Abstract: Embodiments of the present invention provide a system for security analysis and authentication. The system can analyze, using a deep neural network machine learning system, historical one time password (“OTP”) information, historical information, historical malfeasance information, and historical information for a plurality of users to determine available OTPs. When an authentication request is received, one of the available OTPs is randomly or variedly selected and the user is prompted to provide information along with a response for the OTP. The received information is analyzed against the historical information and an OTP signature is generated for the user. This OTP signature is used to determine whether the user is authenticated for one or more authentication elements.

Abstract: On-demand systems and methods are provided to manage locally-stored on-demand content. A user's equipment controls the deletion of and/or access to on-demand content from a local storage device based on constraining criteria that may include rental conditions, dynamic factors, and keys.

Abstract: A helper SDK embedded in a native application performs local operations on behalf of a web application affiliated with the helper SDK. The helper SDK may perform security functions such as fingerprint or face biometric verifications as well as access device-specific hardware such as a camera or secure memory. The web application may use an 0Auth technique for access and refresh tokens. In a transaction system, when a user is confirmed via the security function, order details are passed to the web application with a refresh token and ciphertext confirmation data is returned to the native application for completion of the transaction.

Abstract: Systems, apparatus and methods for managing an object's lifecycle in an object store. A distributed ledger is used to record transactions between a client and an object store. The distributed ledger records the transaction and also attests to the object authenticity. Thus, the transactions can be verified and may assist in resolving issues that arise with respect to the stored objects.

Abstract: Methods and systems for identifying altered content are described herein. The system determines a content type for an unverified content item and determines verification criteria based on the content type. The system then locates a first verified content item corresponding to the unverified content item. Based on comparing the unverified content item to the first verified content item, the system determines whether the unverified content item violates the verification criteria. If the unverified content item violates the verification criteria, the system displays a verification flag indicating that the unverified content item violates the verification criteria. If the unverified content item does not violate the verification criteria, the system displays a verification flag indicating that the unverified content item does not violate the verification criteria.

Abstract: Techniques are shown for key tracing using a traceable key block-chain ledger involving, in response to detection of an attack on a resource protected by a cryptographic key, retrieving a key block-chain ledger corresponding to the cryptographic key having one or more transaction blocks. Each transaction block corresponds to a key transaction with the cryptographic key and includes metadata describing the key transaction with the cryptographic key. Metadata from the transaction blocks in the key block-chain ledger is used to trace the key transactions of the cryptographic key to a point of attack. A transaction block corresponding to the point of attack is determined and an alert is generated indicating the point of attack with metadata from the transaction block corresponding to the point of attack.

Abstract: A computer security system provides for auto-populating process-connection whitelists using process wildcarding and connection wildcarding. Process wildcarding involves grouping process-connection requests together in a process* group without regard to the presence of distinct process arguments; in contrast, some process-connection requests may be separated both by process and by argument into process?argument groups. The process-connection requests may then be analyzed on a group-by-group basis to determine which processes can be mapped to wildcarded connection in a respective process-connection whitelist.

Abstract: A computer network includes a camera node, a network access node, a verification node, and a display node. Video content recorded by a camera at the camera node is transmitted to the display node and to the verification node for verification. The video content is verified at the display node and at the verification node. Recording metadata of the video content is stored in a distributed ledger and retrieved by the display node to verify the video content. The verification node receives, from the network access node, verification data for verifying the video content.

Abstract: A computer system receives a set of data encrypted by a homomorphic encryption transformation. The computer system performs machine learning operations using the encrypted set of data. The machine learning operations build, using homomorphic operations, a trained model of the data having a mapping between the encrypted data and output of the trained model. The model is stored for use for performing inferencing of other encrypted data to determine a corresponding output of the trained model. The computer system may perform inferencing of the other encrypted data at least by accessing the stored trained model and predicting by using the trained model a label in an encrypted format that corresponds to the other encrypted data. The computer system may send the label toward the client for the client to decrypt the label.

Abstract: Playback of content is modified by the application of an operation that is determined in response to a received control signal. The operation performed for the content is determined by the time position in the playback of the content where the presence of the time position in different time segments of the content will have different corresponding operations performed.

Abstract: Methods, systems, and media for presenting interactive elements within video content are provided.

Abstract: The present disclosure is directed to systems and methods of providing a trusted ownership re-key with attestation in a device. The device includes processor circuitry that incorporates TEE circuitry. The TEE circuitry generates an AAIK and encrypts the AAIK using HMAC. The TEE circuitry forms a first message using the HMAC, a public DAK assigned to the device, and a device signature. The TEE circuitry sends an encrypted first message to the manufacturer. The manufacturer validates the device based on the public DAK and generates a second message that includes the HMAC and a manufacturer signature. The encrypted second message is communicated to the TEE circuitry. Upon receipt the TEE circuitry validates the AAIK data in the second message against the most recent AAIK and generates a third message that includes the HMAC, the original AAIK, the RHK and the manufacturer attestation. The AAIK thus remains unknown to both the current owner and the manufacturer.

Abstract: A security system for a customer computer site includes a cloud-based manager (CBM) and on-site components. The on-site components include a manager appliance, guest agents of the CBM installed within respective virtual machines, and host agents of the CBM installed on hypervisors on which the virtual machines. The guest agents have a many-to-one relationship with the host agents, which have a many-to-one relationship with the appliance. In a scenario, many guest agents may generate alarms and send them to the host agents. Each host agent consolidates alarms across the different virtual machines it hosts and pushes the consolidated alarms to the manager appliance. The appliance batch processes the consolidated alarms across host agents, and pushes the batched alarms to the CBM, which deduplicates the alarms and notifies an administrator.

Abstract: The embodiments set forth a technique for enabling a computing device to securely configure a peripheral computing device. According to some embodiments, the method can include the steps of (1) approving a request received from the peripheral computing device to engage in a setup procedure for the peripheral computing device, (2) receiving, from the peripheral computing device: (i) an audio signal that encodes a password and timing information, and (ii) a light signal. Additionally, the method can involve, in response to identifying that the timing information correlates with the light signal: (3) extracting the password from the audio signal, and (4) establishing a communication link with the peripheral computing device based on the password. In turn, the method can involve (5) providing configuration information to the peripheral computing device over the communication link.

Abstract: A method for improving the security of a trusted application comprises: signing the trusted application in a hierarchical signature mode by the upper computer to generate a signature file package about the trusted application, and saving the signature file package in a main operation system; obtaining the signature file package and loading the signature file package to the second operation environment by the security execution system; parsing the signature file package by the security execution system to obtain a parsed result; and performing hierarchical verification on the parsed result by the security execution system, and if the hierarchical verification is passed, it will indicate that the trusted application is in a security state, otherwise, it is in a non-security state. The defects of lack of a security authentication mode for the trusted application and relatively low security due to mere adoption of a simple digital signature mechanism are overcome.

Abstract: Disclosed systems and methods for enabling data to be transmitted between program modules based on compliance with rules, the method comprising: monitoring, by a security module executable by a processor, an interaction between a first program module and a second program module to determine whether the interaction complies with at least one rule, wherein the first program module is a source of data being exchanged with the second program module which is a recipient of the data, when the interaction does not comply with the at least one rule, modifying the data being exchanged between the source and the recipient of the data, and when the interaction complies with the at least one rule, allowing the data to be transmitted to the recipient.

Abstract: Methods and systems are described for a media guidance application that enhances the viewing experiences of users consuming a sequence of media. In particular, the media guidance application may enhance the viewing experiences of users consuming a sequence of media by removing portions of redundant media that were previously consumed by the user.

Abstract: Described herein are systems for the production, communication, routing, service, authentication, and consumption of cryptographically authenticable contextual content produced by cryptographically authenticable devices; example implementations of the architecture for a Trusted Contextual Content Device which produces Trusted Contextual Content; and example implementations of the architecture for a Trusted Drone Device which produces Trusted Contextual Content. For example, some of the methods used may include accessing a first set of sensor data from one or more sensors; receiving, a first trusted contextual content that includes a first digital signature; generating a data structure including the first trusted contextual content and data based on the first set of sensor data; signing the data structure using a signing key to generate a second trusted contextual content including a second digital signature; and storing or transmitting the second trusted contextual content.

Abstract: Methods, computer program products, and systems are presented. The methods include, for instance: receiving a request for a private credential of a first service of the two or more services from the first service, generating the private credential of the first service based on identity information of the first service, storing the private credential of the first service and the identity information of the first service in a local database, and sending the private credential of the first service to the first service for secure communication from the first service.

Abstract: Disclosed is a method of providing biological data. The method includes the following steps performed by a data processing device: selecting a biological data set from a biological data pool; encrypting biological data included in the biological data set to produce encrypted biological data; transferring the encrypted biological data to a user; receiving a result of analysis on the encrypted biological data from the user; and transferring information on the encrypted biological data included in the result of the analysis to the user. The data processing device encrypts the biological data with a key determined according to a combination of biological data constituting the biological data set.