Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating user interface control images for robotic automation. One of the methods includes detecting, during a training process, a control selection event; retrieving a first image and a second image; determining a difference image that represents a difference between the first image and the second image; determining, using the difference image, a plurality of colors for pixels included in the difference image that are likely located outside of a control location for the control; determining one or more shapes depicted in the difference image that each have a color other than all of the colors in the plurality of colors; selecting, from the one or more shapes and using an event location, a particular shape as likely representing the control; and storing a cropped image of the control extracted from one of the two or more images.

Abstract: An instant messaging (IM) service interacts with IM clients operating on computing devices to implement an extensible platform with which individual composer applications (“apps”) may interact to support a variety of different messaging user experiences for users of respective local and remote devices. Each IM client exposes an application programming interface for utilization by a local composer app to package content that the IM service then transparently transports to a remote device. An IM client on the remote device provides the package to an identified associated remote composer app that can unpack the content and use it to support the app's customized messaging experience for the remote user. The composer app also provides a preview of the experience supported by the packaged content that the clients on the respective local and remote devices may utilize in a messaging history and/or as a launching point to the composer app's user experience.

Abstract: A method, system and computer program product for ensuring that all users of a group message receive a response to the group message. The content of a detected group message is analyzed to determine if the group message requires a response and, if so, to assess the urgency of the response. If the analyzed group message requires a response, then a determination is made as to whether a response was received by all or a subset of the users of the group message (sender and recipients of the group message) within a threshold amount of time based on the urgency of the response. If the response was only received by a subset of the users of the group message, then the response is broadcasted to the other users of the group message who had not previously received the response if no confidential information is detected in the response.

Abstract: The present disclosure discloses a task management method based on an instant message, a client and a server. According to an example of the method, the client displays instant messages in a group on a message display interface. When a task conversion operation for any one of the instant messages is obtained on the message display interface, the client sends the task conversion operation for the instant message to the server. When receiving the task conversion operation, the server converts the instant message into a target task to be processed and sends the target task to the client. When receiving the target task from the server, the client displays the target task on a task display interface.

Abstract: A real-time messaging system platform receives from, a communication application installed on a first user communication device, a first user identifier, an indication that a messaging service message composed by the first user is being directed to a first destination associated with a second user, and an identification of data present in the messaging service message. The identification of the data and a message transmission history of the first user is used to enable selection of a message of a first entity. The selected message of the first entity is caused to be displayed by the communication application within a message framework that frames the first user messaging service message. The first entity message is caused to be included in the messaging service message transmitted to the second user device, wherein the first entity is not provided with access to the identity of the first user or the second user.

Abstract: Methods, systems, and computer program products for enhancing a plurality of electronic communication systems for a plurality of users include, for example, providing data regarding at least one project, and linking the data regarding the at least one project with the plurality of electronic communication systems regarding the plurality of electronic communications for the plurality of users.

Abstract: A method and system for verifying that an electronic communication is sent to the intended recipient prior to the communication actually being sent comprises: detecting a recipient name in a body of the communication and determining whether the detected recipient name is a match or potential mismatch with a destination indication or name associated with the destination indication.

Abstract: In a method for processing messages exchanged on a social network, a data processing apparatus gathers from the social network a reference set of messages pertaining to a user-selected reference context. The data processing apparatus then applies a multidimensional aggregation to the reference set of messages, whereby the messages of the reference set are grouped in an multidimensional array of groups having at least two dimensions. In each dimension, the array comprises a number of groups that correspond to a number of values of a certain message feature. Each group in a dimension corresponding to a certain message feature aggregates all the messages of the reference set whose message feature has a same value. Then, a user interface is displayed, which shows the reference set of messages as aggregated in at least two dimensions of the array.

Abstract: In an example implementation of the disclosed technology, a method includes predicting, by a computing device, a destination server that is predicted to be the destination of a message from a sending device connected to the computing device. The method also includes determining whether a connection exists between the computing device and the destination server. The method also includes, responsive to determining that no connection exists, determining a connection and caching the connection at the computing device. The method also includes, responsive to receiving a message for dispatch to the destination server, dispatching the message to the destination server via the connection.

Abstract: Implementing auto attach for a shortest path bridging (SPB) network comprises determining, on an access point, that an auto attach device communicating in a SPB network is enabled for auto attach, and an advertisement is transmitted to a mobile station. The access point acts a proxy between the mobile station and the auto-attach device by communicably coupling the auto attach device and the mobile station via the access point. A virtual local area network (VLAN) identification and service instance identifier (I-SID) is received from the mobile station, when is then transmitted to the auto-attach device. A VLAN (independent of any static VLAN associated with the WLAN) is created off of the VLAN identification and an indication that the I-SID and the VLAN have been accepted. Data communications are then provided between the mobile station and the auto attach device via the VLAN and the access point.

Abstract: A computer-implemented method for domain analysis comprises: obtaining, by a computing device, a domain; and inputting, by the computing device, the obtained domain to a trained detection model to determine if the obtained domain was generated by one or more domain generation algorithms. The detection model comprises a neural network model, a n-gram-based machine learning model, and an ensemble layer. Inputting the obtained domain to the detection model comprises inputting the obtained domain to each of the neural network model and the n-gram-based machine learning model. The neural network model and the n-gram-based machine learning model both output to the ensemble layer. The ensemble layer outputs a probability that the obtained domain was generated by the domain generation algorithms.

Abstract: A system includes a terminal and a gateway. The terminal is programmed to identify, in received data, a signature of rogue data that includes at least a device identifier and an application identifier, and to transmit, via uplink to a satellite, the identified signature to a gateway. The gateway is programmed to block downlink data, upon determining that downlink data includes the received signature, and to broadcast the received signature to a second gateway.

Abstract: An example security device receives a plurality of data units carrying traffic in a message encoded in accordance with an application layer protocol for a server. The message comprises payload. The security device analyzes the plurality of data units to identify the application layer protocol; selects a data extraction algorithm in dependence on the identified application layer protocol; extracts selected data from the payload, in accordance with one or more tokenizing rules; and forwards selected data to a token encoder, to allow the token encoder to store selected data and return at least one token used to identify the selected data. The device receives from the token encoder, at least one token and replaces the selecting data in the payload with the at least one token to form modified payload and forming and forwards a modified message comprising the payload data, in place of the message, thereby securing the original message.

Abstract: A method for content delivery network (CDN) inter-node encryption by a CDN node includes receiving a symmetric key set and a key index from a key center, determining a key from the symmetric key set according to the key index, and performing encryption and decryption processing using the key when performing Hyper Text Transfer Protocol (HTTP) data transmission with another CDN node.

Abstract: A method for encrypting data when a device is offline is disclosed. In the method, a determination is made as to whether a successful connection with a remote server computer can or cannot be made. If a connection cannot be made, then data can be encrypted with an ephemeral public key. Later, then a connection is available, the encrypted data can be transmitted to the remote server computer for processing.

Abstract: A configurable transmitter is provided for a vehicle for transmitting signals to a device remote from the vehicle. The configurable transmitter includes an RF transmitter that receives an RF signal during a training mode to learn characteristics of the received RF signal, and to transmit an RF signal to the remote device in an operating mode where the transmitted RF signal includes the learned characteristics of the received RF signal; a local memory device for storing channel data representing the learned characteristics and for storing a unique identification code and a cloud encryption key; an interface that communicates with an Internet server; and a controller coupled to the local memory device and the interface, the controller retrieves the channel data from the local memory device, encrypts the channel data using the cloud encryption key and transfers the encrypted channel data for remote storage in the Internet server through the interface.

Abstract: A method is performed by an access router of an enterprise network including a first edge router to communicate with a second edge router over a wide area network (WAN). The method includes receiving a packet from a first endpoint, receiving from a mapping service a network location of a second edge router for which the packet is destined and a security association (SA) to encrypt the packet from the access router to the second edge router, and generating for the first edge router one or more path selectors for WAN path selection. The method includes encrypting the packet using the SA, and adding to the encrypted IP packet, in clear text, the path selectors and outer encapsulation including the network location, to produce an encrypted tunnel packet. The method also includes forwarding the encrypted tunnel packet to the second edge router via the first edge router and the WAN.

Abstract: In general, techniques are described for enhancing communication between kernel modules operating in different network stacks within the kernel space of the same network device. An IPVLAN driver is configured to establish an endpoint in a first and second kernel module, wherein each kernel module executes in a different networking stack in the same kernel space. The endpoint in the first kernel module is associated with an interface of the first module. Selected packets are transferred from the second kernel module to the first kernel module via the interface of the first module.

Abstract: In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a plurality of servers interconnected by a switch fabric comprising a plurality of switches interconnected to form a physical network. Each of the servers comprises an operating environment executing one or more virtual machines in communication via one or more virtual networks. The servers comprise a set of virtual routers configured to extend the virtual networks to the operating environments of the virtual machines. A virtual router of the set of virtual routers is configured to prepare tunnel packets by forwarding packets received from virtual machines to an IPSec kernel executing in a host operating network stack, receiving the ESP packets back from the IPSec kernel and forwarding the ESP packets across the virtual networks.

Abstract: Embodiments herein describe segmenting a Wi-Fi network into different groups. The embodiments herein assign a user, a client device, or a traffic flow originating from a client device to a group. For example, all the client devices for a particular user can be assigned to the same group tag, or each traffic flow in the client device may be assigned to different groups. Each group corresponds to a group key which can be transmitted to the client device when the device associates to an access point (AP). As such, within the same service set identifier (SSID), there can be multiple groups, and thus, client devices can use different group keys to communicate with other client devices associated to the same SSID. Put differently, rather than all devices connected the same SSID being assigned to the same group, the client devices can be assigned in different groups.

Abstract: A secure protocol has been developed that reduces the number of transactions associated with multifactor authentication (MFA) systems. An identity provider determines authentication factors which satisfy an application assurance level and constructs a credential collection file with input elements corresponding to the determined factors. The identity provider communicates the file to a client for collection of corresponding credentials. After submission of credential data, the collected set of credentials or credential data (“MFA credential set”) is returned to the identity provider for verification. The identity provider does not redirect to the client for additional transactions until after verifying the MFA credential set. In addition to reducing MFA communication overhead for a client, the credential collection file is based on a structure or schema that can be edited to adapt to changes in assurance level and authentication mechanisms.

Abstract: Methods, systems, and/or devices for controlling media presentation at a shared media presentation system are described herein. To that end, an electronic device defines a distance-related access restriction between a media presentation system and a second electronic device. The device selects one or more access control settings for the media presentation system to be controlled by the second electronic device. The device receives a request, from the second electronic device, to control playback at the media presentation system. In accordance with a determination that the second electronic device meets the distance-related access restriction, the device provides authorization for the second electronic device to access the media presentation system using media control requests that comply with the one or more access control settings selected by the electronic device.

Abstract: A client computer includes a web browser connected to a local web server that is coupled with a local utility. Upon loading a web page, the web browser sends, to the local web server, a first open-ended message that does not require a return message from the local web server. In response to and upon receiving a response to the first open-ended message, the web browser maintains communication with the local web server by sending a second open-ended message that does not require a return message to the local web server. The local web server receives the first open-ended message, waits until the local utility determines that there is information to be provided to the web browser, and in response to determining that there is information to be provided to the web browser, sends a first return message including the information to the web browser.

Abstract: Techniques are provided for a highly available web-based database interface system (WDIS) processing database requests that target one or more databases managed by a coupled DBMS. In an embodiment, a web server of multiple web servers receives a first client web-based request that includes one or more first database instructions of a database request. The multiple web servers are configured to balance client web-based requests among one or more of the multiple web servers. The one or more of the multiple web servers are coupled to a database management system that includes one or more database servers executing database instructions on one or more databases. Based on balancing client web-based requests among the one or more of the multiple web servers, routing the first client web-based request that includes the one or more first database instructions of the database request to the first web server of the one or more multiple web servers coupled to the database management system.

Abstract: Methods and apparatus to clone an agent in a distributed environment are disclosed. An example apparatus includes a first management agent associated with a first component server in a virtualization environment, the first management agent configured to facilitate communication between the first component server and a virtual appliance, the virtual appliance to authenticate the first management agent based on first credentials including a first identifier and a first certificate. The example apparatus includes a second management agent associated with a second component server in the virtualization environment, the second management agent cloned from the first management agent and including a copy of the first credentials. The example second management agent is to: generate second credentials including a second identifier and a second certificate; authenticate with the virtual appliance based on the first identifier and the first certificate; and delete the copy of the first credentials.

Abstract: An example operation may include one or more of obtaining a request to validate an application with respect to an OAuth provider, identifying a previously registered digital signature of the application, generating verification information of the application based on the identified digital signature of the application, and passing the generated verification information of the application to the OAuth provider via a user login page.

Abstract: The subject disclosure relates to employing sourcing and generation components to facilitate a generation of identity data. In an example, a system comprising a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory, comprise a sourcing component and a generation component. In an aspect, the sourcing component can source, by a user device comprising the processor, a set of biometric data and a set of statistical data. In another aspect, a generation component can generate, by the user device, a set of identification data based on an interpolation of the set of biometric data and the set of statistical data.

Abstract: Methods for authenticating a user utilizing a smart speaker system are presented, the methods including: requesting a user authentication by issuing a voice command to a smart speaker; playing a sonic one-time password (OTP) on the smart speaker received from an authentication server in response to the requesting a user authentication; receiving the sonic OTP by a mobile device of the user; transmitting an OTP decoded from the sonic OTP to the authentication server; and authorizing the user by the authentication server to execute a secure transaction using the smart speaker system.

Abstract: A technique includes receiving a request from a first electronic device to connect to a network and receiving a first part from the first electronic device. The technique includes regulating onboarding of the first electronic device. Regulating the onboarding includes authenticating the first electronic device. Authenticating the first electronic device includes communicating with a plurality of electronic devices that are connected to the network to receive a set of second secret parts; constructing a first secret from the first secret part and the set of second secret parts; and comparing the first secret to a second secret. Regulating the onboarding of the first electronic device includes allowing the first electronic device to connect to the network based on a result of the comparison.

Abstract: The present disclosure provides an industrial internet encryption system for an internet of things (IoT) environment. The present disclosure provides an apparatus, a system, and a method for providing an industrial internet encryption system comprising: accessing an application module; initiating registration with the application module; completing registration with the application module by providing profile attributes; locally encrypting registration profile attributes; authenticating into a networked environment using encrypted registration information; and maintaining registration information for one or more devices.

Abstract: A method, system and computer-usable medium for web application aware rate-limiting. One embodiment of the system involves a computer-implemented method in which requests for a web application are receive from a plurality of client entities. When the received requests are to be rate-limited, a rate-limiting identifier is requested from a plug-in respectively associated with the web application. The plug-in generates the rate-limiting identifier, wherein the rate-limiting identifier is unique to the web application. The plug and sends the rate-limiting identifier to the rate-limiting engine, which uses the rate-limiting identifier to rate-limit passing of the received requests to the web application. In some embodiments, the rate-limiting identifier is generated as a hash value that is independent of IP address and header information data of the client making the request.

Abstract: A method, non-transitory computer readable medium and apparatus for controlling access of a custom browser function are disclosed. For example, the method includes a processor that sends a request to a third party website, receives a hypertext markup language code and a browser script, renders the hypertext markup language code, detects that the browser script is trying to access a custom browser function, compares one or more parameters associated with the custom browser function to an access control list to control an access of the custom browser function, and executes the custom browser function when a match of the one or more parameters is found in the access control list.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.

Abstract: A method may include connecting a network device to a control zone of a drilling management network. The control zone may include a control system that includes a programmable logic controller that performs drilling operations. The method may further include validating that the network device is authorized to communicate with a destination device in the control zone. The method may further include reconfiguring, in response to validating the network device, the control zone to enable the network device to communicate with the destination device. The method may further include obtaining a packet from the network device. The method may further include transmitting, in response to reconfiguring the control zone, the packet to the network device.

Abstract: Embodiments of the present invention provide a system for detecting unauthorized access via card characteristic verification. The present invention is configured to identify initiation of a resource distribution event via a resource distribution card at a resource distribution device, identify one or more characteristics of the resource distribution card, determine a first user associated with the resource distribution card based on the one or more characteristics, determine that the resource distribution card of the first user is associated with an issuing entity associated with a resource account of the first user based on the one or more characteristics, and authorize and process the resource distribution event based on determining that the resource distribution card is associated with the issuing entity associated with the resource account associated with the first user.

Abstract: A system, non-transitory computer-readable medium, and method for approving access permissions are provided. The system comprises at least one processor and memory storing instructions which when executed by the at least one processor configure the at least one processor to perform the method. The non-transitory computer-readable medium has instructions thereon, which when executed by a processor, perform the method. The method comprises transforming enterprise access data into data sets, identifying business roles based on common patterns of the access data, presenting at least one business role assignable to an employee to an access manager, and receiving an approval indication input associated with the access manager assigning the business role to the employee. The business roles comprises at least one access point associated with the access data.

Abstract: In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for binding a GET/AUTHORIZE URL to a proxy through a native application may include: (1) receiving, at a native application executed by an electronic device, an applink call or a universal link call from a third-party application executed by the electronic device, the redirect comprising at least one parameter; (2) providing a Get/Authorize call with the at least one parameter to an API gateway; (3) receiving a 302 redirect from the API gateway; (4) providing authentication information to an authorization platform; (5) receiving an authorization code from the authorization platform; and (6) redirecting the third-party application with the redirect URL and authorization code.

Abstract: There is described a method and data processing apparatus for verifying part or all of a downloading file, the file comprising a sequence of bytes, one or more bytes defining a block, the file having a final hash state calculated by a hash algorithm over the blocks in ascending order from first to last, each block having a starting hash state calculated by the hash algorithm, said method comprising: receiving the final hash state; receiving one or more blocks orderable in descending order starting from the last block; receiving, for each received block, the starting hash state for that block; calculating, for each received block, an ending hash state by running the hash algorithm from the starting hash state of the received block; confirming the starting hash state for each received block when the ending hash state is the same as the final hash state or a confirmed starting hash state; and flagging an error when an ending hash state does not match the final hash state or a confirmed starting hash state.

Abstract: The invention relates to a resource landscape system that allows users to identify issues with elements within the organization and implement changes to the elements utilizing a relational database that utilizes nodes for defining the elements and relationships between the elements. The resource landscape system and applications therein provide a holistic inventory of resources, threat vectors, controls, metrics, policies, rules, and/or the like. The resource landscape system may be implemented through one or more interfaces that allows users to view cross-references of the elements, identify the priority of the elements using the crossed-references, and/or identify element issues in the elements of the organization that could results in threats to the organization. Moreover, the invention allows for receiving changes to one or more of the elements and automatically updating the cross-references of the elements, the priority of the elements, and/or the element issues.

Abstract: A method of scanning a plurality of ports at one or more target IP addresses is disclosed. Each of the plurality of ports corresponds to a port number at one of the one or more target IP addresses, for example an IPv4 or IPv6 address. The method comprises assigning each port to one of a plurality of sets of ports and executing a plurality of port scanning processes at the same time on a common source machine (virtual or physical). Each port scanning process sends port probe requests to the ports of a respective set of the plurality of sets from a different respective source IP addresses. Thus, a different respective source IP address is associated with each set of the plurality of sets of ports, different from the source IP addresses associated with the remaining sets, and each set of target IP addresses receives probe requests from a different respective source IP address. The sets may be aligned with target addresses or may spread several target addresses or only part of the ports of a target address.

Abstract: A system associated with detecting a cyber-attack and reconstructing events associated with a cyber-attack campaign, is disclosed. The system performs various operations that include receiving an audit data stream associated with cyber events. The system identifies trustworthiness values in a portion of data associated with the cyber events and assigns provenance tags to the portion of the data based on the identified trustworthiness values. An initial visual representation is generated based on the assigned provenance tags to the portion of the data. The initial visual representation is condensed based on a backward traversal of the initial visual representation in identifying a shortest path from a suspect node to an entry point node. A scenario visual representation is generated that specifies nodes most relevant to the cyber events associated with the cyber-attack based on the identified shortest path. A corresponding method and computer-readable medium are also disclosed.

Abstract: Feature vectors are abstracted from data describing application processes. The feature vectors are grouped to define non-anomalous clusters of feature vectors corresponding to normal application behavior. Subsequent feature vectors are considered anomalous if they do not fall within one of the non-anomalous clusters; alerts are issued for anomalous feature vectors. In addition, the subsequent feature vectors may be used to regroup feature vectors to adapt to changes in what constitutes normal application behavior.

Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Abstract: A computer-implemented method for implementing protocol-independent anomaly detection within an industrial control system (ICS) includes implementing a detection stage, including performing byte filtering using a byte filtering model based on at least one new network packet associated with the ICS, performing horizontal detection to determine whether a horizontal constraint anomaly exists in the at least one network packet based on the byte filtering and a horizontal model, including analyzing constraints across different bytes of the at least one new network packet, performing message clustering based on the horizontal detection to generate first cluster information, and performing vertical detection to determine whether a vertical anomaly exists based on the first cluster information and a vertical model, including analyzing a temporal pattern of each byte of the at least one new network packet.

Abstract: Methods and apparatus for secure networking protocol optimization via NIC hardware offloading. Under a method, security offload entries are cached in a flow table or a security database offload table on a network interface coupled to a host that implements a host security database mapping flows to Security Association (SA) contexts. Each security offload entry includes information identify a flow and information, such as an offset value, to locate a corresponding entry for the flow in the host security database. Hardware descriptors for received packets that belong to flows with matching security offload entries are generated and marked with the information used to locate the corresponding entries in the host security database. The hardware descriptors are processed by software on the host and the location information is used to de-reference the location of applicable entries in the host security database.

Abstract: An information processing apparatus includes: a memory; and a processor coupled to the memory and configured to: specify, from among packets which are captured in a network, a head packet for transmitting a response related to remote control; extract a total size of the response from the head packet; calculate an area size which is assigned for the response in the head packet; and determine, based on the total size and the area size, that the remote control succeeds.

Abstract: In a telecommunication network, individual network slices are provided for various uses and/or for various enterprise customers. A network subsystem such as a network slice comprises multiple components, such as routers, applications, virtual network functions, etc. Each component of the subsystem generates and provides a digital signature, such as a hash, based on state properties of the component that have been designated as being invariant. The signatures from the multiple components are then combined and hashed to form a subsystem signature. A chronological sequence of subsystem signatures is saved in a distributed ledger, which may use blockchain technology to protect against after-the- fact modifications to the saved signatures. A network threat may be detected by detecting situations in which the subsystem signature of a particular subsystem changes over time. A saved blockchain, containing the sequence of signatures, can be provided as historical evidence of network integrity.

Abstract: A method comprising: receiving, from a web browser, a request for content to be inserted into a sub-document that is nested inside a main document; and transmitting to said web browser, in response to the request: said content, and a client-side script that, when inserted by said web browser into said sub-document: (i) listens to software methods that attempt to invoke a user event without an action by a user of said web browser, (ii) analyzes said user event to determine if said user event is configured to cause said web browser to navigate away from said main document.

Abstract: Methods and systems for using cloned accounts to track attacks on user accounts are described. A user login attempt is detected for a user account from a client computing device. A determination is made that the user is not a legitimate user. The user is routed to a cloned user account. An analysis of the interaction between the user and the cloned user account is performed.

Abstract: Methods, non-transitory computer readable media, security management apparatuses, and network traffic management systems are disclosed that improve network security via input field obfuscation are disclosed. With this technology, a script is injected into source code of a web page received from a server. The source code is then sent to a requesting client. The script is configured to remove an event listener attached to a protected input field of the web page to provide a script secured input field. An application layer message that is received from the client is subsequently sent to the server. The application layer message includes data submitted via the script secured input field that prevented one or more keystrokes corresponding to the data from being observed by a source of the event listener.