Abstract: Systems and methods are provided for monitoring information-security coverage to identify a vulnerability or risk in the information-security coverage. An information-security system can include computing systems, databases, a security server, etc. that can communicate data via a network. The server can be used to obtain data indicating a process for managing or monitoring information-security in the system and data indicating activity on the network, computing systems, server, or databases. The server then determines a metric based on the obtained data and the metric can indicate a risk or vulnerability in information-security coverage in the system. The server can then aggregate the data and transmit the aggregated data to a computing device. The computing device can generate an interface for outputting data for monitoring information-security coverage or identifying a vulnerability or risk in information-security coverage, which can improve the security of the information-security system.

Abstract: The disclosed computer-implemented method for utilizing federated machine-learning to protect against potentially malicious data may include (i) arranging a set of client devices into groups for applying a federated machine-learning model, (ii) determining model updates for each of the groups over a predetermined period, (iii) training one or more recurrent neural networks to derive a low-dimensional representation of the model updates, (iv) calculating a data quality score for each of the client devices based on the model updates, (v) applying the federated machine-learning model to classify data instances on each of the client devices as including clean data or potentially corrupt data, and (vi) performing a security action that protects against the potentially malicious data by tagging the data instances classified as the potentially corrupt data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present embodiments relate to entry and management of identifiers and credentials. The present embodiments display a credential affordance that, upon selection, provides a credential-assistance user interface for enabling swift access to various credential and management options. The credential affordance can be displayed based on a determination by electronic device that a webpage includes a text entry field associated with a set of one or more restricted resources (e.g., document and/or webpage).

Abstract: One or more embodiments of the disclosure include systems and methods that generate and utilize digital visual codes. In particular, in one or more embodiments, the disclosed systems and methods generate digital visual codes comprising a plurality of digital visual code points arranged in concentric circles, a plurality of anchor points, and an orientation anchor surrounding a digital media item. In addition, the disclosed systems and methods embed information in the digital visual code points regarding an account of a first user of a networking system. In one or more embodiments, the disclosed systems and methods display the digital visual codes via a computing device of the first user, scan the digital visual codes via a second computing device, and provide privileges to the second computing device in relation to the account of the first user in the networking system based on the scanned digital visual code.

Abstract: Disclosed herein are systems and methods of executing scanning software, such an executable software program or script (e.g., PowerShell script), by a computing device of an enterprise, such as a security server, may instruct the computing device to search all or a subset of computing devices in an enterprise network. The scanning software may identify PowerShell scripts containing particular malware attributes, according to a malicious-code dataset. The computing system executing the scanning software may scan through the identified PowerShell scripts to identify particular strings, values, or code-portions, and take a remedial action according to the scanning software programming.

Abstract: A single sign-on system using blockchain is disclosed. The single sign-on system may interconnect various organization systems over a peer-to-peer network, with each organization system having a blockchain node and an application programming interface (API). The blockchain node invokes and uses a smart contract to write registration credentials to the blockchain during a registration process. During a login process, the blockchain node invokes the smart contract to determine whether login credentials match stored login credentials in the blockchain. In response to matching login credentials, the API may generate a single sign-on token that can be used by a user device to access one or more organization systems connected over the network.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Disclosed are various embodiments for authenticating users of applications using decentralized data models for storing a user's identity. A fingerprint for a computing device is received from an application executing on the computing device. An identity key associated with the fingerprint for the computing device is then obtained, the identity key being linked to a signed claim. The signed claim is retrieved and evaluated. The application executing on the computing device is then granted access to the computing resource in response to evaluating the signed claim.

Abstract: Disclosed are various embodiments for decentralizing the authentication or verification of data. An identity key can be generated for a data item. A request can then be sent to an authentication provider for authentication of the data item, the request comprising the identity key and the data item. A verified claim for the data item can then be received in response. Subsequently, an identity document is generated, the identity document comprising the identity key for the data item and the verified claim. Finally, the identity document can be stored in a distributed ledger.

Abstract: Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

Abstract: Computer-implemented systems and methods provide a better support experience and resolve user configuration issues for firm platforms more quickly. The systems and methods use automated tools that query a selected firm platform for real time data that allows anyone to obtain an up-to-date view of a user's data or configuration for the selected platform.

Abstract: Disclosed embodiments relate to systems and methods for securely handling secrets by securing development and operations pipelines. Techniques include identifying a network access request for a process within the development and operations pipeline; accessing a result of at least one investigation of the process and the network access request, wherein the at least one investigation includes one of monitoring the process behavior, performing a process attestation, or performing an inspection of the network access request; determining whether to authorize the network access request; and conditional on whether the network access request is authorized, dynamically injecting a secret into the network access request, wherein the secret is not made available to the process itself.

Abstract: A method includes storing, in one or more databases amongst a plurality of databases by one or more nodes in a distributed database system, data for one or more of network enabled devices. The data for each network enabled device includes encrypted private data, and metadata associated with the private data. The metadata may include permissions data, time period validation data, and encryption parameters. In addition, the method may include locating the encrypted first private data and determining using first permissions data associated with the encrypted first private data and using the second network-enabled device identifier if the second network-enabled device is authorized to access the first private data. The method includes providing the first private data to the second network-enabled device. The second network-enabled device obtains and decrypts the encrypted first private data to obtain the first private data.

Abstract: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to a quarantine container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One or more tags generated by the endpoint security services are obtained, where each tag is for a virtual machine that is associated with one of the identified security threats. And one of the virtual machines is identified as requiring transfer to the quarantine container based on, at least, one or more of the obtained tags and the one or more criteria.

Abstract: A method including determining an assigned key pair associated with a device, the assigned key pair including an assigned public key and an associated assigned private key; determining an access key pair associated with content to be encrypted, the access key pair including an access public key and an associated access private key; encrypting the access private key using a combination encryption key determined based at least in part on the access private key and the assigned public key; encrypting a randomly generated key by utilizing the access public key; and encrypting the content utilizing the randomly generated key. Various other aspects are contemplated.

Abstract: Example techniques described herein relate to a software application that is configured to operate as an add-on software component to audio-playback software on a playback device of a media playback system. An example implementation may involve adding the multiple audio tracks to the playback queue, and before playing back a first audio track, enabling a first add-on component to audio-playback software. The first add-on component corresponds to a first remote source and enabling this component causes a first modification to an equalization of the playback device. The example implementation may also involve before playing back a second audio track, enabling a second add-on component to the audio-playback software. The second add-on component corresponds to the second remote source and enabling this component causes a second modification to the equalization. Enabling the second add-on component disables the first add-on component if enabled.

Abstract: A method for range of motion (ROM) tracking, that determines with a ROM tracking system, an exercise identified by a caregiver to be performed by a subject by positioning a sensor of the ROM tracking system to allow the sensor to detect at least one movement by the subject during a performance of the exercise, and then detecting, through the sensor, at least one movement of the subject. The system further analyzes the movement by the subject to determine a range of motion of the at least one movement; recording through a user interface an indication by the subject of an experiential narrative; and finally, providing a report to the caregiver, where the report contains the results of at least one movement in conjunction with at least a portion of the experiential narrative.

Abstract: A system may facilitate a distributed ledger technology (DLT) record based (for example, blockchain-based) ballot organization. A node configured to support an organizer role may generate a ballot that designates answers, and in some cases, conditions for valid vote-value transfers. The organizer may distribute vote-value to one or more voters. The voters may then commit portions (including null portions) of the received vote value to answers using committed tokens configured to bind the voter to a particular vote-value without divulging the particular vote value while in a cryptographic form.

Abstract: A method for key agreement between a first party and a second party over a public communications channel, the method including selecting, by the first party, from a semigroup, a first value “a”; multiplying the first value “a” by a second value “b” to create a third value “d”, the second value “b” being selected from the semigroup; sending the third value “d” to the second party; receiving, from the second party, a fourth value “e”, the fourth value comprising the second value “b” multiplied by a fifth value “c” selected by the second party from the semigroup; and creating a shared secret by multiplying the first value “a” with the fourth value “e”, wherein the shared secret matches the third value “d” multiplied by the fifth value “c”.

Abstract: Techniques for increasing security for pre-authenticated links are disclosed herein. Computing systems that generate pre-authenticated links are configured to assign an entity identifier to pre-authenticated links to specify an entity permitted to access respective data through the pre-authenticated link. When activating a respective pre-authenticated link, an entity attaches an entity token to the request to prove an identity of the requesting entity. If the identity from the entity token matches the entity identifier, the computing system may grant access to the respective data.