Abstract: A method and system masks sensitive fields on a cheque image based one or more access privileges assigned to a user. The method involves receiving a cheque image at a cheque masking engine. A cheque template from one or more cheque templates is selected based on metadata associated with the cheque image. One or more zones of sensitive information associated with the cheque image are identified based on the one or more access privileges assigned to the user and a comparison with the selected cheque template. One or more characters are extracted from the one or more zones of sensitive information. The extracted one or more characters are aliased based on an aliasing rule. Another cheque image is generated by overlaying the one or more zones of sensitive information with the aliased one or more characters.

Abstract: A social networking system user identifies one or more social networking system users authorized to present content items to the user via the social networking system (“authorized users”). When an additional user requests presentation of a content item to the user, the social networking system determines if the additional user is an authorized user. If the additional user is an authorized user, the content item is presented to the user. However, if the additional user is not an authorized user, the social networking system identifies the additional user to the user along with a request to identify the additional user as an authorized user. If the user identifies the additional user as an authorized user in response to the request, the content item is presented to the user.

Abstract: Systems and methods are disclosed for identifying resources responsible for events. In one embodiment, a method may include determining a number of unique actors in a plurality of actors that have accessed the resource. The method may further include identifying from the plurality of actors a set of affected actors that has been affected by an event and identifying from the set of affected actors a subset of resource-affected actors that accessed the resource prior to being affected by the event. The method may further include determining a number of resource-affected actors in the subset of resource-affected actors and, based on the number of unique actors and the number of resource-affected actors, determining an event score for the resource. The event score may be a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors.

Abstract: An approach is described for provisioning and enforcing realtime granular access controls for endpoints. The approach involves enforcing realtime access controls, via a privileged access management appliance, of a plurality of accessors, endpoints, and approvers, to provide for securing, controlling, auditing, and reporting of access to endpoints.

Abstract: A processing device of a server executing an application establishes a network connection to a client device having a smart card, detects a program call associated with an authentication of a user of the client device for accessing the application, and determines, based on the program call, whether the smart card is a remote smart card for the server. Responsive to determining that the smart card is the remote smart card, the processing device redirects the program call to the client device via a communication channel of the network connection and authenticates, by the server, the user of the client device in view of data returned by the program call, as if the remote smart card were local to the server.

Abstract: A data-masking tool encoded on one or more computing readable storage media that includes a code that uses a combination of fields that uniquely identifies data in a record and utilizing it as a reference to mask original data with substitute values, by either aggregating several into one, mapping one-to-one or expanding one into a set.

Abstract: A cipher processing configuration, of which the resistance against various attacks is improved, having a high security level is realized. In a cipher processing configuration in which a nonlinear transformation process and a linear transformation process are repeatedly performed for state data formed from a plurality of elements, a linear transformation unit performs a matrix operation applying a quasi-MDS matrix and a substitution process. As the substitution process, a substitution process is performed which satisfies the following (Condition 1) and (Condition A).

Abstract: Methods, and computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device. The server device may be configured to receive reports from the client computing devices, receive threat feeds from third-party servers (e.g., threat intelligence servers, etc.), and use information included in the received threat feed and information included in the received reports to analyze, in the server computing device, a software application that is operating on a client device in multiple passes. The server may generate threat scores (e.g., one for each pass, etc.), and the threat scores to the client computing device for use in devising a customized security response.

Abstract: Technology is disclosed herein for a timestamped license data structure. In at least one implementation, program instructions stored on one or more computer readable storage media, when executed by a processing system, direct the processing system to at least, responsive to a launch of an application, obtain a license file for the application, the license file comprising a license data structure comprising: a user license; a licensing service signature; a licensing service public key; and a trusted timestamp package. The processing system is also directed to analyze the license data structure using the trusted timestamp package to determine if the licensing service public key was valid when the user license was signed by the licensing service signature if the licensing service public key is invalid. If the licensing service public key was valid when the user license was signed by the licensing service signature: enable features of the application.

Abstract: A privacy management system that is configured to process one or more data subject access requests and further configured to: (1) enable a data protection officer to submit an audit request; (2) perform an audit based on one or more parameters provided as part of the request (e.g., one or more parameters such as how long an average request takes to fulfill, one or more parameters related to logging and/or tracking data subject access requests and/or complaints from one or more particular customer advocacy groups, individuals, NGOs, etc.); and (3) provide one or more audit results to the officer (e.g., by displaying the results on a suitable display screen).

Abstract: A service controller of an information handling system provides a login user interface to a remotely located user. The service controller includes a factory-installed random unique password as its default password. If the service controller is in its original state, the service controller may grant access to the remote user based on original access input that differs from the default password. If the service controller verifies the user's access entitlement, remote access may be granted to the remote user and the remote user may modifying the default password. Access may be granted to the remote user based on user input that includes the user's credentials for accessing a database of asset, owner, and entitlement information maintained by the system supplier. Access may also be granted based on original access input including or indicative of the service controller license.

Abstract: A network function (NF) entity in a communication network receives authentication data associated with a User Equipment (UE), determines the UE supports a blockchain registration procedure based on the authentication data, exchanges authentication messages with a Blockchain Roaming Broker (BRB) entity over a blockchain network interface, receives a blockchain authentication confirmation from the BRB entity, and registers the UE with the core network based on the blockchain authentication confirmation.

Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.

Abstract: A control unit, in a disclosed embodiment, includes a transceiver, memory, and a processor. The processor is coupled to the transceiver and memory and executes instructions from the memory to cause the control unit to receive a first transmission containing a certificate, verify the authenticity of the certificate, and, after verifying authenticity of the certificate, execute a public key agreement protocol to generate a first common secret encryption key, receive a second transmission containing an encrypted first public key that is encrypted by the first common secret encryption key, decrypt the encrypted first public key using the first common secret encryption key to determine the first public key, execute a public key agreement protocol to generate a second common secret encryption key, generate an operational key, encrypt the operational key using the second common secret encryption key, and transmit the encrypted operational key.

Abstract: Provided is a computer implemented method for performing mutual authentication between an online service server and a service user, including: (a) generating, by an authentication server, a server inspection OTP; (b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP and using the same generation key as an OTP generation key and a calculation condition different from a calculation condition is applied or a generation key different from the OTP generation key is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP; and (c) generating, by the authentication server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.

Abstract: Techniques to apply and share remote policies on personal devices are described. In an embodiment, a technique includes contacting an enterprise server from an enterprise application operating on a personal device. The enterprise application may receive policies from the enterprise server. The policies may be applied to the enterprise application. When a second enterprise application on the personal device is launched, the policies may also be applied to the second enterprise application. When a policy is changed on the enterprise server, notification is pushed to the personal device and all related enterprise applications on the personal device may be updated to enforce the policy change. Other embodiments are described and claimed.

Abstract: A method for downloading a profile of an electronic apparatus is provided. The method includes receiving profile information from a profile information transfer server, transmitting a profile request to an identified profile providing server based on the profile information, and receiving a profile installable in a universal integrated circuit card (UICC) of the electronic apparatus from the profile providing server, and an electronic apparatus. Further, the present disclosure may provide a profile information providing server providing the profile information to the electronic apparatus and an operation thereof, and a profile providing server providing a profile to the electronic apparatus and an operation thereof. Further, the present disclosure may provide a method for swapping a profile between apparatuses, a method for acquiring profile information using code information, a method for modifying a profile providing server, and an apparatus performing the same.

Abstract: A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender.

Abstract: A Controlled Environment Secure Media Streaming System manages the delivery of content to Secured Devices. Cloud Services provide content to Integration Hub. The Integration Hub interfaces with various cloud services providers and prepares content for consumption by a resident of a secured facility. Integration Hub utilizes Content Filter to inspect content received from cloud service providers for suitability for use in a secured environment. Once content is retrieved, filtered, formatted, and packaged by Integration Hub, the content is stored in Data Warehouse. Secured Devices request content from the Distribution Hub, the Distribution Hub retrieves the content from the Data Warehouse, and then Distribution Hub manages the transfer of content to the Secured Devices. In some embodiments, Distribution Hub utilizes Content Filter to determine whether or not a particular Secured Device can access particular content.

Abstract: A simulation computer device for securely executing a model includes at least one processor in communication with at least one memory device. The simulation computer device is configured to store a smart container including a model and a usage policy. The simulation computer device is also configured to receive a plurality of inputs for the model and determine whether to validate the model based on the usage policy. The simulation computer device is further configured to execute the model with the plurality of inputs if the model was validated. Moreover, the simulation computer device is configured to transmit at least one output.