Abstract: User data is aggregated across a plurality of electronic communication channels and domains. An online system initially authenticates a user for access to the online system over a network. The online system provides a user identifier for the user to an authentication service. The authentication service generates a non-repeatable challenge from the aggregated user data for the user identifier and provides the non-repeatable challenge to the online system. The online system provides the challenge to the user and receives a response from the user. The online system provides the response to the authentication service and the authentication sends a success or failure back to the online system based on the response to the challenge, and based on the success or failure the online system makes a final determination for authenticating the user for accessing to the online system.

Abstract: Communication enabled circuit breakers are described. Methods associated with secure communication between communication enabled circuit breakers and a panel system are described. Additionally, methods for commissioning and decommissioning such communication enabled circuit breakers in the panel system are described. The communication enabled circuit breakers may be paired with a controller and information regarding such breakers can be added to a database.

Abstract: In an approach for training machine-learning models using encrypted data, a processor receives a set of encrypted data from a client computing device. A processor trains a machine-learning model using a boosting algorithm. A processor performs a first classification on the set of encrypted data using the machine-learning model. A processor sends a first set of encrypted results of the first classification to the client computing device. A processor receives a first set of boosting updates from the client computing device. A processor applies the first set of boosting updates to the machine-learning model.

Abstract: Methods, systems and computer readable media for rogue device detection are described. The method may include automatically generating one or more dummy network identifiers associated with a wireless network, advertising the one or more dummy network identifiers, and identifying a device as a suspect device based on receiving a connection attempt to at least one of the one or more dummy network identifiers by the device. The method can also include allocating a virtual local area network within the wireless network to process traffic associated with the at least one of the one or more dummy network identifiers, and monitoring network traffic of the suspect device on the virtual local area network. The method can further include, if the monitored network traffic meets an abnormality threshold, determining that the suspect device is a rogue device, and performing an action to protect the wireless network from the rogue device.

Abstract: A network reachability solving algorithm based on formal verification, which abstractly models the network reachability problem, concretely models and refines it through semantic equivalence, and implements the network reachability solving algorithm through logical equivalence transformation. With the help of formal verification tools, the present disclosure ensures the correctness and logical completeness of the reachability solving algorithm through mathematical reasoning. Compared with traditional testing-based schemes, the present disclosure guarantees the correctness and effectiveness of the network reachability algorithm based on formal method.

Abstract: A set of distance measurable encrypted feature vectors can be derived from any biometric data and/or physical or logical user behavioral data, and then using an associated deep neural network (“DNN”) on the output (i.e., biometric feature vector and/or behavioral feature vectors, etc.) an authentication system can determine matches or execute searches on encrypted data. Behavioral or biometric encrypted feature vectors can be stored and/or used in conjunction with respective classifications, or in subsequent comparisons without fear of compromising the original data. In various embodiments, the original behavioral and/or biometric data is discarded responsive to generating the encrypted vectors. In another embodiment, distance measurable or homomorphic encryption enables computations and comparisons on cypher-text without decryption of the encrypted feature vectors. Security of such privacy enabled embeddings can be increased by implementing an assurance factor (e.g.

Abstract: A method of tracking phishing activity is disclosed. A request to download a webpage hosted as part of a legitimate website on a server is initiated. The request includes identification data pertaining to at least one user computing device. The identification data is extracted from the request. A unique identifier corresponding to the extracted identification data is generated. Fingerprint data is generated using at least a subset of the extracted identification data. The unique identifier, the extracted identification data and the fingerprint data is stored. The fingerprint data is encoded into a program and/or data associated with the webpage to generate a modified webpage. The modified webpage is transmitted from the server to the user computing device in response to the request.

Abstract: This document describes techniques and systems that enable face authentication embedding migration and drift-compensation. The techniques and systems include a user device that is updated to include both a current version of firmware and an updated version of the firmware. Then, an indication of a face-authentication attempt is received along with image data associated with a user's face. After successful authentication, using the current version of firmware on the image data, the user device uses the updated version of the firmware on the same image data to generate a new embedding. The new embedding is stored as part of a migration profile for the user. Additional new embeddings are collected over a series of subsequent face-authentication attempts until a complete set of new embeddings is stored for the migration profile. Then, the old profile is deleted and the migration profile becomes the enrollment profile used for face authentication.

Abstract: The disclosed technology provides solutions for performing a document validation process wherein physically present witnesses are required. In some aspects, a process of the disclosed technology includes steps for receiving geolocation data for a mobile device associated with a first user, receiving a signed electronic document via the first device, determining if the signed electronic document was properly executed by the first user, and if the signed electronic document was properly executed, providing a prompt to the first user, wherein the prompt is configured to request electronic contact address for a second device associated with a second user. In some aspects, the process can further include transmitting an authentication request to the second device associated with the second user, receiving geolocation data from the second device in response to the authentication request. Systems and machine-readable media are also provided.

Abstract: An identity profile of a user is tracked using previous message communications of the user. A message identified as potentially from the user is received. The identity profile of the user is identified and obtained. Information is extracted from a header of the received message. A security risk assessment of the received message is determined at least in part by comparing the extracted information with one or more corresponding entries of the identity profile of the user. A security action is performed based on the determined security risk assessment.

Abstract: As described herein, a system, method, and computer program are provided for an unattended trap for a brute force attack. A brute force attack on private data in a computer network is detected. Secret information expected by the brute force attack is generated. At least one honeypot having the secret information is created in the computer network. A state of the at least one honeypot is updated based on simulated activity.

Abstract: An exemplary method comprises generating receiving an authentication request from a graphical user interface on a first computing device; generating a first encrypted media element; displaying the encrypted media element on the GUI; receiving a second encrypted media element from a second computing device; upon determining that the first and second encrypted media elements have a positive match, querying an identification value associated with the second computing device; receiving the identification value associated with the second computing device; upon the identification value matching a data record within a database, determining an account associated with the data record within the database; and authenticating the first computing device by granting the first computing device access to the account associated with the second computing device.

Abstract: Systems, methods, and apparatuses of using biometric information to authenticate a first device of a user to a second device are described herein. A method includes storing, by the first device, a first key share of a private key and a first template share of a biometric template of the user. The second device stores a public key, and one or more other devices of the user store other key shares and other template shares. The first device receives a challenge message from the second device, measures biometric features of the user to obtain a measurement vector, and sends the measurement vector and the challenge message to the other devices. The first device receives partial computations, generated using a respective template share, key share, and the challenge message, from the other devices, uses them to generate a signature of the challenge message and send the signature to the second device.

Abstract: A method and a system for accelerating verification procedure for an image file are provided. In the method, the system retrieves an image file from a first non-volatile memory, and calculates a hash value with respect to the image file. A combination of the hash value, a public key and a digital signature is compared with another hash value, public key and digital signature backup in a second non-volatile memory. A comparison result is generated for verifying the image file in the first non-volatile memory. After the image file is verified, the system can load the image file. Instead of the conventional technology that uses digital signature to verify the image file, the present method can effectively accelerate the verification procedure.

Abstract: Protecting sensitive data from unauthorized disclosure is provided. For example, systems, methods, and computer readable storage devices are described that may be operable or configured to tokenize sensitive data attributes that may be included in a data file received from a client. Tokens that are anonymized but representative of the attributes may be generated and mapped to the sensitive data attributes. A tokenized data file may be de-tokenized and re-tokenized to perform processes that require the sensitive data attributes. A document may be transformed to protect the sensitive data attributes while reducing risk of disclosure of the sensitive data.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for secure communication based on random key derivation. An example method includes receiving an initial symmetric key shared between the key depot device and a host device. The method also includes receiving seed data shared between the key depot device and the host device. The method also includes establishing a connection to a client device. The method also includes generating, by key derivation circuitry of the key depot device, a first symmetric key based at least on a portion of the seed data. The method also includes causing transmission of the first symmetric key to the client device. The method also includes generating a key allocation indication that identifies an authentication target and comprises an indication of the generation of the first symmetric key. The method also includes causing transmission of the key allocation indication to the host device.

Abstract: A computer-implemented method to inject security semantics into database queries. The method includes receiving, by a database system, a query, wherein the query is received from a host and the query is generated by a first user account. The method also includes, generating an access plan for the query. The method further includes, determining a first portion of the access plan matches a first security syntax. The method includes, injecting, in response to determining the first portion of the access plan matches the first security syntax, the first security syntax into the access plan. The method further includes, executing the query. The method includes, returning a set of results of the query to the host.

Abstract: Disclosed herein are system, method, and computer program product embodiments for managing the dissemination of documents using downstream control. A document linking system may facilitate the creation of a document link, graphical document link, and/or a corresponding document token. This link may be distributed downstream via messages, emails, or other applications. The document linking system may track document interactions, trace locations, and/or control individualized downstream access. The document linking system may provide instructions to a document delivery system to integrate a plugin or widget into its corresponding application (e.g., a messaging or email application). A user using the application may select a GUI object to access the document linking system and generate a document link. This link may then be embedded into a message or email and disseminated. The document linking system may also generate graphical document links that may be scanned with a camera to access the document.

Abstract: Systems, methods, and computer program products are provided for quantum computing (QC) detection. An example QC detection system includes QC detection data generation circuitry that generates QC detection data. The QC detection system also includes cryptographic circuitry that distorts the QC detection data via a first post-quantum cryptographic (PQC) technique and generates a pair of asymmetric cryptographic keys including a public cryptographic key and a private cryptographic key. The cryptographic circuitry further generates encrypted QC detection data based on the pair of asymmetric cryptographic keys and destroys the private cryptographic key. The QC detection system further includes data monitoring circuitry that monitors a set of data environments for electronic information related to the encrypted QC detection data.

Abstract: Method, system, and programs provide automatic anonymization of protected data items when a request is associated with authentication via a ticket. Ticket authentication includes sending a ticket to a recipient address. The ticket is included in a request for information. Responsive to receiving a request with a ticket, an example system may determine if the ticket is still valid and, if so, generate mock identifiers for any identifiers in information provided back to the requestor, replace the identifiers with their corresponding mock identifiers, as well as delete any protected information from the information provided back to the requestor. The system may store a mapping of the identifiers with their mock identifiers by session id. These mappings may be deleted after a predetermined time, so that the mapping is valid only for a particular session for a limited time.