Abstract: Aspects of the disclosure relate to account lineage tracking and automatically executing responsive actions upon detecting an incomplete lineage chain. A computing platform may receive an account-change message from a database-level interceptor. The account-change message may include information identifying a first target account as a database-level source account and identifying a second target account associated with one or more target databases. The first target account may be associated with a target application configured to access the target database. After receiving the account-change message, the computing platform may determine, based on a failure to detect a source account associated with the first target account, that an account lineage chain associated with the account-change message is incomplete.

Abstract: A security feature within an apparatus that includes a fingerprint scanner used for purposes of authentication. Specifically, a first indicator is detected that is a user input to a fingerprint scanner and indicates the occurrence of a duress-inducing event. In response to detecting the first indicator, (i) access to the apparatus is controlled, and (ii) access to functionality provided by the apparatus is controlled. As such, if the user is being forced to input their fingerprint by a nefarious entity desiring access to the apparatus, the present invention provides a means by which the user can covertly activate certain features on the apparatus that prevent the nefarious entity from access to the apparatus and/or functionality provided by the apparatus.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for fraud detection based on changes in resource transmissions. The invention is configured to identify unauthorized resource transmission by importing or retrieving data known to have been associated with unauthorized resource transmissions to project one or more patterns of unauthorized resource transmission that can be compared with resource transmission data of a user to identify a potentially misappropriated transaction.

Abstract: Systems, computer program products, and methods are described herein for a data obfuscation authentication security display session. The invention provides a secondary authentication by recognizing the initial access to a display screen and overlaying and presenting false information on the screen. The false screen may mimic that of a real account screen, but the personal information about the user is false. The invention then requires the user to perform a secondary authentication to gain access information on the display session that is not false. The invention may allow for a duress code implementation in place of the secondary authentication, which initiates security protocols, include a continuum based protocol arrangement of security protocols.

Abstract: Automatically and covertly activating audio/video mechanisms within a mobile communication device when a user is confronted with a duress-inducing event or a situation based on receipt of a duress indicator. The duress indicator is a subtle user input, such as a personal gesture, personal audible code or device input that triggers the covert activation of audio/video recording mechanisms on a mobile communication device. As a result, audio and/or video data of a duress-inducing event can be captured absent other parties to the duress-inducing event being aware that audio/video data is being captured.

Abstract: Systems, computer program products, and methods are described herein for implementing device manipulation for counteracting facial recognition authentication security malfeasance. The present invention is configured to receive a request from a user via a client device to access an authentication subsystem to execute a facial recognition authentication for access to an application; initiate the facial recognition authentication on the client device in response to receiving the request; receive, from the client device, one or more external inputs in response to one or more authentication prompts; determine, using a machine learning subsystem, that at least one of the one or more external inputs is associated with a first preconfigured duress code; trigger, using a breach detection subsystem, a first set of security protocols; and execute, using the breach detection subsystem, a first set of predefined actions associated with the first set of security protocols.

Abstract: Aspects of the disclosure relate to account lineage tracking and automatically executing responsive actions upon detecting an incomplete lineage chain. A computing platform may receive an account-change message from a database-level interceptor. The account-change message may include information identifying a first target account as a database-level source account and identifying a second target account associated with one or more target databases. The first target account may be associated with a target application configured to access the target database. After receiving the account-change message, the computing platform may determine, based on a failure to detect a source account associated with the first target account, that an account lineage chain associated with the account-change message is incomplete.

Abstract: Aspects of the disclosure relate to account lineage tracking and automatically executing responsive actions upon detecting an account lineage. A computing platform may receive a first account-change message from a source-level interceptor. The first account-change message may include information identifying a source account associated with a first computing device and identifying a first target account. The first target account may be associated with a target application configured to access the target database. The computing platform may receive a second account-change message from a database-level interceptor. The second account-change message may include information identifying the first target account as a database-level source account and identifying a second target account associated with one or more target databases.

Abstract: Aspects of the disclosure relate to improving user responses to cyber security threats. A computing platform may generate a test communication to simulate a potential cyber threat activity. Then, the computing platform may send, via the communication interface, the test communication to a user device associated with a target user. Then, the computing platform may receive, via the communication interface and from the user device, a response to the test communication. Subsequently, the computing platform may determine, based on the response, a threat awareness level for the target user, where the threat awareness level is indicative of a susceptibility of the target user to the potential cyber threat activity. Then, the computing platform may send, to the target user and based on the threat awareness level, an alert notification to counter the cyber threat activity.

Abstract: Aspects of the disclosure relate to physiological sensor-based monitoring and control systems. A computing device may determine a physiological measurement. Then, the computing device may compare the physiological measurement with one or more baseline values to determine whether the physiological measurement is anomalous with respect to the one or more baseline values. When the physiological measurement is determined to be anomalous with respect to the one or more baseline values, the computing device may execute access control on a device to prevent access by a user to one or more systems, applications, resources, or the like.

Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is safe to run, the system may generate a hash output of the executable data and store the hash output in a database of approved executable data. In this way, the system may securely generate a repository of authorized hashes such that the system may ensure that only safely executable code is processed by the computing systems within the network environment.

Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is unsafe to run, the system may generate a hash output of the executable data and store the hash output in a database of unauthorized executable data. In this way, the system may securely generate a repository of authorized and unauthorized hashes such that the system may ensure that unsafe executable data is blocked from being processed within a network environment.

Abstract: A system already on a network may be analyzed when the system takes an action or may be periodically reviewed. The analysis of the system may include the creation of an environment hash for the system, which is a representation of the configuration (e.g., hardware, software, or the like) of the system, and a comparison with hash requirements. The hash requirements may be stored authorized hashes, stored unauthorized hashes, past hashes for the same system, hashes for other systems with the same or similar configurations, or the like. When the environment hash of the system meets hash requirements, the system may be allowed to continue to operate on the system or may be allowed to take the action on the network. When the hash of the system fails to meet a hash requirement, the system may be isolated from the network and investigated for a non-compliant configuration.

Abstract: Aspects of the disclosure relate to information security by identifying unique or related factors in common between individuals subject to a common threat vector. Data mining and data acquisition of public and non-public user information is performed to prevent, disrupt, and/or address criminal, cyber, and fraudulent threats. The information can be normalized into template(s) to align information across disparate datasets and enable efficient storage of the big data into appropriate fields to be tracked. The information can be stored in data warehouse(s) or in multidimensional data structure(s) for investigation if a threat vector against a group of individuals is detected. The multidimensional data can be analyzed to identify direct connections, common connecting entities, and/or connectivity clusters between individuals who were attacked or who may be attacked in the future.

Abstract: A centralized network environment is provided for processing validated executable data based on authorized hash outputs. In particular, the system may generate cryptographic hash outputs of code or software that has been evaluated (e.g., within a virtual environment). The system may then store the hash outputs within a hash database which may be accessible by multiple entity networks, where multiple entities may upload hash output values to and/or retrieve hash output values from the hash database. Based on the data within the hash database, each entity may efficiently identify code that may be safe or unsafe to execute on certain computing systems within its network environment. The system may further comprise an artificial intelligence-powered component which may be configured to detect patterns within code that has been identified by the system as unsafe and provide notifications containing systems likely to be affected and recommended countermeasures.

Abstract: Aspects of the disclosure relate to account lineage tracking and automatically executing responsive actions upon detecting an account lineage. A computing platform may receive a first account-change message from a source-level interceptor. The first account-change message may include information identifying a source account associated with a first computing device and identifying a first target account. The first target account may be associated with a target application configured to access the target database. The computing platform may receive a second account-change message from a database-level interceptor. The second account-change message may include information identifying the first target account as a database-level source account and identifying a second target account associated with one or more target databases.

Abstract: A virtual environment system for validating using accelerated time-based process execution is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. The set of commands or processes may be executed on an accelerated-time basis such that processes that would be executed on a longer timeline may be executed at a greater speed (e.g., a shorter timeline). In this way, the system may securely detect the presence of latent defects or issues that may arise from executing the code on a long-term basis.

Abstract: Aspects of the disclosure relate to improving user responses to cyber security threats. A computing platform may generate a test communication to simulate a potential cyber threat activity. Then, the computing platform may send, via the communication interface, the test communication to a user device associated with a target user. Then, the computing platform may receive, via the communication interface and from the user device, a response to the test communication. Subsequently, the computing platform may determine, based on the response, a threat awareness level for the target user, where the threat awareness level is indicative of a susceptibility of the target user to the potential cyber threat activity. Then, the computing platform may send, to the target user and based on the threat awareness level, an alert notification to counter the cyber threat activity.

Abstract: Aspects of the disclosure relate to account lineage tracking and automatically executing responsive actions upon detecting an account lineage. A computing platform may receive a first account-change message from a source-level interceptor. The first account-change message may include information identifying a source account associated with a first computing device and identifying a first target account. The first target account may be associated with a target application configured to access the target database. The computing platform may receive a second account-change message from a database-level interceptor. The second account-change message may include information identifying the first target account as a database-level source account and identifying a second target account associated with one or more target databases.

Abstract: Aspects of the disclosure relate to improving user responses to cyber security threats. A computing platform may generate a test communication to simulate a potential cyber threat activity. Then, the computing platform may send, via the communication interface, the test communication to a user device associated with a target user. Then, the computing platform may receive, via the communication interface and from the user device, a response to the test communication. Subsequently, the computing platform may determine, based on the response, a threat awareness level for the target user, where the threat awareness level is indicative of a susceptibility of the target user to the potential cyber threat activity. Then, the computing platform may send, to the target user and based on the threat awareness level, an alert notification to counter the cyber threat activity.