Abstract: In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.

Abstract: Identifying Internet of Things (IoT) devices with packet flow behavior including by using machine learning models is disclosed. Information associated with a network communication of an IoT device is received. A determination of whether the IoT device has previously been classified is made. In response to determining that the IoT device has not previously been classified, a determination is made that a probability match for the IoT device against a behavior signature exceeds a threshold. Based at least in part on the probability match, a classification of the IoT device is provided to a security appliance configured to apply a policy to the IoT device.

Abstract: Various implementations disclosed herein provide a method for authenticating users to an enterprise network using closed subscriber groups. The method includes determining whether the client device is associated with a subscriber group that corresponds to the enterprise network. The method further includes granting the client device access to the enterprise network in response to determining that the client device is associated with the subscriber group that corresponds to the enterprise network.

Abstract: A portable communication terminal control system includes a plurality of first portable communication terminals and a second portable communication terminal. A first processor in the first portable communication terminal performs a first portable communication terminal side determination process which determines whether communication connection is in an established state between a first portable communication terminal and the second portable communication terminal. The first processor performs a transmission control process in which, in response to determination that the communication connection with the other first portable communication terminal is in the established state and that the communication connection with the second portable communication terminal is in the established state, a release signal is transmitted to the second portable communication terminal.

Abstract: Described embodiments provide systems and methods for context aware frictionless authentication. A server may determine authentication method information, contextual scores and contextual weights of a device, in connection with a user request to access a resource via the device. The authentication method information may include a weight and a completion duration for each of a plurality of authentication methods available via the device. The server may determine an authentication score for each of the plurality of authentication methods using the authentication method information, the contextual scores and the contextual weights of the device. The server may identify a first authentication method from the plurality of authentication methods, according to the determined authentication score. The server may authenticate the user request via the first authentication method using a first device that supports the first authentication method.

Abstract: The techniques described herein relate to authorizing networked devices to access protected network zones and/or network resources in a private network. In response to a first access request, a network appliance requests full compliance information from the networked device. The received compliance information is stored in a database. Subsequently, when the compliance information on the networked device changes, the network device sends updated compliance information to the network appliance. The network appliance reevaluates the compliance state of the networked device based on the updated compliance information and the compliance information stored in the database.

Abstract: Systems and methods for root-level application selective configuration for managing installation of applications in a file system include at least one computing device and an agent. The at least one computing device can receive selections from a user for a file and for actions desired to be executed on the file. Instead of requiring a particular privilege level for the user, the agent can be provided privileges based on a policy file associated with the selected file, thereby allowing the selectable actions to be executed via the agent. The agent can be executed by the at least one computing device and register with an OS during a boot sequence. The agent can receive a selection of a file and render a context menu based on metadata from an associated policy file. The context menu can include one or more badges providing an indication of executable actions for the selected file.

Abstract: A cloud network for automatically provisioning a user directory in a multi-tenant system. The cloud network includes a local application that executes on an end-user device and a mid-link server coupled to a plurality of end-user devices. User attributes for configuration of the user directory and groups associated with the plurality of end-users is received from the local application. A program module integrates with an external application and the user interface allows integration with the mid-link server. A snippet is created for the configuration of the user directory from the user interface for each of the plurality of end-users. User policies and group policies associated with the plurality of end-users are determined. A high-risk user from the plurality of end-users is determined using the external application. The user directory is deployed using the snippet based on the user policies and the group policies.

Abstract: Implementations include providing a security rating and a data criticality value of one or more transactions, the one or more transactions to be recorded to a blockchain, and the blockchain being of a blockchain network, selecting a consensus protocol, the consensus protocol selected from a set of consensus protocols, and the consensus protocol selected based on the security rating and the data criticality value, defining a set of consensus nodes, the set of consensus nodes including nodes from one of a super node pool and a weak node pool, and executing, by the set of consensus nodes, the consensus protocol to record the one or more transactions to the blockchain.

Abstract: A method for identifying that an item of information potentially includes an item of sensitive information can be provided. The item of information can be received in response to a query of an end-user database. An existence of a characteristic associated with the item of information can be determined. The characteristic can be indicative that the item of information potentially includes the item of sensitive information. The characteristic can be different from being that a source of the item of information has been designated, via an information management system, as unsearchable. An action can be caused in response to a determination of the existence of the characteristic. The end-user database can be included in a multi-tenant database.

Abstract: Methods and apparatus to clone an agent in a distributed environment are disclosed. An example apparatus includes a first management agent associated with a first component server in a virtualization environment, the first management agent configured to facilitate communication between the first component server and a virtual appliance, the virtual appliance to authenticate the first management agent based on first credentials including a first identifier and a first certificate. The example apparatus includes a second management agent associated with a second component server in the virtualization environment, the second management agent cloned from the first management agent and including a copy of the first credentials. The example second management agent is to: generate second credentials including a second identifier and a second certificate; authenticate with the virtual appliance based on the first identifier and the first certificate; and delete the copy of the first credentials.

Abstract: Systems and methods enable secure service-based communications in networks that use a Services Communications Proxy (SCP). A Network Function (NF) producer receives a service request including an authorization token and a signed service request object, wherein the service request originates from an NF consumer of the wireless core network and is forwarded to the NF producer via the SCP. The NF producer verifies the signed service request object and generates, after the verifying, a service response. The service response includes a signed service response object. The NF producer sends, to the NF consumer and via the SCP, the service response with the signed service response object.

Abstract: A subscriber information authentication system that compares network-obtained and device-obtained information to verify that a device being used in connection with a user account is authenticated for that account. Certain subscriber information may be associated with the account during a registration process. In subsequent attempts to access the account, the registered subscriber information may be used in conjunction with information obtained from a telecommunication network and from a device to verify that the device is authorized. The information from the telecommunication network may be queried using Signaling System No. 7 (“SS7”) protocols. The device authorization may be performed, for example, to ensure that a device being used for device-based verification is the device a user purports it to be.

Abstract: A service or load balancer may use the techniques herein to perform client authentication using a certificate-based identity provider. A client may send a request for access to a service of the provider network. In response, the service or a load balancer may redirect the request to a certificate-based identity provider in accordance with a standard identity protocol (e.g., a federated identity protocol such as the protocol for OpenID Connect (OIDC)). The certificate-based identity provider may obtain a client certificate and validate the client certificate. The identity provider may also obtain and verify other credentials. In response to validating the client certificate (and in some cases authenticating the credentials), the certificate-based identity provider may generate and sign an identity token and redirect the client back to the service in accordance with the identity protocol.

Abstract: Disclosed is a method including: receiving, by a routing device, a message; determining an indication of an authentication server for authenticating the user to access the network service; and generating an authentication request including at least the user identifier derived from the data structure to the determined authentication server. Also disclosed is a routing device and a computer program product.

Abstract: A system and method for providing multifactor authentication. A disclosed method includes receiving a request at a server to launch a new session for an application on a client device, generating a plurality of codes, each of the plurality of codes associated with a respective identifier, and forwarding the plurality of codes via a short messaging service (SMS) message to a user associated with the client device. The method further includes sending the respective identifier associated with a given code of the plurality of codes to the application and receiving a submitted code entered into the application from the client device. Once received, the method compares the submitted code with the given code associated with the respective identifier and authenticates the user in response to the submitted code matching the given code.

Abstract: A method and system of securely enrolling delegates with an account management service so that the delegates can manage access to funds on behalf of a primary account holder is disclosed. The method and system include generating new profiles for proposed delegates, setting delegate approval policies, ensuring a sufficient number of delegates have been selected, and confirming the identity of each delegate.

Abstract: Animal data is stored in memory accessible to a server. The server allows users to access the animal data, such as across a communication network. In some embodiments an identifier for an animal is stored with animal information. The identifier can be used to control access to animal records and to quickly locate animal information associated with a particular animal.

Abstract: In an example, a computer-implemented method includes determining a set of permissions that specifies types of account data of one or more financial accounts to share with a third-party, the one or more financial accounts being associated with a user and held by a financial institution, and generating authorization data that authenticates the third-party and authorizes the third-party to access the types of account data specified by the set of permissions. The method also includes transmitting the authorization data to the third-party, receiving a request for authorization that includes the authorization data and a request for account data of the one or more financial accounts that conforms to the types of account data specified by the set of permissions, authorizing the third-party based on the authorization data, and transmitting the account data that conforms to the types of account data specified by the set of permissions.

Abstract: Source code is scanned to generate a list of vulnerable tokens. Thereafter, the list of vulnerable tokens is inputted into a machine learning model to identify false positives in the list of vulnerable tokens. Based on this identification, the list of vulnerable tokens can be modified to remove the identified false positives. Related apparatus, systems, techniques and articles are also described.