Abstract: Aspects of the disclosure are directed to a supporting authentication between a computing platform and a computer that has an attached geolocation dongle. The attached geolocation dongle provides location information to the computer that is indicative of a current location of the computer, where the location information is obtained from RF signals generated from neighboring cell towers or the Global Positioning System. The computing platform may utilize the location information for authenticating the computer. Moreover, the location information may be encrypted by the geolocation dongle based on an encryption key known by the geolocation dongle and the computing platform. With another aspect, authentication is supported by a computer and an associated communication device that provides location information to the computer via a short-range communication channel.

Abstract: Embodiments of communication systems are disclosed for protecting communication between an implanted device ID and an external device ED. Optionally, the ID communicates over the TET channel by modulating a load on the channel. While the ID is communicating the ED optionally adds noise to the TET channel, inhibiting malicious interception of the communication. Using knowledge of the noise signal, the ED cleans the noise from the TET signal to recover the communication from the ID. In some embodiments, the TET link is used to pass an encryption key and/or to verify communications over a radio channel. The TET channel may be authenticated. For example, authentication may include a minimum energy and/or power transfer.

Abstract: A method for auto discovery of sensitive data may include: (1) receiving, at data enrichment computer program in a metadata processing pipeline, raw metadata from a plurality of different data sources; (2) enriching, by the data enrichment computer program, the raw metadata; (3) converting, by the data enrichment computer program, the raw metadata and the enhanced raw metadata into a sentence structure; (4) predicting, by a category prediction computer program in the metadata processing pipeline, a predicted category for the sentence structure; (5) identifying, by a sensitive data mapping computer program, a sensitive data category that is mapped to the predicted category based on a policy mapping rule; (6) determining, by the sensitive data mapping computer program, a risk classification rating for the predicted category; and (7) tagging, by the sensitive data mapping computer program, the data source associated with the metadata based on the risk classification rating.

Abstract: Techniques for synchronizing the authentication state of a user across data centers using event messages are provided herein. In one example, a system can determine a first change in the authentication state, update a first data structure representing the authentication state in a first data center based on the change, and store a first event message indicating the first change in a message queue. The system can then transmit the first event message to a second data center. Based on the event message, the second data center can update a second data structure also representing the authentication state of the user. In some examples, the second data center can also transmit a second event message to the first data center indicating a second change to the authentication state of the user. The first data center can update first data structure based on the second event message.

Abstract: Aspects of the disclosure relate to monitoring, evaluating, and repairing bots in a hashchain-based distributed bot hub that process a workflow. In some embodiments, a computing platform may receive workflow information associated with performing a first workflow that includes executing one or more tasks using a plurality of virtual bots, instantiate a first subset of the plurality of bots to process the one or more tasks of the first workflow, and instantiate a first subset of the plurality of bots to process the one or more tasks of the first workflow. identifying a potential anomalous activity may include causing the monitor bot hub to remove the identified bot to a quarantine hub, and execute a repair process on the identified bot in the quarantine hub.

Abstract: A method at a network element for securely sharing services across domains, the method including receiving a request at the network element to add a first domain and an edge domain to a system; provisioning a public key of the network element to the first domain and the edge domain; receiving a public key of the first domain; populating, in the network element, a table with services provided by the first domain or the edge domain; populating, in the network element, a second table with applications installed at the first domain or edge domain and permissions for services for the applications; and controlling access to the services by the applications.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: A system and method for collaborative cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and creates a virtual network space that provides a virtual reality environment for collaborative insights into network dynamics during a cyberattack. makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a virtual network space model of the networked system created using a virtual network space manager. A simulation interaction server can facilitate secure sharing of virtual network spaces and simulations between and among various real and virtual actors to provide a collaborative space where one or more organization's network can be tested for resilience and mitigation. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.

Abstract: A processor-implemented method generates adversarial example objects. One or more processors represent an adversarial input generation process as a graph. The processor(s) explore the graph, such that a sequence of edges on the graph are explored. The processor(s) create, based on the exploring, an adversarial example object, and utilize the created adversarial example object to harden an existing process model against vulnerabilities.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, apparatuses, and processes that dynamically implement and manage consent and permissioning protocols using container-based applications. By way of example, a device may receive, through a programmatic interface, a first request for an element of data generated by an executed application program. When the first request is consistent with consent data associated the executed application program, the device may obtain the requested data element and a digital signature applied to the requested data element by a computing system. Based on a verification of the applied digital signature, the device may generate and present a representation of the requested data element within a digital interface, along with an interface element that confirms the verification of the digital signature.

Abstract: Established user habits in carrying multiple wirelessly detectable devices are used to provide or substantiate authentication. In some embodiments, simply detecting that expected devices are co-located within a limited spatial region is sufficient to establish that the devices are being carried by a single individual. In other embodiments, particularly where the potential for spoofing by multiple individuals is a concern, single-user possession of the devices may be confirmed by various corroborative techniques. This approach affords convenience to users, who may be working at a device that lacks the necessary modality (e.g., a fingerprint or vein reader) for strong authentication.

Abstract: In some implementations, a front-end device may receive, from a brain-machine interface (BMI) associated with a user, a request to authenticate the user with secret information associated with the user. Accordingly, the front-end device may transmit, to the BMI, a request for an identifier associated with one or more hardware components of the BMI. The front-end device may receive, from the BMI, an indication of the identifier associated with the one or more hardware components. Accordingly, the front-end device may authenticate the user based on the secret information associated with the user and the identifier associated with the one or more hardware components. Additionally, or alternatively, the front-end device may authenticate the user based on a location of an external device associated with the user and/or an indication of a biometric property associated with the user.

Abstract: A method for providing interactive recording networks is disclosed. Multiple child networks can be established, each child network being coordinated by a respective coordinating entity. Each coordinating entity can also participate in a central parent network. A data package can be sent from one network to another. When a data package is sent to another network, additional data can be added to indicate that the data package is being escalated.

Abstract: Embodiments described herein disclose methods and systems for authorizing transactions received from client applications. The transaction request can include a first access token. After validating the first access token, the system can determine whether additional authentication is needed to authorize the transaction. If additional authentication is needed, the system can determine the authentication requirements. Once the additional authentication is received and verified, the system can generate a second access token and authorize the transaction by releasing the first access token.

Abstract: A system for determining an authenticity of an asset includes one or more hardware processors. The system also includes a non-transitory memory, the non-transitory memory storing instructions that, when executed by the one or hardware processors, causes the one or more hardware processors to perform actions. The actions include receiving an asset, wherein the asset includes a digital asset or a digital representation of a physical asset. The actions also include receiving an input related to the asset to assist in determining the authenticity of the asset. The actions further include utilizing an augmented intelligence module to analyze the asset and to determine the authenticity of the asset based on the analysis of the asset and the received input.

Abstract: The present disclosure relates to establishing secure communication between a dialysis machine and medical equipment. In an example, a dialysis machine includes a control unit configured to establish a short-range wireless connection with external medical equipment. The control unit establishes the short-range wireless connection by causing a user interface to display a prompt to enter a passkey associated with medical equipment, using the received passkey to pair with the medical equipment, and creating a new bonding table or writing to an empty bonding table using the passkey. The control unit is also configured to generate a shared key using the passkey and at least one predetermined criterion and use the shared key to authenticate with the medical equipment. When authentication with the medical equipment is successful, the control unit enables data communication using the short-range connection with the medical equipment.

Abstract: A system for provisioning secured access to devices determines a location of a virtual environment in a virtual environment. The prevents access requests to the location where the virtual device is located. The system assigns a first security token to the virtual device. The system receives a request to access the virtual device, where the request is received from an avatar. The system receives a second security token to grant access to the virtual device. The system compares the first security token with the second security token. The system determines whether the second security token corresponds to the first security token. If it is determined that the second security token corresponds to the first security token, the system grants the avatar access to the virtual device. Otherwise, the system denies the avatar access to the virtual device and transmits a locking signal to the virtual device.

Abstract: A verifier and printer assembly are provided. The verifier and printer assembly include a verifier module and a printer. The verifier has a magnetic docking element and the printer includes a docking portion operable to dock the verifier module. The magnetic docking element and the docking portion interact with each other to removably couple the verifier module to the printer. A magnetic attachment system for the verifier module and methods for removably coupling the verifier module and the printer for verification of a printed machine-readable symbol are also provided.

Abstract: The present embodiments relate to integrated provisioning of a user device to a storage application using a provisioning software development kit (SDK) on a mobile device. A provisioning SDK can receive an encrypted credential and a storage application identifier from a first application on a mobile device and provide the encrypted credential to a processing computer. The processing computer can decrypt the encrypted credential using a first application cryptographic key to obtain the credential and encrypt the credential with the second application cryptographic key. The provisioning SDK can forward the encrypted credential to a storage application server to decrypt the credential encrypted with another second application cryptographic key of the second application key pair. The storage application server can then store the credential or a token associated with the credential and/or transmit the credential or the token associated with the credential to the second application.

Abstract: A method including: capturing or receiving data associated with behavior of a user of a virtual reality device during a session in a virtual environment, wherein the data includes sensory inputs associated with the user from one or more sensors and information associated with user parameters; initiating authentication of the user in the virtual environment; comparing the captured or received data with historic data of the user, wherein the historic data is associated with behavior of the user monitored for a plurality of sessions over a period of time in the virtual environment; determining a score based on the comparison; comparing the score with a predefined threshold score; and in response to determining that the score is above the predefined threshold score, authenticating the user.