Abstract: This application provides a voiceprint recognition method and device. The method includes: calculating, by an electronic device a first confidence value that an entered voice belongs to a first registered user, and calculating a second confidence value that the entered voice belongs to a second registered user. The method further includes: calculating, by another electronic device, a third confidence value that the entered voice belongs to the first registered user, and calculating a fourth confidence value that the entered voice belongs to the second registered user. A server determines, based on the first confidence value and the third confidence value, a fifth confidence value that a user is the first registered user, and determines, based on the second confidence value and the fourth confidence value, a sixth confidence value that the user is the second registered user.

Abstract: A method comprises: monitoring a data stream comprising a plurality of data events; identifying a data pattern comprising one or more of the plurality of data events; determining that at least one of the data events comprising the data pattern supports virtual card generation; determining that the at least one of the data events comprising the data pattern is performed using a physical card number at a geolocation; determining that at least one virtual number has been associated with profile data associated with a user; transmitting a notification comprising a request to generate a virtual number; and upon receipt of an approval of the request, executing a script to generate the virtual number and associate the virtual number with the geolocation.

Abstract: Techniques are described herein that are capable of provisioning a trusted execution environment (TEE) based on (e.g., based at least in part on) a chain of trust that includes a platform on which the TEE executes. Any suitable number of TEEs may be provisioned. For instance, a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information.

Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to determine that an entity was granted an anomalous role assignment to a managed environment. The processor may also, based on the determination that the role assignment of the entity is anomalous, identify at least one indicator associated with the role assignment, determine an indicator value corresponding to the identified at least one indicator, and determine whether the indicator value exceeds a predefined threshold value. The processor may, based on a determination that the indicator value exceeds the predefined threshold value, output an alert indicating that the role assignment is suspicious.

Abstract: A content distribution system includes content receivers that provide a plurality of blockchain databases that store transaction records associated with subscriber requests for content, and a computer system that processes those transaction records and enables authorized content receivers to output requested content.

Abstract: Aspects of the disclosure relate to dynamically controlling access to linked content in electronic communications. A computing platform may receive, from a user computing device, a request for a uniform resource locator associated with an email message. Subsequently, the computing platform may identify that the uniform resource locator associated with the email message corresponds to a potentially-malicious site. In response to identifying that the uniform resource locator associated with the email message corresponds to the potentially-malicious site, the computing platform may determine a risk profile associated with the request received from the user computing device. Based on the risk profile associated with the request, the computing platform may execute an isolation method to provide limited access to the uniform resource locator associated with the email message.

Abstract: A dynamic threat landscape to which computer resources of a specific enterprise are subject is tracked. Data feeds maintained by a security system of the enterprise are assessed. The effectiveness of data feed utilization by the security system is quantified, relative to the threat landscape. Threat detection rules deployed by the security system are assessed, and the effectiveness thereof by the security system is quantified. Processing capability of alerts generated by threat detection rules and threat response capability may also be assessed and quantified. The effectiveness of the security system as a whole is automatically quantified, based on the tracked threat landscape, the quantifications of the effectiveness of data feed utilization, threat detection rule utilization, processing capability of alerts generated by threat detection rules and/or threat response capability. Recommendations concerning more effectively protecting the enterprise against specific threats are output.

Abstract: A node for a VSAN includes a BMC, a processor, and a plurality of VSAN objects. The processor instantiates a Cluster Membership, Monitoring, and Directory Service (CMMDS) and a BMC Service Module (SM). The CMMDS implements a Security Policy and Data Model (SPDM) architecture. The CMMDS determines an inventory list of the VSAN objects and a SPDM authentication state for each of the objects, and provides the inventory list and the SPDM authentication states to the BMC SM. The BMC SM provides the inventory list and the SPDM authentication state to the BMC. The BMC determines that a first VSAN object is not authenticated based upon the SPDM authentication state of the first VSAN object, and directs the CMMDS to halt input/output (I/O) operations on the VSAN to the first VSAN object.

Abstract: In some aspects, the disclosure is directed to methods and systems for providing an architecture for building high performance silicon components that support a rich set of networking and security features. In many implementations, the architecture splits network and security functions into two functional and logical blocks (which may physically be on the same die or integrated circuit in some implementations, or may be split on separate integrated circuits). The network functions may be executed via an integrated network interface card and accelerator subsystem with a high throughput execution pipeline. Security functions may be executed asynchronously from the network processing functions, in many implementations.

Abstract: Systems, computer program products, and methods are described herein for self-clustering computing protocols. The present invention is configured to detect, using a node analysis engine, a change in a network security protocol associated with a first node or device within a distributed network, and transmit instructions for the first node or device to broadcast the change to nearby nodes or devices such that they can act in concert to protect against identifies security issues.

Abstract: An anomaly detection system is disclosed capable of reporting anomalous processes or hosts in a computer network using machine learning models trained using unsupervised training techniques. In embodiments, the system assigns observed processes to a set of process categories based on the file system path of the program executed by the process. The system extracts a feature vector for each process or host from the observation records and applies the machine learning models to the feature vectors to determine an outlier metric each process or host. The processes or hosts with the highest outlier metrics are reported as detected anomalies to be further examined by security analysts. In embodiments, the machine learnings models may be periodically retrained based on new observation records using unsupervised machine learning techniques. Accordingly, the system allows the models to learn from newly observed data without requiring the new data to be manually labeled by humans.

Abstract: An authentication device includes an image acquisition unit, an identification unit, and an authentication unit. The image acquisition unit acquires an image of an eye of a subject. The identification unit identifies the colored pattern of a colored contact lens worn by the subject by comparing a reference image with the image of the eye. The authentication unit identifies the subject, using a feature in a region other than a colored region of the colored pattern in the iris region of the eye.

Abstract: A method provides for receiving multiple different segment tags generated based on different segments of a data record, where each segment is encrypted during a separate encryption process. Upon receipt, each of the multiple different segment tags is adjusted by an end-of-segment operation that induces a segment-specific error rendering the segment tag invalid for authentication of the data record as a whole. The method provides for accumulating together the multiple different segment tags to form a combined multi-segment tag, computing a correction effective to reverse a cumulative effect of the segment-specific error for each of the multiple different segment tags on the combined multi-segment tag; and generating a complete authentication tag by adjusting the combined multi-segment tag based on the computed correction. The complete authentication tag is usable to authenticate aspects of the data record as a whole.

Abstract: An apparatus configured to: receive a digital input signal; receive a processing-direction-signal that can have a forward-value or a backward-value; and provide a digital output signal. The apparatus comprising a processor configured to apply an involutional cryptographic function to the digital input signal by: for a first operation: apply a first step of the involutional cryptographic function to the digital input signal in order to implement a forward calculation to move to the next step in the sequence; and perform a plurality of further operations until the forward calculation of a last step is performed. Each further operation comprises: if the processing-direction-signal has a forward-value: then perform the forward calculation for the current step; or if the processing-direction-signal has a backward-value: then perform a backward calculation for the current step.

Abstract: In response to a process being triggered, at least in part by receipt of information regarding communication directed to a first application by a second application, a threat level is computed based at least in part on the information. As a result of the threat level being of a first severity, the second application is migrated to a destination zone that allows for improved communications with the first application. As a result of the threat level being of a second severity, migration of the second application to the destination zone is delayed. As a result of the threat level being of a third severity, a mitigation action is performed.

Abstract: A gateway or other network device may be configured to monitor endpoint behavior, and to request a verification of user presence at the endpoint under certain conditions suggesting, e.g., malware or other endpoint compromise. For example, when a network request is directed to a low-reputation or unknown network address, user presence may be verified to ensure that this action was initiated by a human user rather than automatically by malware or the like. User verification may be implicit, based on local behavior such as keyboard or mouse activity, or the user verification may be explicit, such as where a notification is presented on a display of the endpoint requesting user confirmation to proceed.

Abstract: Various solutions for avoiding denial of services with respect to mobile station (MS) and network apparatus in mobile communications are described. A MS may receive a first reject message from a network apparatus in a location area. The first reject message may comprise a first reject cause. The MS may also receive a second reject message from the network apparatus in the location area. The second reject message may comprise a second reject cause. The MS may store an identification of the location area in a forbidden location area list in an event that both the first reject cause and the second reject cause are received from the same location area. The MS may further search for another location area or tracking area.

Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.

Abstract: An example of a computer-readable medium to store machine-readable instructions. The instructions may cause a processor to update a machine learning model based on first confidential data set. The machine learning model may have been previously trained based on a training data set distinct from the confidential data set. The instructions may cause the processor to apply the machine learning model after the update to a second confidential data set.

Abstract: Computer-readable media, methods, and systems are disclosed for tenant-specific encryption of container in connection with a database employing group-level encryption. An encryption group identifier may be assigned to container. The encryption group identifier may define how the container is encrypted. A container entry corresponding to the container may be created. A commit operation may be received for committing the assignment of the encryption group identifier to the container. A job may be initialized for encryption the container according to the encryption group identifier. The container may be flagged as modified. A flush operation may be initiated whereby the container is re-encrypted according to the encryption group identifier. Once flushing is complete, the container entry may be deleted.