Abstract: Techniques for providing access to scope-delimited sensitive data are disclosed. A user provides sensitive data to a first party associated with a payment service provider. The first party stores the sensitive data with the payment service provider, and the payment service provider provides the first party merchant with an encoding of the payment data. The first party provides a purchasing opportunity to the user for goods offered by a third party also associated with the payment service provider. The first party transmits a sensitive data grant request to the payment service provider. In response, the payment service provides a scope-delimited encoding of the sensitive data. The first party provides the scope-delimited encoding of the payment data to the third party. The third party merchant creates a transaction using the scope-delimited encoding of the sensitive data. At some time later, access to the scope-delimited encoding of the sensitive data is revoked.

Abstract: Various embodiments of the present technology generally relate to industrial automation environments. More specifically, embodiments include systems and methods to detect malicious behavior in an industrial automation environment. In some examples, a security component monitors an integrated design application and generates feature vectors that represent operations of the integrated design application. The security component supplies the feature vectors to a machine learning engine. The security component processes a machine learning output that indicates when anomalous behavior is detected in the operations of the integrated design application. When anomalous behavior is detected in the operations of the integrated design application, the security component generates and transfers an alert that characterizes the anomalous behavior.

Abstract: A wearable electronic device includes one or more processors identifying one or more companion electronic devices operating within a wireless communication radius of the wearable electronic device. One or more sensors identify the wearable electronic device being within a predefined distance of a companion electronic device. A wireless communication circuit, responsive to the one or more processors, delivers an authentication credential to the companion electronic device in response to the one or more sensors identifying that the wearable electronic device is within the predefined distance of the companion electronic device. The one or more sensors thereafter detect a gaze of an authorized user of the wearable electronic device being directed at the companion electronic device, where the wireless communication circuit delivers an actuation command to the companion electronic device.

Abstract: A method includes receiving, by a token provider server, a first request for a first token that is associated with first information from a first application. The first request for the first token is part of an application session between a plurality of applications that includes the first application. The token provider server provides the first token to the first application. The token provider server receives the first token from a second application of the plurality of applications. The token provider server provides first information associated with the first token to the second application. The first information enables an action to be performed by the second application based on the first information.

Abstract: Disclosed are example methods, systems, and devices that allow for secure multi-verification of biometric data in a distributed computing environment. The techniques include receiving a request to grant authorization to a second user. The request can include biometric data of the first user and second user. An authorization token can be generated based on the request, which can be transmitted to a second computing device of the second user. A second request can be received from a third computing device that includes the authorization token and third biometric data. The second request can be verified based on the authorization token, the third biometric data, and provenance data, and an indication that the grant of authorization to the second user is verified can be transmitted to the first, second, or third computing devices.

Abstract: A system and method for identifying cloud identity misuse based on run-time time data and static analysis is presented. The method includes: detecting a workload in a cloud computing environment; configuring the workload to deploy a sensor configured to detect data respective of a runtime process executed on the workload; detecting an original disk associated with the workload; generating an inspectable disk based on the original disk; inspecting the inspectable disk for a cybersecurity object; detecting in a log of the cloud computing environment an event based on an identifier of the workload; inspecting a code object for an identity object, the code object utilized in deploying the workload in the cloud computing environment; associating the runtime process with the event based on: an identifier of the workload, the identity object, and the cybersecurity object; and generating an enriched log including an identifier of the runtime process.

Abstract: A method is disclosed. The method includes receiving a broadcast signal from a beacon device, the broadcast signal encoding a first credential associated with a first entity. In response to receipt of the broadcast signal, the mobile communication device transmits the received first credential to an authentication system. The authentication system determines if the first entity associated with the broadcast signal is authentic and generates a confirmation message confirming the authenticity of the first entity. The mobile communication device then receives the confirmation message indicating that the first entity is authentic. The mobile communication thereafter receives and transmits a second credential for the mobile communication device to the beacon device, which transmits the second credential to the authentication system. The authentication system then confirms the authenticity of the mobile communication device.

Abstract: Monitoring is performed for the activation of a set of one or more previously attached Kprobes. A determination is made that a strategy pattern match has occurred. The strategy pattern comprises a set of one or more behaviors including the activation of the at least one Kprobe included in the set of Kprobes. A remedial action is taken in response to the determination. Examples of such remedial actions include generating an alert and terminating a network connection.

Abstract: Embodiments of a device and method are disclosed. In an embodiment, a method of communications involves at a head end (HE), receiving an authentication message from a wireless access point (AP) deployed at a customer site, at the HE, performing a load balance operation in response to the authentication message to select a first authenticator from authenticators of the HE, at the HE, performing an authentication operation using the first authenticator based on the authentication message to generate an authentication request, and from the HE, transmitting the authentication request to an authentication server.

Abstract: A method of configuring a controller 14 for controlling access to a memory 12 is provided. The controller 14 has a display 18 configured to selectively display a plurality of different input screens, wherein each input screen has a unique code associated therewith and the input screens are for receiving user credentials from a user.

Abstract: Systems and methods include aggregating wireless control of electronic devices associated with a multi-tenant structure to enable a user to engage in wireless control of the electronic devices. Embodiments of the present disclosure relate to identifying the electronic devices associated with the multi-tenant structure that are under wireless control based on a unique identifier. Partitioned electronic devices are determined that provide the user with wireless control based on associated permissions granted to the user. The partitioned electronic devices have the associated permissions granting wireless control of the partitioned electronic devices to the user.

Abstract: Methods, apparatuses, systems, and machine-readable media are disclosed for improving packet filtering efficiency by reducing processing time and/or by reducing memory usage. Any of various types of data structures, such as flat hash maps and/or ruletrees, may be used by a packet filtering appliance to search for cybersecurity policy packet filtering rules that should be applied to in-transit packets. The packet filtering appliance may search the index data structures for matches of search objects, in the form of values that the packet filtering appliance extracts from in-transit packets, to threat indicator matching criteria of the policy rules. Each of the index data structures may map rule identifiers (rule IDs) of policy rules to keys that are based on (or that comprise) the matching criteria of those rules.

Abstract: One example method includes receiving a data stream at a node of a data confidence fabric that comprises a group of nodes that are each operable to assign trust metadata to data of the data stream, inspecting the data stream to determine a data type of data in the data stream, accessing a configuration file that applies to all the nodes of the data confidence fabric, and obtaining an equation from the configuration file, mapping the equation to the data, performing a trust insertion process on the data, as specified in the equation, and generating trust metadata that is associated with the data and based on the trust insertion process.

Abstract: In one example, a method includes at a first network infrastructure computing device of a plurality of networked infrastructure computing devices receiving, from a user computing device, an authentication token indicating a user using the user computing device is authenticated with respect to an electronic service, based on the user being authenticated, executing a computing task associated with the electronic service for the user computing device, the computing task including computing task data, predicting a set of possible future locations of the user based on an output of a movement prediction model executing on the first network infrastructure computing device, identifying a set of network infrastructure computing devices correlated with the set of possible future locations, and transmitting the authentication token and the computing task data to the set of network infrastructure computing devices.

Abstract: A computer-implemented method of replacing a security-relevant unencrypted data string by a placeholder. The steps involved include: providing a plurality of mutually different replacement tables, wherein specified in each of the plurality of replacement tables for each character of the alphabet is precisely one replacement character from the same alphabet and wherein the replacement characters in each of the plurality of replacement tables are all different from each other; receiving the security-relevant unencrypted data string, wherein the data string is formed from a plurality of characters of an alphabet; and generating the placeholder replacing the unencrypted data string, and outputting the placeholder. To provide a method which is distinguished by enhanced performance with comparable cryptographic security it is proposed. Generation of the placeholder includes the specifically identified steps.

Abstract: In one embodiment, a method by an apparatus of a Border Gateway Protocol-Link State (BGP-LS) environment includes receiving an attestation token from a first component and encoding the attestation token in a BGP-LS signaling message. The method further includes sending the BGP-LS signaling message with the encoded attestation token to a second component of the BGP-LS environment.

Abstract: Performing controlled access to data stored in a secure partition is described herein, including: associating a predetermined exception with an exception handling program in an operating system; restricting a user program to execution by a normal privilege user; and designating a secure partition and restricting the secure partition to be accessible by a highest privilege user; wherein, when executed in user space corresponding to the normal privilege user, the user program generates the predetermined exception, and wherein the predetermined exception triggers execution of the exception handling program in kernel space, and the exception handling program is configured to read data from the secure partition and deliver the data after processing to the user program.

Abstract: Systems, devices, and methods are provided for implementing a cloud-based mainframe service. A cloud-based mainframe service may utilize various resources, including an operating system that is provisioned with an authorization interceptor that uses a first set of security policies stored in a policy database to determine whether to grant or deny access to resources managed by the operating system. The authorization interceptor may use the security policies of the policy database to determine whether to grant access to operating system resources. A database management system may use a second set of security policies stored in the policy database to determine whether to grant or deny access to resources managed by the database system. Security policies for a mainframe service may be centrally stored in a policy database managed by a policy management service.

Abstract: A terminal apparatus according to an embodiment includes a solid-state imaging element and a first communication unit. The solid-state imaging element includes an image sensor, an image processing unit, and an output interface. The image sensor converts received light into an image. The image processing unit detects a specific object in the image. The output interface outputs the image. The first communication unit transmits the image output from the output interface. The information processing apparatus includes a second communication unit and a processor. The processor receives an image transmitted from the terminal apparatus with the second communication unit. When the image received with the second communication unit is an image in which the image processing unit has detected a specific object, the processor performs mask processing of masking the specific object.

Abstract: Message delivery in cellular roaming scenarios involves a user device activated with a home telecommunications service provider (TSP) that provides cellular service to the user device. The user device is located in a remote location and the user device is activated with a remote TSP providing roaming cellular service to the user device in a remote location on a cellular network of the remote TSP. A process includes, based on the user initiating a transaction with a remote application server that requires user authentication based on delivery of a transactional text message, receiving from the remote application server the transactional text message, encrypting the transactional text message to produce an encrypted transactional text message, and forwarding the encrypted transactional text message to the remote TSP for delivery as a short message service (SMS) text to the user device in the remote location via the cellular network of the remote TSP.