Abstract: An embodiment provides data driven role permissions. Computer executable instructions are received. The computer executable instructions define a role behavior with respect to a process based on a data condition. A role member user is provided different types of interactions with different instances of the process based on execution of the computer executable instructions defining the role behavior.

Abstract: Disclosed herein are methods, systems, and processes for managing and controlling the collective behavior of deception computing system fleets. A malicious attack initiated by a malicious attacker received by a honeypot that is part of a network along with other honeypots is detected. Information associated with the malicious attack is received from the honeypot. Based on the received information, a subset of honeypots other than the honeypot are configured to entice the attacker to engage with the subset of honeypots or avoid the subset of honeypots.

Abstract: Embodiments of the present invention provide methods, systems, apparatuses, and computer program products for managing access permissions for a searchable enterprise platform. In one embodiment, an apparatus is configured to retrieve a user global permissions profile associated with a user profile, the user global permissions profile comprising application access permissions assigned to the user profile for the plurality of software applications; retrieve a global content permissions profile, the global content permissions profile comprising content access permissions assigned to digital content items that are retrievable by one or more of the plurality of software applications; apply permissions conflict rules to resolve permissions conflicts between the user global permissions profile and the global content permissions profile to produce a resolved permissions profile; store the resolved permissions profile to a storage for future use.

Abstract: A provider network implements a proxy to control access to web-based resources of a provider network. The proxy receives requests to access web-based services. The proxy allows access to a web-based service only if user-configured access control rules are satisfied and credentials associated with the web-based service are authenticated. The proxy prevents access to a web-based service if user-configured access control rules are not satisfied or credentials associated with the web-based service are not authenticated. The provider network may also implement a proxy configuration service to set up and launch the proxy. The proxy configuration service receives from the client a specification of the access control rules, configures the proxy based on the access control rules, and launches the proxy.

Abstract: Measures for enabling resource-efficient remote malware scanning capable of static and dynamic file analysis including, at a remote entity, obtaining metadata of an electronic file to be scanned for malware, said metadata including at least information for identification of one or more file items contained in the electronic file, identifying whether at least one file item of the electronic file is not pre-known at the remote entity, instructing delivery of any identified at least one file item of the electronic file, reconstructing the electronic file by assembling its file items, including any file item of the electronic file, which is not pre-known at the remote entity, and any remaining file item of the electronic file, which is pre-known at the remote entity, on the basis of the obtained metadata of the electronic file, and executing a dynamic malware analysis on a runtime behavior of the reconstructed electronic file.

Abstract: The disclosed computer-implemented method for enforcing age-based application constraints may include (1) receiving a selection of age-based use constraints to be associated with one or more applications installed on the computing device, (2) associating the age-based use constraints with the applications, (3) determining that a user attempting to access the applications does not meet the age-based use constraints, and (4) performing a security action that restricts user access to the applications when the user does not meet the age-based use constraints. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A secure control system includes a network of multiplexers that control end/field devices of an infrastructure system, such as an electric power grid. The multiplexers have a default secure lockdown state that prevents remote access to data on the multiplexers and prevents modification of software or firmware of the multiplexer. One or more of the multiplexers include a physical authentication device that confirms the physical proximity of a trusted individual when remote access is requested. A user accesses the network and one of the multiplexers remotely by way of login credentials. The trusted individual confirms the identity of the remote user and operates the physical authentication device connected with and in proximity to that multiplexer, thereby confirming that the remote user can be trusted to access data and reconfigure the multiplexers.

Abstract: Facial recognition-based authentication comprises obtaining a first image of a target object, updating projection information associated with a display by a display device, obtaining a second image of the target object, the second image being an image of the target object after the projection information is updated, obtaining an image difference data based at least in part on the first image and the second image, and determining whether the target object is a virtual object based at least in part on the image difference data.

Abstract: The present invention discloses a data transmission method and a data transmission apparatus. The method includes: sending, by a first computer, first data to a first image capture apparatus through an image output port of the first computer; receiving, by the first image capture apparatus, the first data; and sending, by the first image capture apparatus, the first data to a second computer; or processing, by the first image capture apparatus, the first data to generate second data, and sending, by the first image capture apparatus, the second data to a second computer; where the first image capture apparatus has an image input port, the image input port is connected to the image output port of the first computer, and the image output port of the first computer includes an output port of a display card of the first computer. The present invention can effectively reduce leakage of corporate data.

Abstract: In this disclosure, a number of ways that quantum information can be used to help make quantum classifiers more secure or private are disclosed. In particular embodiments, a form of robust principal component analysis is disclosed that can tolerate noise intentionally introduced to a quantum training set. Under some circumstances, this algorithm can provide an exponential speedup relative to other methods. Also disclosed is an example quantum approach for bagging and boosting that can use quantum superposition over the classifiers or splits of the training set to aggregate over many more models than would be possible classically. Further, example forms of k-means clustering are disclosed that can be used to prevent even a powerful adversary from even learning whether a participant even contributed data to the clustering algorithm.

Abstract: A page request is received from a browser. A page script corresponding to the page request is allocated from a plurality of page scripts corresponding to the page request. The page script is transmitted to the browser for generation of a script execution parameter by execution of the page script by the browser. A page verification request is received from the browser, where the page verification request includes the script execution parameter. Whether a page verification request is expired is determined, where if the page verification request is expired, generating error prompt information indicating a page expiration. If the page verification request is not expired, whether the script execution parameter is valid, is determined. If the script execution parameter is valid, the validity is indicated, otherwise the page request is rejected.

Abstract: A system, method and program product for authenticating a device. An authentication service is provided having: a data management system for periodically collecting and storing signature data from each of a set of registered devices, wherein the signature data includes a plurality of data points, and wherein at least one of the data points includes a device usage characteristic; a system for obtaining a temporal signature state (TSS) vector of a device in response to a transaction request from the device, wherein the TSS vector includes values for a selected subset of the data points forming the signature data; and an authenticator for comparing the TSS vector of the device with stored signature data in order to authenticate the device.

Abstract: Disclosed are systems and methods to encrypt an image for secure image transmission and parallel decryption using resources from a networked environment. Upon reception of encrypted data from the mobile user, the data can be decrypted by transforming the data, decrypting the transformed data, and inversing the transformation. The decrypted data can be sent for storage in a cloud storage.

Abstract: A page request is received from a browser. A page script corresponding to the page request is allocated from a plurality of page scripts corresponding to the page request. The page script is transmitted to the browser for generation of a script execution parameter by execution of the page script by the browser. A page verification request is received from the browser, where the page verification request includes the script execution parameter. Whether a page verification request is expired is determined, where if the page verification request is expired, generating error prompt information indicating a page expiration. If the page verification request is not expired, whether the script execution parameter is valid, is determined. If the script execution parameter is valid, the validity is indicated, otherwise the page request is rejected.

Abstract: An integrated circuit includes an array of devices with a logic pattern to implement a physically unclonable function (PUF) for chip authentication. The logic pattern is determined in accordance with processing variations during the manufacturing. The array of devices includes one or more components having a first state and one or more components having a second state. A combination of the first and second states provides the logic pattern.

Abstract: Hardware circuitry, in response to receiving a request for an authentication value of a plurality of authentication values of a replaceable item from a host device to which the replaceable item has been connected, determines that the authentication value was not previously sent. The circuitry responsively determines that the replaceable item previously sent a maximum number of unique authentication values of the authentication values. The maximum number of unique authentication values is less than a total number of the authentication values. The circuitry responsively sends the authentication value to the host device. The circuitry, once the authentication value has been sent or will have been sent to the host device, determines that the maximum number of unique authentication values has now been sent, and in response prohibits the authentication values that have not been sent from being sent later.

Abstract: The present disclosure provides a method for implementation of wireless relaying. The method is applied to a wireless relay device. The method comprises: a wireless relay device sends a probe request packet carrying a first detection code and device information of the wireless relay device; receive a probe response packet sent by a first wireless routing device, the probe response packet carrying an SSID and a password corresponding to the first wireless routing device; and send an authentication request packet to a second wireless routing device, the authentication request packet carrying the SSID and the password that is carried in the probe response packet sent by the second wireless routing device to the wireless relay device, and the second wireless routing device being one of the first wireless routing devices.

Abstract: An IC module includes a storage unit, a communications unit, and a processing unit. The storage unit stores reference data. The communications unit receives check data. The processing unit detects a degree of similarity between the reference data and the check data. Furthermore, when the degree of similarity is equal to or larger than a first threshold value, the processing unit determines a verification success, and when the degree of similarity is smaller than the first threshold value, the processing unit determines a verification failure, and updates a verification failure history in a weighted manner according to the degree of similarity.

Abstract: A method for analysing data received by an addressed recipient of a data package. The method comprises receiving a data package over a data network. The data package comprises a header and payload data. The header of the data package is analysed to determine a plurality of characteristics, the characteristics comprising at least an identifier and a transmission time. The method also comprises generating a risk indicator, wherein the risk indicator indicates a risk associated with the analysis of the header. A handling action is generated based on the risk indicator; and provided along with the payload data to the addressed recipient.

Abstract: Embodiments of the present disclosure provide a data transmission method, apparatus, and device. The method includes: performing, by a terminal, encryption and integrity protection on a data packet by using a public key of a network device and a private key of the terminal, where the data packet includes user data; and sending, by the terminal, the data packet to the network device, to send the user data to a server by using the network device. Encryption and integrity protection are performed on the data packet respectively by using the public key of the network device and the private key of the terminal, and when no radio resource control RRC connection is established, the data packet is sent to the network device.