Abstract: Two-factor authentication code generation devices are described which include accessibility features and/or additional authentication features to ensure an identity of a user.

Abstract: The disclosed technology is generally directed to nefarious code detection using semantic understanding. In one example of the technology, a natural-language output is generated by performing a natural-language translation of code. A machine-learning model is used to generate a confidence score that indicates a confidence that the natural-language output is potentially malicious. Based at least in part on whether the confidence score exceeds a first threshold, whether the natural-language output is potentially malicious is determined. Responsive to determining that the natural-language output potentially malicious, the code is flagged as potentially malicious.

Abstract: Systems, devices, and methods related to wireless battery management system (wBMS) are provided. For example, a wBMS network manager comprises a memory to store a list of hardware identifiers (IDs), wherein each hardware ID in the list is associated with a respective one of a plurality of battery modules; and mapped, based on a predetermined mapping, to a different one of a plurality of source IDs; an interface to receive, from a remote battery module, a packet including a source ID and a hardware ID associated with the remote battery module; and one or more processing units to search, using the source ID in the received packet and the predetermined mapping, for a first hardware ID from the list of hardware IDs; and authenticating the remote battery module based on a comparison of the hardware ID in the received packet to the first hardware ID from the list.

Abstract: A SOC includes a core, peripherals, and a bus for interconnecting the core and peripherals. Some peripherals can be selectively enabled or disabled on-demand. The SoC further includes peripheral enabling/disabling electronics and peripheral enabling/disabling circuitry coupled to the peripherals. The peripheral enabling/disabling electronics are directly connected to the peripheral enabling/disabling circuitry and are configured to store information items related to an enabled/disabled peripheral configuration, indicate the peripherals that are enabled and the peripherals that are disabled according to the enabled/disabled peripheral configuration, and provide the peripheral enabling/disabling circuitry with signals based on the stored information items. The peripheral enabling/disabling circuitry allows operation of the enabled peripherals and prevents operation of the disabled peripherals based on the signals received from the peripheral enabling/disabling electronics.

Abstract: Embodiments of the technology described herein identify and mitigate phishing attempts by analyzing user input using a client-side proxy component and a proxy server. Embodiments disclosed herein provide systems, methods, and computer-storage media for employing proxy server capabilities in conjunction with a snapshot capturing an image or video recording of a target action input by a user into a software application. Certain embodiments disclosed herein employ proxy server capabilities to capture a snapshot and/or screen recording based on a user authorization or approval. For example, the proxy server proactively captures the snapshot or screen recording prior to, during, and after the user performing a target action. From the snapshot, certain embodiments extract snapshot features or determine enriched-contextual event data that is used to perform a mitigation action, generate a security mitigation score, or update an administrator portal activity log for an authorized administrator.

Abstract: Examples provide a server system for dynamic provision of elements features of a software application. The server includes an electronic processor configured to receive, from a client computer, session identifier and access information of a client software session running on the client computer and determine a set of session identity factors at least including licenses, user privileges, compatibilities, and application feature availabilities associated with the client software session. The electronic processor determines, from a set of application features, a first subset of application features to which the client software session is entitled based on an intersection of availability, compatibility, user privilege, and licensing of each respective application feature. The electronic processor delivers the first subset of application features to the client software session, causing each of the first subset of application features to load and render on a user interface of the client computer.

Abstract: A parallel multiplier for the Saber algorithm comprises a coefficient memory, two parallel pre-adding circuits, three parallel multiplication circuits and a post-adding circuit. The coefficient memory, the two parallel pre-adding circuits, the three parallel multiplication circuits and the post-adding circuit adopt a divide-and-conquer strategy, the two parallel pre-adding circuits perform parallel computation, and the three parallel multiplication circuits perform parallel computation, such that the computation time of modulo multiplication is shorted; the modulo operation of non-prime numbers is realized by limiting the bit width, such that the constraint that the modulus is a prime number is avoided; and the Karatsuba algorithm is called once, such that extra circuit area expenditure is reduced.

Abstract: The disclosure relates to improvements in the delivery of cryptographic data to secure memory devices. In some aspects, the techniques described herein relate to a method including: receiving, by a memory device, a command, the command including a public key and a hash of a unique device secret (UDS); generating, by the memory device, a local UDS using the public key and a locally stored private key; generating, by the memory device, a local UDS hash by inputting the local UDS into a hashing algorithm; determining, by the memory device, whether the local UDS hash matches the hash included in the command; writing, by the memory device, the public key to a key storage area if the local UDS hash matches the hash included in the command; and returning, by the memory device, a failure response if the local UDS hash does not match the hash included in the command.

Abstract: An illustrative method includes identifying, based on static workload data associated with a compute environment, one or more attack paths from a network to one or more datasets associated with an entity, accessing runtime workload data associated with the compute environment, and performing, based on the runtime workload data, a risk mitigation operation associated with the one or more attack paths.

Abstract: Embodiments of various systems and methods described herein provide an identity security database analytics system which is configured to provide security alerts to a user. The security alerts can include for personalized metrics related to potential identity theft incidents. The personalized metrics can include user specific information on security breaches of the user's personal information as well as depersonalized statistics generated based on information of other users having one or more similar characteristics of the user.

Abstract: An illustrative method includes accessing data representative of a first role associated with a set of permissions with respect to resources within the compute environment and specifying a group of identities assigned to the first role, determining that a first subgroup of one or more identities included the group of identities only uses a first subset of permissions included in the set of permissions to access the resources within the compute environment without using a second subset of permissions, and performing, based on the determining that the first subgroup of one or more identities only uses the first subset of permissions, an operation to reduce permissions usable by the first subgroup of one or more identities.

Abstract: A method and device for applying a different security policy, per service traffic, to a protocol data unit (PDU) session in a wireless communication system. The method comprises receiving, by a session management function (SMF) managing a session for a user equipment (UE), first configuration information about a first user plane security policy of the UE from a unified data management (UDM) managing subscription information about the UE, receiving, by the SMF, second configuration information about a second user plane security policy to be applied to a specific service data flow from a policy and control function (PCF) managing a policy and charging control (PCC) rule, and determining a user plane security policy to be applied to the UE based on one selected from the first user plane security policy and the second user plane security policy according to priority.

Abstract: A data processing system implements providing multiple targeted intranet sites and/or employee experiences within a tenant of a multitenant computing environment. The administrators of a tenant are provided with tools to create multiple separate instances of the intranet site and/or employee experiences. The individual instances of the intranet site and/or employee experiences are separate and utilize a layout and include components that are appropriate for the particular audience for which the instance of the intranet site or employee experience has been tailored. The administrator can define affinity information that indicates which users or groups of users should be directed to a particular intranet site and/or employee experience. The administrator can define an order in which the intranet sites and/or employee experiences are considered when determining which intranet site or employee experience to present to a user in response to a request to access the intranet site or the employee experience.

Abstract: Techniques for priority-based masking policy selection in a database environment are described. Masking policies are defined and attached to columns of relational data for particular users or roles. The attachment of a masking policy to a column includes a user-specified priority value. When multiple policies could apply to a particular query, the conflict can be easily resolved and understood by use of the priority values, for example, by selecting a candidate policy having a highest priority value.

Abstract: A disclosed data platform may be configured to access a custom policy developed by a particular client entity that uses the data platform. The custom policy may invoke a query that targets a target dataset ingested from a cloud environment and stored in a data store. The data platform may determine that the custom policy is likely to be of value to one or more other client entities, besides the particular client entity, that also use the data platform. In response to the determining that the custom policy is likely to be of value to the one or more other client entities, the data platform may generate a community policy based on the custom policy. The community policy may be available for use by the one or more other client entities. Corresponding methods, systems, and products are also disclosed.

Abstract: An illustrative method includes tracking, by a data platform configured to monitor a compute environment, a plurality of identity transitions that occur over time with respect to an entity, wherein each of the identity transitions includes a transition by the entity from being associated with one identity to being associated with another identity, the one identity and the another identity having different permission sets with respect to resources within the compute environment; determining, by the data platform while performing the tracking, that an attribute of the plurality of identity transitions satisfies a predetermined criterion; and performing, by the data platform based on the attribute of the plurality of transitions satisfying the predetermined criterion, a remedial action associated with the entity.

Abstract: An illustrative method includes accessing, by a data platform, an alert generation policy associated with an entity that deploys containers in a cloud environment, the alert generation policy modifiable by the entity and specifying criteria for providing alerts associated with one or more vulnerabilities associated with the containers; detecting, by the data platform based on a scan of a container included in the containers, a vulnerability associated with the container; determining, by the data platform, an attribute of the vulnerability; and generating, by the data platform when the attribute meets the criteria specified in the alert generation policy, an alert associated with the vulnerability.

Abstract: Arrangements for detecting unauthorized activity based on input method analysis and monitoring are provided. In some aspects, identity information associated with a user may be received and be stored. An input may be received from a computing device of the user. An input pattern of the received input may be determined. Using a machine learning model, the input pattern of the received input may be compared to input patterns of humans and input patterns of machines. Based on the comparison, it may be determined whether the user is a human user or a non-human user. Responsive to determining that the user is a non-human user, a request may be transmitted to the user to provide increased authentication credentials. Responsive to determining that the user is a human user, an identity of the user may be verified by comparing the input pattern of the received input to the stored identity information.

Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.

Abstract: Embodiments of the technology described herein identify and mitigate phishing attempts by analyzing user input received at the operating system level. Initially, a credential, such as a username or password, is registered with the threat detection system. The technology described herein intercepts user input at the operating system level, generates a hash of the input, and compares it with a hash of a credential being monitored. The technology described herein will perform a threat assessment when a secret entry is detected. The threat assessment may use the application context and the network context as inputs to the assessment. When the threat assessment results in an unknown classification or when the snapshot is otherwise requested, a snapshot is captured to supplement the threat assessment. Based on user settings, the snapshot is consumed by a snapshot phishing machine learning model. Various mitigation actions may be taken when a threat is detected.