Abstract: A system for secure delivery of data, algorithms, or intellectual property into an untrusted environment utilizes an embedded transcoder within the client computing environment. The embedded transcoder takes advantage of cloud computing functionality to isolate the embedded transcoder from the client application, with a proxy junction between the client application and embedded transcoder. Communication to a provider cloud environment is maintained through a generic authentication appliance system (GAAS) with a client-facing application programming interface (API), with the GAAS also communicating to the customer cloud environment components through the proxy junction. To provide the client application permission to access specific components within the provider application, the API authorizes the client application through tokens activated with public/private keys.

Abstract: Systems and methods are provided for effectuating overlay tunnels between software-defined wide area network (SD-WAN) end-point devices despite the use of IPSec passthrough in one or more network devices, such as modems or routers that exist between the end-point devices. In particular, the Internet Key Exchange (IKE) protocol can be allowed to progress until a modem/router is able to establish an IKE tunnel, after which overlay packets using cloud-managed keys can be allowed to pass through the modem/router. An overlay tunnel may then be established between the end-point devices, and the IKE tunnel can be taken down.

Abstract: An apparatus comprises processing circuitry to execute instructions, and decode circuitry to decode the instructions for execution by the processing circuitry. The decode circuitry is responsive to an authentication code generation instruction specifying a first source value to control the processing circuitry to generate an authentication code dependent on the first source value, and store the authentication code to a memory location associated with a store address formed using a value obtained from a register. By providing a single instruction, this reduces register pressure enabling improved performance by avoiding unnecessary load/store operations, and makes compilation of code using the authentication code generation instruction simpler.

Abstract: A method for protecting against malware when a client computer causes file operations at a server computer, comprising: gathering, by the server computer, information for each file operation performed into an event, the information including at least a identifier and a type of the operation, developing, not by the client computer, an event-level feature vector including at least two features which are numerical data representing an aspect of the gathered information for each event; grouping the event-level feature vectors into a file-level feature vector for each file; supplying, not by the client computer, the file-level feature vectors to a trained machine learning classifier and receiving as an output of the classifier at least one risk score indicating a likelihood of a presence of malware activity; and when malware activity is indicated by an aggregate risk score based on the at least one risk score, initiating incident handling.

Abstract: A network system includes a processor and computer-readable memory. The computer-readable memory is encoded with instructions that, when executed by the processor, cause the network system to register a unique pre-shared key, a user profile, and a network policy. The instructions further associate the unique pre-shared key with the user profile to form a key-user pair, associate the key-user pair with the network policy to form a mapped key-user pair, and provide the unique pre-shared key to a user to connect one or more devices to a wireless network. The unique pre-shared key is used to encrypt and decrypt data transmitted between a connected wireless device and the wireless network.

Abstract: A system is provided for provisioning authenticated access to resources linked with individual characteristic data. In particular, the system may comprise an endpoint device associated with a primary user, where the endpoint device stores a resource that is secured using the authentication credentials of the primary user. The endpoint device may have an authentication agent installed thereon that may manage authenticated access to the endpoint device and/or the resources stored thereon. In the event of the primary user's unavailability, a secondary user may attempt to pass the authentication check of the primary user's endpoint device. If a match is found, the authentication agent may grant authorization for the secondary user to access the endpoint device and/or the resources stored thereon.

Abstract: Examples of the present disclosure describe systems and methods for detecting and preventing digital media piracy. In example aspects, a machine learning model is trained on a dataset related to digital media content. Input data may then be collected by a data collection engine and provided to a multimedia processor. The multimedia processor may extract multimedia features (e.g., audio, visual, etc.) and recognized patterns from the input data and provide the extracted multimedia features to a trained machine learning model. The trained machine learning model may compare the extracted features to the model, and a confidence value may be generated. The confidence value may be compared to a confidence threshold. If the confidence value is equal to or exceeds the confidence threshold, then the input data may be classified as pirated digital media. Remedial action response(s) may subsequently be deployed to thwart the piracy of the digital media.

Abstract: Methods, systems, and devices for secure endpoint authentication credential control are described. An endpoint agent may receive an indication from an operating system of an endpoint device that the operating has received authentication credentials from a user. The endpoint agent may be housed in the endpoint device, and may detect a change between the received set of authentication credentials and a previous version of authentication credentials. Based on this detection, the endpoint agent may transmit the received authentication credentials to a central server. The central server may transmit the authentication credentials to an information technology (IT) resource which requires user authentication prior to granting access to a user.

Abstract: Provided is an automatic pseudonymization technique recommendation method using artificial intelligence, including receiving a training dataset including a plurality of pieces of data including a column name, a data type, a pseudonymization technique recommendation, adding, a data type vector obtained from the data type to a word vector obtained corresponding to the column name to obtain a numeric vector, and labeling the numeric vector with the pseudonymization technique recommendation to generate a plurality of pieces of training data, training a first learning model using the plurality of pieces of training data so that the first learning model outputs a pseudonymization technique recommendation in response to an input of the numeric vector, obtaining a numeric vector corresponding to each column of the dataset to be pseudonymized, and inputting the numeric vector obtained into the trained first learning model to obtain a pseudonymization technique recommendation for each column of the dataset.

Abstract: A method for managing transmission of a multimedia content protected against copying, referred to as the protected content, from a reader terminal to a rendering device via a communication link with a view to a rendition on the rendering device. The reader terminal includes a first protective module. The method includes verifying presence on the rendering device of a second protective module compatible with the first protective module, and, in the negative case, transmitting, via the communication link, a request to render an unprotected content instead of the protected content.

Abstract: A device may include processing circuitry configured to, generate a device identifier associated with the device, and generate a unique endorsement identity (ID) associated with the device identifier, a first layer sub-circuit configured to, receive the device identifier, and generate a first certificate and a second certificate based on the device identifier and the unique endorsement ID, the first certificate and the second certificate including information to authenticate the device, and the processing circuitry is further configured to, receive the first certificate and the second certificate, and verify whether the device has been modified based on the first certificate and the second certificate, wherein, in response to the first layer sub-circuit being modified, the first layer sub-circuit is further configured to, generate an endorsement key based on a new unique endorsement ID, and generate a certificate signing request for the new unique endorsement ID based on the endorsement key.

Abstract: Systems and methods, disclosed herein, of a campaign controller that stores information to a database about execution of multiple simulated phishing campaigns for multiple users, where each of the simulated phishing campaigns use one or more models for communicating simulated phishing communications. Based on this information, the campaign controller may determine a rate of success of the model, in causing a user to interact with a link in one of the simulated phishing campaigns, and may display the model's rate of success via a user interface.

Abstract: Implementations relate to user authentication and spoof detection for a device using a fingerprint sensor and additional device sensors. In some implementations, a computer-implemented method includes analyzing a fingerprint image from a fingerprint sensor of a device, to determine fingerprint detection score(s). If these scores meet fingerprint validity thresholds by greater than a respective particular range, a positive authentication indication is provided. Respective sensor data is obtained from additional sensors of the device, such as an inertial measurement unit, ambient light sensor, proximity sensor, touchscreen, etc. If one or more fingerprint detection scores meet their fingerprint validity thresholds within the respective particular range, respective context scores are determined for the sensor data of each additional sensor.

Abstract: In some embodiments, the present disclosure provides an exemplary method that may include steps of identifying a plurality of identification numbers associated with a plurality of entities; determining at least one digital master key associated with an identification number; utilizing a derivation translation module to derive at least three digits of the plurality of digital digits associated with the digital master key; automatically generating a plurality of time-based digital tokens based on the at least three digits derived from the digital master key; utilizing at least one time-based digital token of the plurality of time-based digital tokens to generate digital data for with a computing device associated with a user; automatically generating a first card verification code associated with the at least one time-based digital token and the digital data; and automatically expiring the first card verification code after a predetermined period of time.

Abstract: Systems and methods for a zero-code approach for model version upgrades are described herein. For example, a system includes memory. The system further includes a processor that receives source data from data sources; applies an ingestion process to the source data for storing storage data in a data storage repository; generates models from the storage data; applies an output process to generate output schemas based on the generated models; and applies the output schemas for providing data. Also, the source data and the models changes over time leading to different data type collections. Further, at least one of applying the ingestion and the output process includes performing a dynamic merge on the different data type collections to create a merged data type collection; acquiring a user-defined configuration for the merged data type collection; and generating an output schema to the merged data type collection based on the user-defined configuration.

Abstract: Examples of the disclosure provide for a scatter network device. In some examples, the scatter network device includes a non-transitory memory, at least one processor, and a key exchange application stored in the non-transitory memory. When executed by the at least one processor, the key exchange application transmits a key exchange request to a first network endpoint, the key exchange request including an identifier of the scatter network device, receives a key exchange response from the first network endpoint, the key exchange response including a set of one-time-use endpoint validation tokens (EVTs) uniquely associated with the identifier of the scatter network device, and transmits an authenticated message to a second network endpoint, the authenticated message including a first of the set of one-time-use EVTs concatenated with an encrypted data portion.

Abstract: A method includes broadcasting, by a powered wireless device, a survey request frame to a plurality of ambient (AMP) devices that harvest environmental energy, wherein the survey request frame comprises a unique public key to be used by each AMP device, of the plurality of AMP devices, to generate a survey response frame. The method includes using, within the survey request frame, a first random address as a source media access control (MAC) address and one of a broadcast address or a group address as a destination MAC address. The method includes determining, from each respective survey response frame, whether a corresponding AMP device of the plurality of AMP devices is accessible from which to securely obtain data.

Abstract: In at least some embodiments, systems and methods of the present disclosure enable content selections for securing communications between agent devices and user devices. A request is received for a communication between an agent device and a user device. A user record associated with the user device is determined based on the characteristic. The security system may obtain content items for authenticating the agent device for the user device with the user record. A set of the plurality of content items are determined for display to the agent device. The set of the plurality of content items are transmitted to the user device associated with the user record. A content item identified by a content item selection is received. A match is determined between the selected content item and the set of content items. The communication is transmitted, responsive to the match, with a predetermined type data request for the user device to satisfy the authentication request.

Abstract: An identity authentication method is disclosed in embodiments of the present application. When a requester and an authentication access controller perform identity authentication using an authentication mechanism of a pre-shared key, the identity information of entities is transmitted in the form of ciphertext, thereby preventing the identity information of the entities from being exposed during the transmission, so that attackers cannot obtain private or sensitive information. The mutual or unilateral identity authentication between the authentication access controller and the requester is achieved while ensuring the confidentiality of the entity identity and related information, thereby laying a foundation for ensuring that the user accessing the network is legitimate and/or the network accessed by the user is legitimate.

Abstract: Methods, systems, and devices for phishing-resistant authenticator enrollment are described. An authentication service may encrypt a token that is usable for an initial enrollment of a user in an authenticator application. The authentication service may transmit a first payload to the user. The first payload includes at least the encrypted token. An authenticator application may receive, from the user, a request to initiate the initial enrollment of the user on a device. The request may include the encrypted token. The authentication service may enroll the user in the authenticator application on the device based on decryption of the encrypted token using an encryption key on a near-field communication (NFC) device.