referred to as a subsequent description, with an original 2D description by choosing, from several previously established original 2D descriptions, a 2D description established from a point of view similar to the one used to establish the subsequent 2D description. Advantageously, the optical characteristics of the authentication device vary so little when it is viewed from neighboring points of view that the device can be recognized from most of the points of view, and the original 2D descriptions have been established from neighboring points of view, which form a substantially continuous domain. In an improved version, a three-dimensional description of the authentication device, referred to as a 3D description, is reconstructed from several original 2D descriptions, which makes it possible to predict the appearance thereof from a plurality of different points of view.

Abstract: A non-transitory storage medium having stored thereon logic wherein the logic is executable by one or more processors to perform operations is disclosed. The operations may include parsing an object, detecting one or more features of a predefined feature set, evaluating each feature-condition pairing of a virtual feature using the one or more values observed of each of the one or more detected features, determining whether results of the evaluation of one or more feature-condition pairings satisfies terms of the virtual feature, and responsive to determining the results of the evaluation satisfy the virtual feature, performing one or more of a static analysis to determine whether the object is associated with anomalous characteristics or a dynamic analysis on the object to determine whether the object is associated with anomalous behaviors.

Abstract: In one implementation, a computing device includes a secure storage to store a plurality of security elements, a processor, and a storage medium including instructions. The instructions are executable by the processor to: receive a configuration request for a first server, the configuration request including one or more logical references to security settings of the first server; retrieve, from the secure storage, one or more security elements corresponding to the one or more logical references in the configuration request; and configure an operating system volume for the first server based on the configuration request and the one or more security elements.