Abstract: A method for monitoring online security threats comprising of a machine-learning service that receives data related to a plurality of features related to internet traffic metrics, the service then processes said data by performing operations selected from among: an operation of ranking at least one feature, an operation of classifying at least one feature, an operation of predicting at least one feature, and an operation of clustering at least one feature, and as a result the machine learning service outputs metrics that aid in the detection, identification, and prediction of an attack.

Abstract: Various techniques for implementing computer dashboards as cloud-based services are disclosed herein. In one embodiment, a method includes receiving a dashboard file at a server via a computer network, the dashboard file identifying a dashboard having one or more graphical user interface elements individually configured to display and dynamically update data associated with a cloud-based service. The dashboard file further contains metadata indicating a cloud-based subscription. The method also includes associating the received dashboard file with the cloud-based subscription, identifying one or more entities allowed to access the dashboard based on the cloud-based subscription, and displaying, via the computer network, the dashboard identified by the dashboard file to the one or more entities upon verification of the cloud-based subscription.

Abstract: Methods and apparatus that allow clients to establish sub private networks as resources within private networks on a provider network. A sub private network may be owned and controlled by a different entity than the owner of its parent private network. A parent private network controls access to its sub private networks, and each sub private network also controls access to its resources. This enables a layered topology in which a parent private network may establish access control rules for its sub private networks; the sub private networks may supplement the access control according to their specific needs. Sub private networks may share resources of their parent private network, and a sub private network may allow or restrict access to its resources by its parent private network, by its sibling private networks, and/or by its own sub private network(s).

Abstract: A cloud operation interface sharing method, a related device includes: displaying, by a first terminal device, a first message sent by a cloud operating system of a second terminal device, where the first message carries first authentication information and address information of the cloud operating system, and the first message informs the first terminal device that the second terminal device authorizes the first terminal device to use the cloud operating system; requesting, by the first terminal device, authentication from the cloud operating system; after the authentication succeeds, establishing, by the first terminal device, a connection to the cloud operating system; receiving, by the first terminal device, interface information sent by the cloud operating system; and switching, by the first terminal device, a currently displayed first operation interface to a second operation interface corresponding to the interface information.

Abstract: A secure terminal, particularly for protecting smartphones or tablets, includes: a display system including a screen and a graphical component for carrying out commands to display visual data on the screen; a central processing unit for carrying out executable program instructions and sending display commands to the display system; and a communication device connecting the central processing unit to the display system; a security processor for securely interpreting and/or processing display commands of secure visual data on the screen; a communication device connecting the security processor to the display system; and a means for visual recognition, by a user of the terminal, of a secure mode for displaying the secure visual data, which is displayed on the screen when the secure visual data is displayed, and is controlled by the security processor.

Abstract: Examples described herein relate to systems and methods for integrating and implementing ad hoc groups within a policy hierarchy environment. The ad hoc groups may implement particular guidelines for group membership, policy evaluations, and group actions. Systems and methods provide a framework for creating groups, removing groups, and associating groups, nodes, clients, and users with groups and policy.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for enabling paperless documentation. One method includes identifying one or more electronic forms to be filled out and submitted. At each step of a plurality of steps: generating a unique identifier (ID) based on a time that the step is performed and digital content on the electronic form at the time; recording the unique ID, the time, and the digital content on the blockchain; embedding the unique ID in the digital content at the time by changing one or more attributes associated with the digital content to be representative of the unique ID, where the embedding produces information-embedded digital content that enables retrieval of the time and the digital content from the blockchain based on the unique ID; and recording the information-embedded digital content to the blockchain.

Abstract: A method of detecting fraudulent activity during authenticating users and user identifications includes initiating a user's device to capture a sequence of images of the user to be authenticated commencing when the camera is operational and prior to receiving from the user a selection of the control that triggers capture of images and continuing until detecting that the user has selected the control to trigger capture of images, thereby enabling capture of activity performed by the user prior to and contemporaneous with selecting the control, including any attempted fraudulent activity of the user to be authenticated. Video, still images and audio of the user seeking authentication can be captured.

Abstract: The present invention relates to the telecommunications sector and, in particular, to the field of telematics. More specifically, the invention describes a method and system for defining an improved network technology that can be used for communication and to operate secure communications between processes, based on the secure proxying of local area network sockets that may be between different devices. In particular, the system and method describe how socket proxies are established and managed between devices and how the security of said socket proxies in the local area thereof is enhanced and operated using security contexts. These contexts are configured based on privilege separation and local packet marking and filtering, and they allow applications to delegate all aspects relating to the security of the communications in the present invention.

Abstract: In an embodiment of the present disclosure, an embodiment includes a user device comprises a conversion engine configured to receive a biometric file comprising biometric identification information of a user and convert the biometric file into a first numeric representation. The user device further comprises a hashing engine configured to create a superimposed numeric representation by performing a convolution operation on the first numeric representation and a second numeric representation, wherein the second numeric representation is based on a key file that is different from the biometric file. The hashing engine is further configured to convert the superimposed numeric representation into a hash value, send, over a network connection, the hash value for authentication, and receive a message indicating whether authentication was successful.

Abstract: In an embodiment of the present disclosure, a biometric identification device comprises a conversion engine configured to receive a key file, receive a biometric file, wherein the biometric file is different from the key file and comprises biometric identification information of a user, convert the key file into a first numeric representation, and convert the biometric file into a second numeric representation. The biometric identification device further comprises a hashing engine configured to create a superimposed numeric representation by performing a convolution operation on the first numeric representation and the second numeric representation, convert the superimposed numeric representation into a hash value, and store the hash value.

Abstract: The system for providing an application includes an interface and a processor. The interface is configured to receive a providing indication to provide the application to a device. The processor is configured to provide the application to the device. The application is configured to receive login information associated with a user; receive an adding indication to add a credential; provide an available indication of credentials available to the user; create a credential request; provide the credential request to a server system; receive the credential; and store the credential.

Abstract: A controlled content system for providing a controlled and contained environment that is remotely accessible is disclosed. A third party app on the end user device is modified to allow certain sites and services to be mediated in a mid-link server. The app uses policies to know when to access the mid-link server for the controlled and contained environment. Policies can specify the type of processing performed on the mid-link server. Some embodiments support the app selectively using the mid-link server for mediated sites and services.

Abstract: Embodiments of the invention relate to systems and methods for efficiently provisioning mobile devices with personalization data. For some embodiments, a method is disclosed comprising receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user, generating a partial personalization script, an activation script, and a deletion script using the device information, sending the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, authenticating the user authentication information, and sending an activation message to the application provider computer, wherein the application provider computer initiates execution of the activation script.

Abstract: A computer system for executing one or more software applications includes a host computer device configured to execute the one or more software applications. The computer system further includes one or more memory devices configured to cryptographically protect volatile memory of the one or more memory devices. The one or more memory devices are configured to provide access to the cryptographically protected volatile memory for the one or more software applications. The host computer device is configured to execute the one or more software applications by executing a portion of the one or more software applications associated with the cryptographically protected volatile memory using a processor of the one or more memory devices.

Abstract: A system for leveraging email to complete an online checkout from a customer accessing a third party vendor website is disclosed. The system may store customer information including a name, email address, shipping address, and billing information. The system may receive a request for a purchase from the third party vendor including a customer email address and an item to be purchased. The system may authenticate the customer email address. The system may send a first email to the customer email address requesting authorization to complete a purchase. The system may receive a second email, from the customer email address, encoded with the token and confirming or canceling the purchase. The system may authenticate the second email using the customer email address and the token. And the system may transmit a confirmation of purchase of the at least one item to the third party vendor website.

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based storage of patrol inspection proof are provided. One of the methods includes: receiving proof information of patrol inspection at a patrol inspection site; obtaining one or more operating environment parameters of the mobile terminal at a time of the patrol inspection, wherein the one or more operating environment parameters comprise at least location information and sensor data of the mobile terminal; performing credibility verification on the patrol inspection site based on the proof information, the location information, and the sensor data using an algorithm model based on labeled identification information, labeled operating environment parameters, and historical attendance information; and in response to the credibility verification being successful, uploading verification information associated with the proof information for storing in a blockchain.

Abstract: The presently-disclosed solution provides an innovative system and method to protect a computer user from a phishing attack. Computer vision is effectively applied to match identifiable key information in suspect content against a database of identifiable key information of legitimate content. In one embodiment, the presently-disclosed solution converts suspect content to a digital image format and searches a database of logos and/or banners to identify a matching logo/banner image. Once the matching logo/banner image is found, the legitimate domain(s) associated with the matching logo/banner image is (are) determined. In addition, the presently-disclosed solution extracts all the URLs (universal resource links) directly from the textual data of the suspect content and further extracts the suspect domain(s) from those URLs. The suspect domain(s) is (are) then compared against the legitimate domain(s) to detect whether the suspect content is phishing content or not.

Abstract: Various of the disclosed embodiments concern computer systems, methods, and programs for brokering logins to software as a service (SaaS) applications and tracking usage of the SaaS applications. First, a user, e.g. employee of an enterprise, logs into a SaaS usage proxy using a first set of credentials. The first set of credentials is known by the user, e.g. preexisting credentials for an enterprise-wide authentication system. Once a SaaS application is selected by the user, the SaaS usage proxy logs into the SaaS application using a second set of credentials. However, the second set of login credentials is encrypted and not known by the user, which causes the SaaS application to be accessible only through the SaaS usage proxy. This allows the SaaS usage proxy to monitor all usage of the SaaS application, even if multiple network-accessible devices are used to log into the SaaS usage proxy.