Abstract: Disclosed herein are techniques for enabling device communication in a secure environment. In one example, a system comprises a storage in a server, a first component in the server, the first component being isolated in a secure environment in the server, and an entry point device authorized to access the first component via the secure environment. The entry point device may receive a request to access the first component. The entry point device may store a notification in a region of the storage accessible by the first component, wherein the notification is to be read by the first component from the storage to set the first component to an operation mode. The entry point device may store operation data in the storage, wherein the operation data is to be acquired by the first component from the storage to control an operation of the first component in the operation mode.

Abstract: Systems, methods, and apparatuses for authenticating requests to access one or more accounts over a network using authenticity evaluations of two or more automated decision engines are discussed. A login request for access to a user account may be submitted to multiple decision engines that each apply different rulesets for authenticating the login request, and output an evaluation of the authenticity of the login request. Based on evaluations from multiple automated decision engines, the login request may be allowed to proceed to validation of user identity and, if user identity is validated, access to the user account may be authorized. Based on the evaluations, the login attempt may also be rejected. One or more additional challenge question may be returned to the computing device used to request account access, and the login request allowed to proceed to validation of identity if the response to the challenge question is deemed acceptable.

Abstract: A malware detection method and a malware detection apparatus, where the method includes running to-be-detected software in a sandbox, and recording at least one operation, and in a process of recording the at least one operation, when it is detected that any interface that has a delay attribute in the sandbox is called, determining whether delay duration corresponding to a first delay length parameter of the called interface is greater than a preset duration. When the delay duration corresponding to the first delay length parameter is greater than the preset duration, delay duration of delay execution is reduced to enable the malicious behavior to be executed in the process of recording the at least one operation executed within the preset duration after the to-be-detected software starts to run.

Abstract: Aspects of the disclosure relate to processing systems that generate a virtual air gap to facilitate improved techniques for establishing console access to a cyber range virtual environment. The computing platform may receive a request to generate a virtual air gap to facilitate brokering of a connection between a secure console host platform and a cyber range host platform. The computing platform may generate the virtual air gap, which may include a built-in kill switch. The computing platform may implement the virtual air gap, which may be configured to receive requests to establish a connection between the secure console host platform and the cyber range host platform and to grant the secure console host platform access to a broker. The broker may establish the connection, and the computing platform may terminate the connection in response to activation of the built-in kill switch.

Abstract: A technique is disclosed for remotely managing isolated domains on mobile devices. A request is received from the mobile device to instantiate a managed domain. A managed domain configuration is determined and comprises a security policy controlling access to content of the managed domain of the subscribing mobile device, a content specification identifying the content to be downloaded by the subscribing mobile device into the managed domain, and a content configuration identifying a configuration of the content on the subscribing mobile device. The managed domain configuration is sent to the subscribing mobile device to instantiate a secure, managed domain whose policy, content and content configuration is remotely controlled. The technique is useful for advertising and brand promotion on mobile devices as it simultaneously enables detailed control over the presentation of content by a curator while ensuring privacy and security protection of the other apps, accounts and data on the mobile device.

Abstract: An authentication apparatus including an input interface to acquires an image of a hologram label on an access object including key information; a processing history storage table that correlates a first image with the key information and stores the correlated image; an information determination circuit that refers to the processing history storage table, based on key information included in a second image that is being acquired after the first image, and determines whether the key information corresponds to key information of the second image; and a processing determination circuit that compares feature data of the second image that is not key information with feature data of the first image that is not key information in response to the information determination circuit determining the key information of the first image as being present, and uses the results of the comparison to determine whether to execute processing using the second image.

Abstract: Methods and systems for improved device authentication and presentation of media content to passengers aboard a transportation apparatus are disclosed. In some aspects, authentication of a device may be simplified based on previous associations made between the device, a user, and travel on a transportation apparatus within a particular time period. In some aspects, passenger selected media content may be prepositioned on stable storage within a transportation apparatus such that the media content may be provided to one or more passengers of the transportation apparatus while the transportation apparatus is in motion, and thus avoid transfer of the media content over an off-board wireless communication link.

Abstract: A method and system for securely and traceably enabling playing back of content on a playback device of a plurality of playback devices, in which each of the plurality of playback devices comprises a cryptographic function module (CFM). In one embodiment, the method comprises accepting a first input in the playback device from a content licensing agency; generating, in the device, a first output from the first input according to a proprietary cryptographic function using the CFM, the first output necessary to enable playback of the content by the playback device, the proprietary cryptographic function being one of a family of proprietary cryptographic functions executable by the CFM of each of the plurality of playback devices; and enabling the playback of the content by the device at least in part according to the first output.

Abstract: A method for watermarking an encrypted digital content stored in a content distribution network (CDN) method comprises the steps of receiving in the CDN, a non-watermarked encrypted content and marking metadata, said non-watermarked encrypted content being the result of an encryption of a non-watermarked clear content by a stream cipher process, said marking metadata indicating locations in the content suitable for a modification of said content; using a watermark formed of watermark values and corresponding to a unique identifier; and producing a watermarked encrypted content by combining in the CDN, with a combination function, the values forming the watermark with the non-watermarked encrypted content in locations indicated by the marking metadata.

Abstract: A user registration method and a device for a smart robot. The method comprises: conducting a voice dialogue with a new user to be registered, acquiring a user name of the user from the voice dialogue, and simultaneously collecting biological characteristic information that can uniquely identify the user; wherein the biological characteristic information comprises at least two different types of biological characteristic information, judging whether at least one type of the biological characteristic information satisfies a corresponding preset registration condition, and if yes, using the biological characteristic information that satisfies the preset registration condition as a characteristic template, establishing a correspondence relation between the characteristic template and the user name, and saving the correspondence relation, to complete the user registration.

Abstract: A method, a system, and an article are provided for identification of security-related activities based on usage of a plurality of independent cloud-based, hosted application platforms. An example method includes: receiving, from the application platforms, activity data and state data for a plurality of users of the application platforms; generating one or more predictive models configured to detect deviations from normal user behavior across the application platforms; providing, as input to the one or more predictive models, the activity data and the state data for at least one of the users; receiving, from the one or more predictive models, an indication that an activity of the at least one of the users deviates from the normal user behavior; and facilitating a remedial action to address the indicated deviation.

Abstract: The present disclosure relates to a method for accessing a database stored on a server using a relation. The server is coupled to a client computer via a network, wherein the relation comprises first data items, the first data items forming a partially ordered set in the first relation, wherein for each first data item a referential connection exists in the database assigning said first data item to at least one second data item of the database. The method comprises: identifying first data items of the relation referencing N second data items; for each identified first data item modifying, using a same modification method, the identified first data item M times, wherein M?N, for obtaining M unique modified data items; associating with each of modified first data items of a given first data item a respective portion of the N referential connections of the given first data item; inserting the modified first data items in the relation, thereby replacing the identified first data items.

Abstract: A method by a network device for generating audit logs. The method includes obtaining a first set of application programming interface (API) responses from an endpoint of an API, generating a profile for the endpoint of the API based on analyzing the first set of API responses, where the profile of the endpoint indicates an expected structure of API responses and expected data types associated with data fields included in API responses, obtaining a second set of API responses, using the API profile to determine, for each API response in the second set of API responses, data types of data values included in that API response, and generating an audit log that logs information regarding the data types of the data values included in the second set of API responses.

Abstract: A method for protecting a login process of a user to a service provider against brute force attacks is provided. A financial value is transferred from the user to a token provider for a temporary login token. A login attempt is performed by the user on the service provider, wherein the login attempt requires user specific login data and the temporary login token. If the login on the service provider was successful within a predefined number of login attempts, the financial value is transferred back to the user.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: In one implementation, a resource system includes an authorization engine, an interface engine and an analysis engine. In that example, the authorization engine authorizes an analysis request, the interface engine assigns a data property to the analysis request, and the analysis engine selects a synthesis routine based on the analysis request, identifies data stored in a resource group based on the synthesis routine, and causes the synthesis routine to perform using raw data in the resource group based on the data property in response to a determination that the analysis request is authorized to access the resource group.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: Techniques are disclosed relating to a computer system accessing a client credential set to authenticate with a destination computer system. A computer system may, subsequent to receiving an indication to make available an application for a particular user, retrieve configuration data specifying a reference to a key value. The computer system may maintain a data object that includes a client credential set for the particular user. In response to an occurrence of an event associated with the application, the computer system may access the client credential set of the particular user from the data object using the key value and an indication of the particular user. The computer system may then send a request including the client credential set to a destination computer system for authentication with the destination computer system and receive a response indicating whether the computer system has been authenticated.

Abstract: In some implementations, a device may detect loading of a first web page associated with a domain, and may create an inline frame element that references a second web page associated with the domain. The second web page may require an authenticated user session to access particular content of the second web page. The device may insert the inline frame element into code for the first web page, and may transmit a request for the second web page based on inserting the inline frame element into the code for the first web page. The device may receive a response to the request for the second web page, and may determine whether there is an authenticated user session for the domain based on the response. The device may selectively perform an action based on determining whether there is an authenticated user session for the domain.

Abstract: A method for privatizing an iteratively reweighted least squares (IRLS) solution includes perturbing a first moment of a dataset by adding noise and perturbing a second moment of the dataset by adding noise. The method also includes obtaining the IRLS solution based on the perturbed first moment and the perturbed second moment. The method further includes generating a differentially private output based on the IRLS solution.