Abstract: A method and system of securely enrolling delegates with an account management service so that the delegates can manage access to funds on behalf of a primary account holder is disclosed. The method and system include generating new profiles for proposed delegates, setting delegate approval policies, ensuring a sufficient number of delegates have been selected, and confirming the identity of each delegate.

Abstract: A method for the protection of files is performed on an integrated-circuit device that comprises a hardware memory protection module, which controls access to regions of the memory depending on region-specific settings. A new file is created in the memory by storing metadata and content data for the new file in a common memory region. An access condition is set for the common memory region in the configuration settings of the hardware memory protection module. A file is retrieved from the memory by searching the memory to identify a file meeting a search criterion. The searching involves comparing the metadata of files from the memory against the search criterion in order to identify a file from the memory that meets the search criterion.

Abstract: An embodiment of a digital content distribution system for a delivery of digital materials through digital mailbox systems is described. The digital content distribution system features a virtual processor and a plurality of digital mailbox systems. Each digital mailbox system is configured to operate as a data store addressable by a digital mailbox address that is uniquely associated with a physical address and is assigned to one or more registered users associated with a property identified by the physical address. For instance, a first digital mailbox system is configured to transmit digital materials to and receive digital materials from a second digital mailbox system different than the first digital mailbox system and one or more registered users are provided access to the digital materials received by the first digital mailbox system upon authentication.

Abstract: A terminal device may send to a first server a sending request, and receive from the first server first related information which is related to a first public key of a first communication device in response to the sending request being sent to the first server. The terminal device may send to the first communication device a first authentication request in which the first public key related to the first related information is used in a case where the first related information is received from the first server, and send first connection information to the first communication device in a case where a first authentication response is received from the first communication device in response to the first authentication request being sent to the first communication device. The first connection information may be for establishing a first wireless connection between the first communication device and an external device.

Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application if the received interaction information is indicative of the presence of a malicious application.

Abstract: Systems and methods for root-level application selective configuration for managing performance of actions on files in a file system including an agent executed on a computing device. The agent can determine files stored in a particular folder and determine file metadata corresponding to the files based on a policy file. The agent can receive a selection of a particular file of the files that corresponds to one of the file metadata. The agent can determine an availability of one or more actions for the particular file as specified by file metadata. The agent can render a context menu that includes menu entries with one or more additional menu entry that corresponds to the actions based on the file metadata. The agent can perform an authentication of a current user account based on the policy file and cause the action to be performed based on privileges of the agent.

Abstract: Aspects of the disclosure relate to detecting and identifying malicious sites using machine learning. A computing platform may receive a uniform resource locator (URL). The computing platform may parse and/or tokenize the URL to reduce the URL into a plurality of components. The computing platform may identify human-engineered features of the URL. The computing platform may compute a vector representation of the URL to identify deep learned features of the URL. The computing platform may concatenate the human-engineered features of the URL to the deep learned features of the URL, resulting in a concatenated vector representation. By inputting the concatenated vector representation of the URL to a URL classifier, the computing platform may compute a phish classification score. In response to determining that the phish classification score exceeds a first phish classification threshold, the computing platform may cause a cybersecurity server to perform a first action.

Abstract: A cloud network for automatically provisioning a user directory in a multi-tenant system. User attributes for configuration of the user directory and groups associated with a plurality of end-users are received from a local application on an end-user device. A program module integrates with an external application and the user interface allows integration with a mid-link server. User policies and group policies associated with the plurality of end-users are determined. A high-risk user from the plurality of end-users is determined using the external application. A threat is determined associated with an end-user based on a type of the threat, a threat level is determined based on the type of the threat, and the threat level is compared to a threshold level, the threshold level categorizes the end-user as the high-risk user. The user directory is deployed using a snippet based on the user policies and the group policies.

Abstract: Embodiments described herein disclose technology for verifying authorization of an application download. The system can receive from a device associated with a user, a request to download an application. In response to a first instance of the application being downloaded on the device, the system can assign a unique identifier to the first instance of the application. After the application is downloaded and prior to granting the person requesting the application download access to the first instance of the application, the system can request via the first instance of the application identification information and particular authentication information to verify that the person requesting the application download is authorized to do so. In response to verifying that the person requesting the application download is authorized, the unique identifier can be associated with the account, user and/or device to result in a verified download of the first instance of the application.

Abstract: In some embodiments, a method can include identifying detection coverage of a set of adversarial techniques based on telemetry data and a detection instance of an environment. The method can further include determining a subset of detection coverage that has a metric value below a metric value threshold and among the detection coverage for the set of adversarial techniques. The method may further include identifying at least one detection instance associated with the subset of detection coverage. The method can further include presenting, via a graphical user interface, a representation of at least one of the subset of detection coverage or the at least one detection instance associated with the subset of detection coverage. The method can further include updating the subset of detection coverage based on the telemetry data, the detection instance, or the at least one detection instance to improve the metric value.

Abstract: An issuing device is configured to: respond to a challenge request by transmitting a challenge; and respond to a certification request including a public key and ownership information thereof by issuing a digital certificate certifying the ownership information. The ownership information includes counterparty identity information relating to a ledger of a distributed database. The digital certificate is issued if it is successfully verified that a valid response to the challenge has been posted to the ledger of the distributed database and is associated therein with the counterparty identity information of the certification request. The digital certificate facilitates proofing that an owner of a public key is a given counterparty to a blockchain ledger. Also, a corresponding requesting device and corresponding methods and computer program products for issuing and requesting a digital certificate are disclosed.

Abstract: Disclosed are systems and methods for supporting dynamic reconfiguration. The systems and methods can include: pointing to a document server providing document services as a primary document server; dynamically reconfigure and point itself to use a document appliance indicated by an electronic invite received by the first computing device from a second computing device; and enable the first computing device to pass data or information received in the electronic invite to the document application in response to the first client.

Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.

Abstract: Systems and methods for cloud-based file sharing, where templates are provided for creating workflow instances which enable the sharing of managed objects. Reusable workflow templates are stored in the repository of a cloud-based file sharing system as objects that define components of the workflow, or placeholders for these components. A user instantiates a workflow instance from one of the templates and configures the workflow instance to identify content objects or forms, tasks related to the content objects, and users assigned to perform the tasks. The workflow instance is stored as an object in the repository. Users assigned to tasks are authorized through the workflow instance to access the content objects or forms to perform the tasks.

Abstract: A carrier network may detect and prevent completion of SIM swap frauds. For example, a carrier network may, based at least in part on a SIM swap request to replace a first SIM associated with a subscriber with a second SIM, store first information associated with the first SIM. Subsequent to the execution of a SIM swap to replace the first SIM with the second SIM, the carrier network may perform fraud detection on the SIM swap based at least in part on the first information associated with the first SIM stored based at least in part on the SIM swap request and based at least in part on second information associated with the second SIM and based at least in part on the SIM swap being detected as fraudulent by the fraud detection, cause the second SIM to be prohibited from operating with respect to the subscriber.

Abstract: Systems and methods enable secure service-based communications in networks that use a Services Communications Proxy (SCP). A Network Function (NF) producer receives a service request including an authorization token and a signed service request object, wherein the service request originates from an NF consumer of the wireless core network and is forwarded to the NF producer via the SCP. The NF producer verifies the signed service request object and generates, after the verifying, a service response. The service response includes a signed service response object. The NF producer sends, to the NF consumer and via the SCP, the service response with the signed service response object.

Abstract: A system and method for a distributed security model that may be used to achieve one or more of the following: authenticate system components; securely transport messages between system components; establish a secure communications channel over a constrained link; authenticate message content; authorize actions; and distribute authorizations and configuration data amongst users' system components in a device-as-a-key system.

Abstract: This invention pertains to a method for provisioning and implementing two-factor authentication (2FA) for enterprise services. The system securely establishes a trusted identity for a subscriber device using an immutable hardware key and public/private key sets. The device's identity is verified by an Original Equipment Manufacturer (OEM) cloud service. The method includes generating unique transaction nonces for each 2FA request, securing private keys within a Trusted Execution Environment (TEE), and employing a cloud wallet service to store keys. The subscriber device interacts with the system, decrypting and re-encrypting transaction nonces using corresponding keys. This process enables secure transaction from enterprise applications. The system also integrates user consent into the 2FA process, displaying a prompt to approve or deny authentication. This technology enhances security in enterprise services, prioritizing user consent and secure data transfer.

Abstract: A computerized method supporting SSL-based or TLS-based communications with multiple cryptographically protected transmissions is described. Responsive to a first transmission including a first content encrypted with a public key of an intended recipient and a first digital signature for use in detect tampering to the first content, a second transmission is received. The second transmission includes a combined result including the first content and a second content, which is encrypted with a public key of the sender. Recovery of the first content verifies to the sender that the second transmission originated from the intended recipient. Thereafter, a third transmission is sent. The third transmission has data including at least the second content, being the remaining data after extraction of the first content from the combined result, which is encrypted with the public key of the intended recipient and a third digital signature for use in verifying non-tampering of the data.

Abstract: The technology disclosed describes a network security system that is configured to configure a synthetic request with an object identifier, and to inject the synthetic request into an application session to transmit the synthetic request to a cloud application. The synthetic request is configured to retrieve object metadata about the object using the object identifier. The network security system is further configured to receive from the cloud application a response to the synthetic request. The response supplies the object metadata.