Abstract: A method includes sending a challenge data structure to a user computer system. The challenge data structure defines a challenge user interface to be presented to a user of the user computer system. The challenge user interface includes a playback control area for playing an audio clip comprising a plurality of sounds. The challenge user interface prompts the user to select two or more answers corresponding to two or more sounds from a multiple choice answer area of the challenge user interface. The method includes obtaining a user input to the challenge user interface that represents a selection of at least one image from the plurality of images, and providing access to a computer resource for the user computer system based on whether the at least one image is consistent with the correct image.

Abstract: System, apparatus, and computer program products are disclosed for protected display of a requested user interface. In one aspect, a method includes receiving a protected mode display request to display the requested user interface in a protected mode, wherein the requested user interface comprises a plurality of data values; in response to the protected mode display request: (i) retrieving a data protection template for the protected mode display request, (ii) determining, based on the data protection template, one or more protected data values of the plurality of data values and one or more unprotected data values of the plurality of data values, (iii) for each protected data value, generating a masked representation, and (iv) generating a masked user interface that comprises: (a) each unprotected data value, and (b) each masked data value; and causing the masked user interface to be presented using a display device.

Abstract: Systems and methods for a blockchain-based OCSP responder using smart contracts and custom URI scheme for certificate revocation management. Various embodiments include, responsive to a requirement to determine status of a digital certificate, obtaining blockchain information from the digital certificate; interacting with a specified blockchain network based on the blockchain information; and determining a status of the digital certificate based on the Interacting.

Abstract: A method for determining a user plane security algorithm, a system, and an apparatus. The method may include: a second device selects a non-null user plane confidentiality protection algorithm based on a security capability of a first device and a security capability of the second device in a case in which user plane confidentiality protection between the second device and the first device is enabled and control plane confidentiality protection between the second device and the first device is not enabled. The second device sends a first message to the first device. The first message includes first algorithm indication information indicating the user plane confidentiality protection algorithm. Therefore, the first device can obtain the non-null user plane confidentiality protection algorithm. Embodiments can be adopted to determine an effective user plane confidentiality protection algorithm, for confidentiality protecting user plane data.

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

Abstract: A method performed by a user device may include obtaining biometric information relating to a user of the user device using a biometric sensor of the user device; determining that the biometric information is valid; generating a biometric indicator indicating that the biometric information is valid; providing a request for a callback from an entity, wherein the request includes the biometric information indicating that the biometric information is valid; and receiving the callback from the entity, wherein the callback is received based on the biometric information indicating that the biometric information is valid, and wherein the callback is associated with an entity identifier that is not provided to the user.

Abstract: Systems and methods for sharing content between devices are disclosed. To request a shared piece of media content, a playback device generates and sends a request to content server. The playback device includes information in the request that indicates the playback capabilities of the device. The content server receives the request and determines the playback capabilities of the playback device from the information in the request. The content server then determines the assets that may be used by the playback device to obtain the media content and generates a top level index file for the playback device that includes information about the determined assets. The top level index file is then sent to the playback device that may then use the top level index file to obtain the media content using the indicated assets.

Abstract: Systems, methods, and computer-readable storage media for improving cybersecurity protections across entities. One system includes a response system including one or more processing circuits including memory and at least one processor configured to identify a plurality of first level configurations corresponding to at least one of an operational or security action performed on the a plurality of computing systems of an entity of a plurality of entities. The at least one processor further configured to encrypt or tokenize the plurality of first level configurations. The at least one processor further configured to record the plurality of first level configurations on the distributed ledger or data source.

Abstract: A cryptographic management key system is disclosed for providing secure communication in a cryptographic system. The cryptographic key management system includes a plurality of communication apparatuses under the control of a common control console, each communication apparatus being in communication with at least one source of dynamic random or pseudo-random information via the common control console, and communication paths among the plurality of communication apparatuses, said communication paths including a control plane, a random information plane and a data plane.

Abstract: Systems and methods for providing secure motherboard replacement techniques are described. In one embodiment, an Information Handling System (IHS) may include computer-executable instructions to, during a bootstrap process, obtain a remodeled vendor tracking certificate from a replacement motherboard in which the remodeled vendor tracking certificate comprising inventory information associated with a previous motherboard, and determine that the vendor tracking certificate includes information indicating that the replacement motherboard has replaced a previous motherboard.

Abstract: In one embodiment, a set of feature vectors can be derived from any biometric data, and then using a deep neural network (“DNN”) on those one-way homomorphic encryptions (i.e., each biometrics' feature vector) can determine matches or execute searches on encrypted data. Each biometrics' feature vector can then be stored and/or used in conjunction with respective classifications, for use in subsequent comparisons without fear of compromising the original biometric data. In various embodiments, the original biometric data is discarded responsive to generating the encrypted values. In another embodiment, the homomorphic encryption enables computations and comparisons on cypher text without decryption. This improves security over conventional approaches. Searching biometrics in the clear on any system, represents a significant security vulnerability. In various examples described herein, only the one-way encrypted biometric data is available on a given device.

Abstract: Protection of process memory against foreign code injection is described herein. A system includes at least one processor and at least one memory storing instructions thereon that, when executed by the at least one processor, cause the at least one processor to perform operations. The operations include to dynamically virtualize a protected application in user space, wherein the virtualization comprises a virtualized memory management system and to monitor memory allocated to the virtualized protected application by the virtualized memory management system. The operations include to compare memory allocated by the virtualized memory management system with known allocations of virtual memory. Additionally, the applications include to designate the memory as being injected with foreign code in response to the virtualized memory management system detecting privileges not created by the virtualized memory management system.

Abstract: Techniques are disclosed relate to systems, methods, and non-transitory computer readable media for implementing a browser extension for cyber threat intelligence and response. One system to perform operations comprising: scanning, in a sandbox of a browser by a browser extension, at least part of a web page to produce a set of items of interests; transmitting the set of items of interests to a cloud-based enrichment and analysis of cybersecurity threat intelligence system to request information on the set of items; receiving a response from the cloud-based enrichment and analysis of cybersecurity threat intelligence system, the response including a scan result based on the transmitted set of items of interests, and the scan result including at least one of an indicator of compromise of the at least scanned part of the web page; and displaying the scan results including the at least one of an indicator of compromise.

Abstract: The disclosure provides improved methods and systems for processing, storing, sharing, retrieving, writing and accessing data (content) on a blockchain e.g. Bitcoin. The invention may form part of a protocol for storing, searching and accessing the data. In particular, improved efficiency and also enhanced access control permissions are provided. An embodiment of the disclosure comprises the step of processing at least one blockchain transaction (Tx) comprising: a protocol flag; a discretionary public key (DPK); and a discretionary transaction ID (DTxID). These are discretionary in the sense that they are not required as part of the underlying blockchain protocol but in accordance with the present invention. This combination of features enables portions of data to be identified, retrieved and shared on a blockchain, and also to be linked/associated with one another when provided in a plurality of transactions.

Abstract: A method for managing a data protection module (DPM) includes: obtaining an alert generated by the DPM within a predetermined period of time; obtaining metadata associated with the DPM; analyzing the metadata to extract relevant data; analyzing the alert to extract second relevant data; making, based on the second relevant data, a determination that a tolerance level associated with the alert has been exceeded; sending, based on the determination, the alert, the relevant data, and the second relevant data to a vendor environment (VE) analyzer; in response to sending the alert, the relevant data, and the second relevant data, receiving a service request (SR) generated by the VE analyzer for the DPM; and providing the SR to the client to notify a user of the client about the SR using a graphical user interface (GUI) of the client.

Abstract: A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

Abstract: A system and method reduces use of restricted operations in a cloud computing environment during cybersecurity threat inspection. The method includes: detecting an encrypted disk in a cloud computing environment, the encrypted disk encrypted utilizing a first key in a key management system (KMS); generating a second key in the KMS, the second key providing access for a principal of an inspection environment; generating a snapshot of the encrypted disk; generating a volume based on the snapshot, wherein the volume is re-encrypted with the second key; generating a snapshot of the re-encrypted volume; generating an inspectable disk from the snapshot of the re-encrypted volume; and initiating inspection for a cybersecurity object on the inspectable disk.

Abstract: An asset scoring method and apparatus, a computer device, and a storage medium are provided. The method includes: obtaining multi-dimensional threat information data of assets to be assessed; obtaining sub-scores of dimensions according to the multi-dimensional threat information data and a preset security scoring model; according to the sub-scores of the dimensions, determining a security scoring result of the corresponding assets to be assessed; and according to the security scoring result and a preset level division rule, determining security levels of the corresponding assets to be assessed.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: Aspects of subject technology provide systems and methods for generation and distribution of a stable identifier associated with multiple aliases of a user account. The stable identifier may be provided to various electronic devices by a server, responsive to requests associated with communications to those devices from one of the associated aliases. In this way, messaging applications can utilize the stable identifier to merge conversations from a single user having multiple aliases, and secure access to a secure device can be provided to an authorized user, even if the authorized user attempts access from an unauthorized account alias.