Abstract: An online system authenticates a user through a voiceprint biometric verification process. When a user needs to be authenticated, the online system generates and provides a random phrase to the user. The online system receives an audio recording of the randomly generated phrase and retrieves a previously trained voiceprint model for the user. The online system analyzes the audio recording by applying the voiceprint model to determine whether the audio recording satisfies a first criteria of whether the voice in the audio recording belongs the user and a second criteria of whether the audio recording includes a vocalization of the randomly generated phrase. If the audio recording satisfies both criteria, the online system authenticates the user. Therefore, the user can be provided access to a new communication session in response to being authenticated.

Abstract: This Application describes devices, and techniques for using them, capable of allowing valid access to targeted device data without the owner's consent, while still informing the owner whenever any invalid access has occurred. In one embodiment, each targeted device's data is protected by several techniques: (A) maintaining protected data on the targeted device encrypted, thus preventing hardware or software access without authorization; (B) maintaining encryption keys for protected data in a “secure enclave”, not software accessible without authorization, and not hardware accessible without substantial effort; (C) maintaining the secure enclave within a tamper-evident enclosure, the tamper-evident enclosure having a unique identifier that is not easily duplicable; and (D) providing relatively easy retrieval of the unique identifier and checking that the unique identifier has not been altered.

Abstract: The technology disclosed relates to securely encrypting a document. In particular, it relates to accessing a key-manager with a triplet of organization identifier, application identifier and region identifier and in response receiving a triplet-key and a triplet-key identifier that uniquely identifies the triplet-key. Also, for a document that has a document identifier (ID), the technology disclosed relates to deriving a per-document key from a combination of the triplet-key, the document ID and a salt. Further, the per-document key is used to encrypt the document.

Abstract: A machine learning (ML)-based technique for user behavior analysis that detects when users deviate from expected behavior. A ML model is trained using training data derived from activity data from a first set of users. The model is refined in a computationally-efficient manner by identifying a second set of users that constitute a “watch list.” At a given time, a differential data ingestion operation is then performed to incorporate data for the second set of users into the training data, while also pruning at least a portion of the data set corresponding to data associated with any user included in the first set but not in the second set. These operations update the training data used for the machine learning. The machine learning model is then refined based on the updated training data that incorporates the activity data ingested from the users identified in the watch list.

Abstract: Disclosed embodiments relate to systems and methods for centrally analyzing and managing scripts. Techniques include identifying, at a centralized script execution resource in a network environment, a first script; identifying, at the centralized script execution resource, a security risk indication for the first script; determining, at the centralized script execution resource, a security context for the first script; and performing, based on the security risk indication and the security context, at least one of: determining whether to execute the first script at the centralized script execution resource on behalf of the at least one of the endpoint resources, executing the first script at the centralized script execution resource on behalf of the at least one of the endpoint resources, or determining execution conditions for execution of the first script at the centralized script execution resource on behalf of the at least one of the endpoint resources.

Abstract: A data protection circuit of a chip, a chip, and an electronic device, where the data protection circuit performs bit width expansion and scrambling processing on a first alarm signal using an operation circuit to obtain a second alarm signal, and outputs the second alarm signal to a processing circuit. The processing circuit performs descrambling processing after receiving the second alarm signal to obtain a descrambling result. When the second alarm signal is attacked, the descrambling fails, and the descrambling result is an active level. The processing circuit outputs the descrambling result to a reset request circuit, and the reset request circuit generates a reset request signal according to the descrambling result.

Abstract: Methods, systems, apparatuses, and computer program products are provided for evaluating security detections. A detection instance obtainer obtains detection instances from a pool, such as a security detections pool. The detection instances may be obtained for detections that meet a predetermined criterion, such as detections that have not been onboarded or rejected, or detections that have generated detection instances for a threshold time period. The detection may be onboarded or rejected automatically based on a volume thresholder and/or a detection performance evaluator. For instance, the volume thresholder may be configured to automatically onboard the detection if the volume of the detection instances is below a first threshold, and reject the detection if the volume is above a second threshold. The detection performance evaluator may be configured to onboard or reject the detection based on an efficacy of the detection (e.g., based on a true positive rate of the detection instances).

Abstract: A security client can be configured to operate on the one or more computing systems and record all events occurring on the one or more computing systems. The security client can operate as a “security camera” for the computing systems by identifying and retaining data and information that describes and details different events that occur on the computing systems. The security client can be configured to generate event records for the events that are uniquely associated with the process that requested or performed event. Likewise, the security client can be configured to uniquely associate the event records with the specific computing system associated with the event.

Abstract: A method and a system used by a terminal to connect to a virtual private network (VPN), and a related device to resolve a problem that workload is heavy and an error is easy to occur currently during configuration of an Internet Protocol (IP) address of a VPN gateway for a terminal. A VPN control device is responsible for authenticating access of the terminal, and determining a VPN gateway to which the terminal is allowed to connect. When an IP address of the VPN control device is configured for all terminals in a system, terminal security authentication can be implemented.

Abstract: Countering phishing attacks by generating multiple synthetic victims, where each of the synthetic victims includes synthetic victim information that represents a computer user identity and includes associated sensitive information, where the computer user identity and its associated sensitive information are fictitious in that they are not known to be associated with a legitimate computer user, providing any of the synthetic victim information of the synthetic victims to a computer-hosted phishing site, storing the synthetic victim information in a computer-accessible database, receiving from a computer-hosted target site information provided to the computer-hosted target site by a requestor, identifying in the computer-accessible database database synthetic victim information matching the requestor information, and notifying the computer-hosted target site that the requestor information is of a synthetic victim.

Abstract: In accordance with one embodiment of the present disclosure, a method for determining the similarity between a first data set and a second data set is provided. The method includes performing an entropy analysis on the first and second data sets to produce a first entropy result, wherein the first data set comprises data representative of a first one or more computer files of known content and the second data set comprises data representative of a one or more computer files of unknown content; analyzing the first entropy result; and if the first entropy result is within a predetermined threshold, identifying the second data set as substantially related to the first data set.

Abstract: A method of transferring process data from a secure network protected by a first firewall to an unsecure network protected by a second firewall using an existing interface is provided. The existing interface is configured to transfer the process data having a first format from the secure network to the unsecure network through the first and second firewalls. The process data further includes new data having a second format. The method includes: receiving the new data from a first application in the secure network; converting the new data from the second format to a binary format; writing the binary data to the existing interface as further process data having the first format; receiving the binary data from the existing interface; converting the binary data from the binary format to the new data having the second format; and making the new data available to a second application in the unsecure network.

Abstract: Systems, computer program products and methods implementing policy enforcement for search engines are described. A policy engine receives a user identifier associated with a search query including one or more query terms. The policy engine receives, from a preprocessor of a search engine, an intermediate representation of the search query. The intermediate representation includes one or more index terms corresponding to the one or more query terms. The policy engine determines, based on a particular policy, if the user is prohibited from accessing data associated with a particular index term. In response, the policy engine modifies the intermediate representation, including negating the particular index term. The policy engine then submits the modified intermediate representation to a query processing module of the search engine, causing the query processing module to exclude content corresponding to the particular index term from search results.

Abstract: The present disclosure relates to a method for data anonymization of a database system. The method comprises: determining if a first dataset and second dataset of the database system have a relationship indicative of an entity having values in the two datasets. A request may be received from a user for at least one of the first and second datasets. In case the first dataset and second dataset have the relationship, at least one of the first and second datasets may be modified such that the indication of the entity is not accessible to the user. And the requested dataset may be provided.

Abstract: In general, the techniques of this disclosure describe a computing device that is configured to verify an identity of a user based on authentication factors received from multiple authentication devices. The computing device, which may be configured to operate as a server device, may receive an authentication factor from at least three authentication devices in a group of three or more authentication devices via a guard device. The computing device may determine a probability that the respective user of each respective authentication device is a particular trusted user based on the received authentication factors. If the probability exceeds a threshold authentication probability, the computing device may send an authentication confirmation to a client device.

Abstract: A memory storage system is provided according to an exemplary embodiment of the disclosure. The memory storage system includes a host system and a memory storage device. In a first handshake operation, the memory storage device transmits first encrypted information corresponding to first authentication information to the host system, and the host system transmits second encrypted information corresponding to the first authentication information to the memory storage device. In a second handshake operation, the memory storage device transmits third encrypted information corresponding to second authentication information to the host system, and the host system transmits fourth encrypted information corresponding to third authentication information to the memory storage device based on the third encrypted information. The third authentication information is configured to encrypt data transmitted between the host system and the memory storage device in a developer command transmission stage.

Abstract: A machine learning model is applied to at least determine whether a computer program includes vulnerable code. The machine learning model is trained to determine whether the computer program includes vulnerable code based at least on a presence and/or absence of a first trait. An indication can be provided, via a user interface, an indication that the computer program includes vulnerable code, when the computer program is determined to include vulnerable code. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract: A system for providing security in a computer system is provided. The system includes a plurality of ring oscillators and one or more logic circuits. The ring oscillators are equipped with a respective plurality of counters to count impulses of oscillating outputs of the ring oscillators. The one or more logic circuits start and stop the respective plurality of counters over repeated counting periods, and select a group of ring oscillators from the plurality of ring oscillators. The one or more logic circuits also determine a correlation between oscillating outputs of the group of ring oscillators. The one or more logic circuits further generate a notification indicating interference in the group of ring oscillators and thereby the plurality of ring oscillators when the correlation is above a predefined threshold correlation.

Abstract: Apparatus and methods for encrypting captured media. In one embodiment, the method includes capturing media data via use of a lens of an image capture apparatus; obtaining a number used only once (NONCE) value from the captured media data; obtaining an encryption key for use in encryption of the captured media data; using the obtained NONCE value and the obtained encryption key for encrypting the captured media data; and storing the encrypted media data. In some variants, the media is encrypted prior to storage, thereby obviating any instances in which the captured media data resides in a wholly unencrypted instance. Apparatus and methods for decrypting encrypted captured media are also disclosed.

Abstract: Techniques for instantiating an enclave from dependent enclave images are presented. The techniques include identifying a first set of dependent enclave indicators from a primary enclave image, identifying a first dependent enclave image corresponding to one of the first set of dependent enclave indicators, creating a secure enclave container, and copying at least a portion of the primary enclave image and at least a portion of the first dependent enclave image into the secure enclave container.