Abstract: Video coding using a constructed reference frame may include generating, by a processor in response to instructions stored on a non-transitory computer readable medium, an encoded video and outputting an output bitstream. Generating the encoded video includes receiving an input video stream, generating a constructed reference frame, generating an encoded constructed reference frame by encoding the constructed reference frame, including the encoded constructed reference frame in an output bitstream such that the constructed reference frame is a non-showable frame, generating an encoded frame by encoding a current frame from the input video stream using the constructed reference frame as a reference frame, and including the encoded frame in the output bitstream.

Abstract: An authorization method for releasing or blocking resources includes, in case there is no connection between a provider and a resource owner: wirelessly transmitting a resource request from a client to the provider via an agent; wirelessly transmitting an authorization request from the provider to the client via the agent; wirelessly transmitting the authorization request from the client to the resource owner; wirelessly transmitting a receipt comprising an authorization response from the resource owner to the client; wirelessly transmitting the receipt from the client to the provider; and releasing or blocking a first resource in accordance with the authorization response comprised in the receipt.

Abstract: Described are systems and methods for detecting an anomaly among a plurality of components operating in a system. In some embodiments, a method includes monitoring a plurality of metrics for the plurality of components across a plurality of time periods. For each time period, the plurality of components is clustered into a plurality of clusters based on measurement information corresponding to the plurality of metrics received for the time period. For each component, a plurality of correspondences is determined between the clusters in which the component is grouped for a plurality of pairs of adjacent time periods. Then, whether each component is operating anomalously can be determined based on the plurality of determined correspondences.

Abstract: A method including: receiving, from an application executing on a computing device and by an authentication process executing on the computing device, data representative of user credentials corresponding to the application, the authentication process being isolated from the application; packaging, by the authentication process, the data representative of user credentials with a device identification assigned to the computing device and an indication that the user credentials correspond to the application, the device identification being hidden from the application; outputting for transmission, by the authentication process and to an authentication server, an authentication request containing the packaged user credentials and device identification; receiving, by the authentication process and from the authentication server, an indication of authentication of the user credentials; and forwarding the received indication from the authentication process to the application.

Abstract: A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.

Abstract: Technologies are generally described for methods and devices for generating a final signature. The methods may comprise receiving a message by a processor. The methods may comprise generating a random number by a random number generator. The methods may comprise forwarding, by the processor, the random number to a cloaking element generator. The methods may comprise forwarding, by the processor, a private key to the cloaking element generator. The methods may comprise forwarding, by the processor, a group to the cloaking element generator. The methods may comprise forwarding, by the processor, a homomorphism to the cloaking element generator. The methods may comprise processing, by the cloaking element generator, the random number, the group, the private key, and the homomorphism to produce a cloaking element. The methods may comprise applying the cloaking element to transform the message into the final signature.

Abstract: A content consumption system or device may implement device-enabled identification for automated user detection. An identifying device may be detected at a content consumption device as within proximity of the content consumption device. An identifying device may be a mobile or wearable computing device, in various embodiments. A user account associated with the identification device may be selected for accessing content at the content consumption device. Access to content may be provided according to the selected user account. In some embodiments, content recommendations or content filtering may be performed based on the automatically determined user account.

Abstract: Systems and methods for securing embedded devices via both online and offline defensive strategies. One or more security software components may be injected into firmware binary to create a modified firmware binary, which is functionally- and size-equivalent to the original firmware binary. The security software components may retrieve live forensic information related to embedded devices for use in live hardening of the modified firmware binary while the embedded device is online, dynamically patching the firmware. In addition, the live forensic information may be aggregated with other analytical data identifying firmware vulnerabilities. A vulnerability identification and mitigation system can then identify and inject modifications to the original firmware binary to develop secure firmware binary, which may be imaged and loaded onto one or more embedded devices within a network.

Abstract: A computing apparatus, including: a processor and a memory; a web browser; and a web exploit mitigation engine, including instructions within the memory to instruct the processor to: insert a script into an incoming webpage, the script including instructions to hook application programming interface (API) function calls of a scripting language, the API function calls for a plurality of functions commonly used by browser exploits; observe information passed by a running script to the plurality of API functions; correlate the called API functions to a malware model; detect a web page making the API function calls as containing a browser exploit according to the correlating; and act on the detecting.

Abstract: The present disclosure includes systems and methods that provide a control that enables entry of a user and a catalog item. In response to this entry, a visual representation of the categorized hierarchy of the catalog item and categories (collectively “catalog entities”) to which the catalog item belongs are displayed. Each displayed catalog entity may include a visual indication of whether the catalog entity is accessible to the user. In some embodiments, the displayed catalog entity may include a control that enables or disables access to the catalog entity. The displayed catalog entity may also include a control that displays user groupings that have access or do not have access to that displayed catalog entity. An indication of whether the user belongs to each user grouping may also be displayed. Each displayed user group may include a control that enables modification to the definition of the displayed user grouping.

Abstract: Systems and methods are disclosed for analyzing a plurality of failed login records that correspond to failed login attempts detected by a computing system, to identify suspicious patterns of activity that can facilitate the supplementation of password blacklists for improving account security. To accomplish the foregoing, failed login records that include information associated with failed login attempts are obtained for analysis. The failed login records are analyzed to identify a set of failed login records that show initial characteristics of a suspicious pattern of activity. The information included in the set of failed login records are further analyzed to determine whether a suspicious pattern of activity is actually present. When a suspicious pattern of activity is identified in the set of failed login records, the passwords used in the failed login attempts are stored in password blacklists associated with the account identifier(s) with which the passwords were used.

Abstract: A method for managing access privileges is disclosed. The method includes: obtaining, based on employee data received from a first client server having access to a human resources database of an organization, a first indication identifying a change in a first employee structure of the organization, the first employee structure indicating an employee status associated with each of one or more of the employees; retrieving permissions data defining access privileges associated with one or more employee statuses within the first employee structure for accessing a protected resource; and updating a user permissions database associated with the protected resource to indicate a change in access privileges for at least one employee of the organization based on the first indication and the permissions data, the user permissions database indicating access privileges for employees of the organization that are authorized to access the protected resource.

Abstract: A method, a system, and an article are provided for detecting and managing anomalies associated with content presentations. An example computer-implemented method can include: obtaining a stream of data including a record of clicks on a plurality of client devices; aggregating the stream of data to generate a batch click stream for each of the client devices; processing the stream of data using a real-time anomaly detector to detect a first anomaly indicating that at least one of the client devices was previously associated with fraudulent clicks; processing each batch click stream using a batch anomaly detector to detect a second anomaly indicating that at least one of the batch click streams includes fraudulent clicks; and facilitating an adjustment of content presentations on the client devices, based on at least one of the detected first anomaly and the detected second anomaly.

Abstract: Automated registration of one or more IoT devices seeking connection to one or more IoT platforms using a secure provisioning service. The secured provisioning service verifies and administers connection credentials to each IoT device, ensuring legitimate devices cannot be impersonated or controlled by unauthorized personnel. The provisioning service matches the IoT devices and metadata of each IoT device to the provisioning rules. Connection credentials and/or rules defining each IoT device's access to IoT platforms are based on the provisioning rules of the rules registry. Matching each IoT device to one or more provisioning rules offers flexibility to dynamically add, delete or amend one or more rules in a complex rules-based system, allowing for automatic updates to the connection credentials of each IoT device, wherein each IoT device can be provisioned or re-provisioned using the most up to date set of new or amended rules.

Abstract: A single Internet of Things (IoT) gateway flow computer (either on a gateway machine or a non-gateway machine) that controls flow through both of the following types of gateways: (i) cloud gateways; and (ii) edge gateways. Both overall configuration and sub-configuration are automatically and dynamically controlled by the single, system-wide IoT gateway flow computer.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for multi-factor authentication. In response to a request for an action, the method includes one or more processors whether a first authentication credential passes validation. In response to determining that the first authentication credential does pass validation, the method further includes one or more processors determining a second authentication credential, wherein the second authentication credential includes an indication of a wireless connection between a first computing device and a second computing device. The method further includes one or more processors determining whether the second authentication credential passes validation. In response to determining that the second authentication credential passes validation, the method further includes one or more processors allowing execution of the requested response.

Abstract: Provided are a system and method for authenticating a device through an Internet of Things (IoT) cloud by using a hardware security module. The system includes an IoT device connectable to a cloud which provides an IoT service and a security module connected to the IoT device and configured to generate a pair of public and private keys for authenticating the IoT device. The IoT device transmits a certificate generation request including the public key and a device identifier to an authentication server through the cloud in order to generate a device certificate.

Abstract: One or more hardened machine learning models are secured against adversarial attacks by adding adversarial protection to one or more previously trained machine learning models. To generate the hardened machine learning models, the previously trained machine learning models are retrained and extended using preprocessing layers or using additional network layers which test model performance on benign or adversarial samples. A rollback strategy is additionally implemented to retain intermediate model states during the retraining to provide recovery if a training collapse is detected.

Abstract: Roughly described, anomalous behavior of a machine-learned computer-implemented individual can be detected while operating in a production environment. A population of individuals is represented in a computer storage medium, each individual identifying actions to assert in dependence upon input data. As part of machine learning, the individuals are tested against samples of training data and the actions they assert are recorded in a behavior repository. The behavior of an individual is characterized from the observations recorded during training. In a production environment, the individuals are operated by applying production input data, and the production behavior of the individual is observed and compared to the behavior of the individual represented in the behavior repository. A determination is made from the comparison of whether the individual's production behavior during operation is anomalous.

Abstract: The present disclosure relates to a method for operating a transmitting device of a motor vehicle, in which method the transmitting device is operated in a private mode or in a transmitting mode. In the transmitting mode, the transmitting device transmits vehicle data to a computing device external to the vehicle. In the private mode, transmission of the vehicle data is stopped. A switchover from the transmitting mode into the private mode occurs as soon as a successful authentication of a specified user action has been captured.