Abstract: Methods, systems, devices, and apparatuses for passkey authentication at an identity management platform are described. In accordance with the described techniques, an administrator of the identity management platform may enable passkey authentication for clients of the identity management platform. Once the passkey authentication is enabled, the identity management platform may display a passkey login option to users associated with the clients of the identity management platform. If a user associated with a client of the identity management platform selects the passkey login option, a device associated with the user may generate a passkey that includes a private key and a public key. The device may store the private key and transmit an indication of the public key to the identity management platform. The identity management platform may use the public key to verify the identity of the user in subsequent login attempts.

Abstract: Provided is a system and method for processing Compliance Data Subject Requests (DSRs) across a network by providing an executable planning model that contains a DSR domain description language, a DSR action description language, DSR problem templates, and predetermined logical, temporal, and dependency constraints. The DSR domain description language includes domains, with each domain including a domain name, and an object hierarchy representing various objects and their inter-relationship within each domain. The DSR action description language includes at least DELETE, REMOVE, OBFUSCATE, and ENCRYPT actions. The DSR problem templates each correspond to an operation that operates upon a compliance object within one of the domains, using at least one of the DSR actions. An instance of DSR processing may comprise receiving from a user DSR that includes a user object on which DSR processing is required and automatically processing the user DSR by executing the executable planning model.

Abstract: The technology relates to machine responses to anomalies detected using machine learning based anomaly detection. In particular, to receiving evaluations of production events, prepared using activity models constructed on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, to responding to detected anomalies in near real-time streams of security-related events of tenants, the anomalies detected by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant.

Abstract: This disclosure relates to systems and methods for verifying the presentation of content to a target audience using generated metrics indicative of a likelihood that the content was presented to actual human individuals within the target audience. In some instances, such a metric may be associated with a probability model estimating that a user (e.g., a user of a device) is human and not a bot and/or other automated service. Metrics consistent with aspects of the disclosed embodiments may be generated based, at least in part, on user information received from a user and/or associated devices and/or associated services. Consistent with various disclosed embodiments, metrics indicative of whether a user is human, content distribution decisions and user agency decisions may use such metrics.

Abstract: Determining a level of congruence between modality-event characteristics is disclosed. Information can be collected from an event input source via one or more information collection modalities. Modality-event characteristics can be determined from this information. A level of congruence between the modality-event characteristics can be determined to enable initiating a response based on the level of congruence. The level of congruence can be based on satisfying a rule related to congruence between modality-event characteristics, user profile information, etc. The level of congruence can be related to a probability that the several inputs collected for an event, collected by a plurality of modalities, embody characteristics that are associated with the event occurring according to determined notions embodied in the rule and profile. Determining the level of congruence can support assertions that each input, across differing modes of capturing said input, accords with the expected inputs for an event.

Abstract: Systems and methods for recent file malware scanning are provided herein. In some embodiments, a security system may include a processor programmed to download one or more files; filter, by a first driver, the one or more downloaded files using a security zone identifier; scan, by the first driver, the filtered subset of one or more files for malware; store, by a second driver, a first set of information associated with each of the scanned files to indicate that each the filtered subset of one or more files have been scanned, wherein the first set of information is stored as metadata using alternative data stream (ADS) associated with each scanned file; monitor, by the second driver, changes to existing files based on the metadata stored; send instructions to rescan any existing file that has changed for malware; and update the information associated with any rescanned file's metadata using the ADS.

Abstract: Embodiments of this application provide an information verification method, apparatus, and device. The method includes: sending a first message to a server that includes a target domain name and first indication information, which indicates a status of first verification information stored in a client, the first verification information is verification information generated based on multiple domain names and owner information of the multiple domain names, the first verification information verifies the owner information of the multiple domain names, and the multiple domain names include a target domain name; receiving a second message sent by the server based on the first message, where the second message indicates target first verification information, which is used by the client to verify owner information of the target domain name; and verifying the obtained owner information of the target domain name based on the second message.

Abstract: A method implemented by a cloud-based system includes steps of, responsive to connecting to a user device with a user associated with a first tenant of a plurality of tenants, obtaining security policies for the user that are configured for the tenant, wherein the security policies for the user are the same regardless of connection type, location of the user, and device type and operating system of the user device; stream scanning traffic between the user device and the Internet based on the security policies, wherein the security policies are for firewall and intrusion prevention functions; and one of allowing and blocking the traffic based on the stream scanning.

Abstract: A hardware database privacy device is communicatively coupled to a private database system. The hardware database privacy device receives a request from a client device to perform a query of the private database system and identifies a level of differential privacy corresponding to the request. The identified level of differential privacy includes privacy parameters (?,?) indicating the degree of information released about the private database system. The hardware database privacy device identifies a set of operations to be performed on the set of data that corresponds to the requested query. After the set of data is accessed, the set of operations is modified based on the identified level of differential privacy such that a performance of the modified set of operations produces a result set that is (?,?)-differentially private.

Abstract: A dedicated database system for storing user-generated content created when interacting with an environment defined by a software service. An access control system provides the software service with surrogate keys only and stores an association between surrogate keys and user-generated content in the dedicated database system. Upon receiving a request for user-generated content, the software service returns a surrogate key which can be translated into associated user-generated content by the dedicated database system.

Abstract: A server receives encrypted data from a protected-resource-requesting device that includes an encrypted combination of the device and user identification. The first server requests a most recent copy of data of a distributed ledger from a randomly selected logged-in workstation. The first server searches for a match of the encrypted data from the first device in the distributed ledger data received from the randomly selected workstation. In response to determining a match, the first server updates a table of a second server with a one-time-password (OTP) and a copy of the encrypted data received from the device. The first server sends the OTP and an instruction to the device to send the OTP and the encrypted data to the second server, which determines whether a match exists. In response to a confirmed match, the first server grants access to the device.

Abstract: The application is directed at a method and system for selective anonymization, wherein the method comprises the steps of capturing visual streaming data, identifying an anonymizable object in the visual data, for which a quantized identity (y) and an individual private key (n) is determined. Based on the individual private key (n) and the quantized identity (y), the first set of encryptions (E1) is calculated, comprising at least two distinct encryptions of the quantized identity. The first set of encryptions (E1) of the quantized identity (y) is sent to a central server, which, in return, sends an exception information indicating if an exception list of the central server comprises a set of exception encryptions (E2) which corresponds to the first set of encryptions (E1).

Abstract: Operator actions and/or other commands or requests are secured via an authentication path from an action originator to a communications/control module or any other industrial element/controller. In implementations, an industrial control system includes an action authenticator configured to sign an action request generated by the action originator. The destination communications/control module or any other industrial element/controller is configured to receive the signed action request, verify the authenticity of the signed action request, and perform a requested action when the authenticity of the signed action request is verified.

Abstract: Techniques disclosed herein relate to automatic association of a non-medical device with a medical device. In some embodiments, the techniques involve accessing a user account provided by a cloud-based service, retrieving first identification information that is stored to the user account and identifies a medical device via the cloud-based service, receiving second identification information from the medical device, and establishing a secure communication link with the medical device based on determining that the second identification information corresponds to or matches the first identification information.

Abstract: An encryption mechanism used on cooperative multi-band wireless STA architecture that enables full duplex operations. In encrypting a frame, an AAD can be constructed by using a selected MAC address, which may not be associated with a band to be used for transmitting the frame in an upcoming TXOP. An STA that supports simultaneous transmission in a multi-band operation uses the same MAC address to encrypt the frames to be transmitted on different bands. An AAD is constructed by using a same MAC address corresponding to one of the transceivers. A transmit STA may specify band information used for encryption in the MAC header, which serves to signal the receive STA to decrypt the frame by using the proper information.

Abstract: A cybersecurity risk management method may include recommending, for each of a plurality of affiliates of an entity, a respective cybersecurity criticality tier selected from a set of cybersecurity criticality tiers; receiving user input adjusting and/or adopting the recommended cybersecurity criticality tier for each of the affiliates; assigning each of the affiliates to the respective adjusted or adopted cybersecurity criticality tier; obtaining respective security scores for the affiliates; and displaying a user interface component configured to show a visualization of a cybersecurity risk management plan of the entity with respect to the plurality of affiliates, wherein the risk management plan partitions the affiliates into a plurality of affiliate sets based on the security scores and the assigned cybersecurity criticality tiers of the affiliates and specifies, for each of the affiliate sets, an action to be taken by the entity with respect to the affiliates in the affiliate set.

Abstract: An ML (machine learning) training logs are parsed for generating a set of heterogenous graphs having embedded nodes connected with edges determined with link prediction and denoting a hierarchical relationship between nodes. Each graph represents benign behavior from executing one of the files of a training database in the sandbox, wherein the nodes are embedded in the graph using GCN (graph convolution network) to calculate a real-valued vector with fixed dimension. A runtime module to receive an untagged file in real-time for analysis from a network component, and generates a graph of runtime behavior from sandbox of the suspicious file for comparison against the training graphs.

Abstract: The present disclosure discloses configuring a device to determine, for encrypted content, a content access key pair including a content access public key and a content access private key, the encrypted content being determined by encrypting content utilizing a symmetric key; configuring the device to determine, for a folder, a folder access key pair including a folder access public key and a folder access private key; configuring the device to encrypt the content access private key by utilizing the folder access public key; configuring the device to encrypt the symmetric key by utilizing the content access public key; configuring the device to transmit the encrypted content, the encrypted content access private key and the encrypted symmetric key to a stateless server for storage; and configuring the device to access the encrypted content by decrypting the encrypted content access private key and the encrypted symmetric key. Various other aspects are contemplated.

Abstract: Systems and methods for detecting attacks using a handshake request are provided. A plurality of devices can receive a plurality of handshake requests to establish TLS connections that include a respective application request. At least one of the plurality of handshake requests can include a first application request. The plurality of devices can record each of the respective application requests to a registry of application requests. A first device of the plurality of devices can receive a subsequent handshake request to establish a subsequent TLS connection that includes the first application request. The first device can query, prior to accepting the first application request, the registry for the first application request. The first device can determine whether to accept or reject the first application request responsive to identifying from the query that the first application request has not been or has been recorded in the registry.

Abstract: Systems, methods, and software can be used to detect software errors in a binary code. In some aspects, a method comprises: obtaining a binary code; generating a base memory-write profile for the binary code, wherein the base memory-write profile comprises a count of memory updates for each of a plurality of memory locations during an execution of the binary code according to a base input; for each of a plurality of test inputs, generating a test memory-write profile for the binary code, wherein the test memory-write profile comprises a count of memory updates for each memory location during an execution of the binary code according to the test input; comparing the base memory-write profile and the plurality of test memory-write profiles; and generating a notification based on the comparison, wherein the notification indicates whether there is a difference between the base memory-write profile and the plurality of test memory-write profiles.