Abstract: A system, method, and computer-readable medium for challenge-response authentication are provided. A plurality of codes is received over a communication network based on input provided by way of a user interface displaying a plurality of images. An alphanumeric string is generated based on the received plurality of codes and based on a table that associates each one of the plurality of codes with a respective one of the plurality of images and with a respective one of a plurality of alphanumeric characters. A determination is made as to whether to grant authorization based on whether the generated alphanumeric string matches an alphanumeric user identifier stored in a memory device in association with a user.

Abstract: Methods and apparatuses are described for time-series database user authentication and access control. A server computing device receives a request from a remote computing device to access a time-series database coupled to the server computing device, wherein the request includes one or more authentication credentials associated with the remote computing device. The server computing device validates the one or more authentication credentials associated with the remote computing device. The server computing device connects to an access control layer associated with the time-series database. The access control layer authorizes the remote computing device to access data in the time-series database based upon an access profile associated with the validated authentication credentials. The server computing device retrieves data from the time-series database in response to the request.

Abstract: A retrieval device for secure retrieval of optical information for a first device from a light source of a second device includes, a housing made from at least one material which is opaque for the light emitted from the light source. The housing is arranged to contain the light from at least a part of the light source. The retrieval device includes an attachment adapted to detachably attach the housing to the second device, a light receiver arranged to receive optical information from the light source, said light receiver located inside the housing, and a connector arranged to transfer an optical and/or electrical signal from the light receiver to the first device.

Abstract: In one aspect, a first device includes a processor, a wireless transceiver accessible to the processor, at least one biometric sensor accessible to the processor, and storage accessible to the processor. The storage bears instructions executable by the processor to receive input from the at least one biometric sensor, identify a user based on input from the at least one biometric sensor, and determine a second device with which the first device is to communicate using the wireless transceiver based at least in part on identification of the user based on input from the at least one biometric sensor.

Abstract: A communication device and method for authentication of a message being transmitted from the communication device. The method includes receiving, by a messaging utility, content of a message provided for transmission from the communication device. Based on a determination that the message requires user authentication before the message is transmitted to a recipient, the method further includes selecting, based on contextual data, one or more biometric capturing components of the communication device; triggering at least one selected biometric capturing component to capture a corresponding biometric input from a user of the communication device; and transmitting the message when the biometric input as belonging to an authorized user of the communication device. In one embodiment, a clearinghouse service authenticates a biometric input from a user of the communication device in order to certify the user and/or the message.

Abstract: Systems, methods, and non-transitory computer readable media decentralizes biometric enrollment. A server receives a request to enroll a user for biometric authentication in association with a unique ID, generates an activation code corresponding to the unique ID, and sends the activation code to the user. A user device receives and validates the activation code. If the activation code is valid, the user device is enabled to: capture at least one biometric image, and to send the biometric image to the server. The server receives at least one biometric image from the user device in response to the activation code and extracts features from at least one biometric image to generate a biometric template based upon the extracted features to enroll the user for biometric authentication without requiring the user to visit a central location to provide at least one biometric image.

Abstract: A method and system for continuously authenticating a user working from a remote location is provided. The method includes providing user an interface to login through his login credentials to company domain. The login credentials are authenticated by a company's remote server. Once the user is authenticated the server pushes user's secondary authentication details to user's device and invokes a secondary authentication system. The secondary authentication system may include a webcam that initiates once user is logged in and continuously monitors biometric parameters for continued authentication of the user.

Abstract: An online system authenticates a user through a voiceprint biometric verification process. When a user needs to be authenticated, the online system generates and provides a random phrase to the user. The online system receives an audio recording of the randomly generated phrase and retrieves a previously trained voiceprint model for the user. The online system analyzes the audio recording by applying the voiceprint model to determine whether the audio recording satisfies a first criteria of whether the voice in the audio recording belongs the user and a second criteria of whether the audio recording includes a vocalization of the randomly generated phrase. If the audio recording satisfies both criteria, the online system authenticates the user. Therefore, the user can be provided access to a new communication session in response to being authenticated.

Abstract: Non-limiting examples of the present disclosure describe generation of a default signed-in state for subsequent authenticated access to a service. Identity provider data for a service is retrieved from any number of identity providers (e.g. a first identity provider and second identity provider). The first and second identity data is evaluated for generation of a default signed-in state to the service. An evaluation determines that at least one of the first identity data and the second identity data comprises data indicating that a user account is signed-in to the service. Data representing the default signed-in state is generated based on a result of the evaluation. The data representing the default signed-in state comprises a selection of one of the first or second identity data that corresponds with the user account that is signed-in to the service. A representation of the service in the default signed-in state may be surfaced.

Abstract: A storage integration object is created in a database of a data warehouse system. The storage integration object identifies a storage location in a storage platform of a cloud storage provider system and a cloud identity object maintained by a network-based data warehouse system. The cloud identity object is associated, at the storage platform of the cloud storage provider, with a proxy identity object granted permission to access the storage location. An external stage object is created based on the storage integration object. The external stage object identifies the storage location and includes an association with the storage integration object. A command to load or unload data at the storage location is received. In response to the command, the data is loaded or unloaded, via the proxy identity object, at the storage location using the external stage object.

Abstract: Disclosed are systems, apparatus, methods, and computer-readable storage media for providing access to an online social network. The online social network can be specific to an organization having one or more internal users. In some implementations, a request message is received from a requesting user to access social network data of the online social network. The requesting user is identified as an external user of the organization, and it is determined that the requesting user has an authorized status. Access to only a portion of the social network data is provided to the authorized requesting user.

Abstract: The disclosed technology is generally directed to integrated circuit technology with defense-in-depth. In one example of the technology, an integrated circuit includes a set of independent execution environments including at least two independent execution environments. At least two of the independent execution environments are general purpose cores with differing capabilities. The independent execution environments in the set of independent execution environments are configured to have a defense-in-depth hierarchy.

Abstract: A method of managing profiles in a secure element where the secure element includes an active first profile associated with a first communication network and a second profile associated with a second communication network. The method includes deactivating the first profile and activating the second profile, where the deactivation and the activation are implemented following detection of a failure during a local verification pertaining to the first profile for the use of this the first profile. A local verification may be a verification in the secure element of the authorization of access of a user to the first profile, for example three failures of PIN or PUK code or of biometric authentication data, the local verification being performed in the secure element, and the failure being relative to a security failure of the first profile or to an operating failure of the first profile.

Abstract: A system is provided that determines a location of a user based on various criteria. The system may detect the location of a user based on the location of the user's voice and the location of the user's device, as determined using a beacon signal. The system may process data representing the user's voice and device locations using a model to determine a confidence that a user is at a particular location. Based on the determined location, the system may perform various actions.

Abstract: An apparatus for privacy management may include a processor. The processor may be configured to access one or more privacy options. In this regard, each privacy option may be configured to provide members of one or more groups access to content. The processor may also be configured to provide for selection of a privacy option in association with the content. Associated methods and computer program products may also be provided.

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

Abstract: A network topology is provided that includes multiple data centers for building blockchain blocks. The data centers can process different subgroups of blocks, and then send updates to one another with information about new blocks. Additionally, some data centers may protect sensitive block body information, and instead may only share block headers.

Abstract: An automation system comprises a local threat information server operating within automation plant and a plurality of field devices operating at a control layer of the automation plant. The local threat information server is configured to: receive threat information from one or more external sources, receive plant information from one or more internal sources, set a threat level according to one or more of the threat information and the plant information, and distribute an indication of the threat level to one or more control layer devices. Each respective field device is configured to: receive the indication of the threat level, identify one or more security operations corresponding to the threat level, and execute the one or more security operations.

Abstract: A system for detecting by a cloud service a ransomware attack on a client device is provided. The system monitors changes to files of the client device that are stored by the cloud service. The system assesses whether a change to a file appears to be malicious in that the change may be caused by ransomware. When the change to the file appears to be malicious, the system performs a countermeasure to prevent synchronization of files of the client device with other client devices and with the cloud service to prevent the propagating of files from the client device, which is undergoing a ransomware attack.

Abstract: Examples relate to collaborative security lists. The examples disclosed herein enable obtaining a first candidate entry suggested by a first user of a community to be included in a collaborative security list. The collaborative security list may comprise a list of entries known to be secure or a list of entries known to be insecure. The examples disclosed herein further enable providing a candidate security list comprising at least the first candidate entry to the community and obtaining, from a second user of the community, a first score indicating how confident the second user is that the first candidate entry is secure. The examples disclosed herein further enable determining whether to include the first candidate entry in the collaborative security list based on the first score.

Abstract: Provided herein are identification of a distributed denial of service attack and automatic implementation of preventive measures to halt the distributed denial of service attack. At substantially the same time as the attack, valid users/customers (e.g., devices) are provided quality of service and continued access to a website experiencing the distributed denial of service attack. Further, service to temporary or unknown users (e.g., devices) with public access to the website is suspended during the duration of the distributed denial of service attack.

Abstract: Disclosed herein is a method and system to determine whether a payment terminal has been tampered with based on a comparison of attestation data received from the payment terminal, for example in an offline mode when an otherwise secure remote server cannot be reached. If the determination yields that the request has been approved, the terminal generates an attestation ticket having one or more validity conditions, wherein the validity conditions include expiration time that indicates the time after which the attestation ticket becomes invalid. The attestation ticket can be used as long as it is valid or until another trigger causes the ticket to be invalidated or regenerated.

Abstract: A networked computer system enables one or more transactions to be executed securely. An initiator sends a service request to a control server. The control server creates or selects an existing transaction server for the sole purpose of executing the transaction requested by the service request. If the transaction server is pre-existing, it may be in an inaccessible state and then be made accessible in response to receiving the service request. The control server informs the initiator of the created transaction server. The initiator (and possibly one or more other authorized participants) engages in the transaction with the transaction server, independently of the control server. The transaction server terminates, such as upon completion of the transaction, the expiration of a timeout period, or satisfaction of another server termination criterion. The use of such a one-time transaction server increases security, privacy, and anonymity.

Abstract: A system and a method are disclosed for detecting an unacceptable HTTP requests by scanning the headers of the HTTP requests.

Abstract: There are provided measures for protection from malicious and/or harmful content in cloud-based service scenarios. Such measures exemplarily include detecting a transmission attempt of a file between a service cloud entity and a remote accessing entity, identifying said file, selecting between a synchronous file scanning and an asynchronous file scanning for said file based on at least one of: a file size, a file type, an extension type and predetermined security policies, and receiving security threat scan result for said file and storing said security threat scan result for said file in the scan result memory.

Abstract: A computer-implemented method may be used for security event monitoring. The method may include receiving data from a first operating system and defining an audit classes data filter for collection by a security event monitoring application. Additionally, the method may include comparing the data with the audit classes data filter and comparing the data with a set of blacklisted values. Additionally, the method may include outputting a common structure format data based on the comparison of the processing data with the audit classes data filter and the blacklisted values.

Abstract: An electronic device comprising one or more processors; a storage medium communicatively coupled to the one or more processors, the storage medium having stored thereon logic that, upon execution by the one or more processors, performs operations comprising: (1) receiving, via a first electrical signal, application data from a mobile agent installed on a mobile device, (2) querying, via a second electrical signal, a database for a risk level of each of one or more applications of the mobile device listed in the application data, and (3) determining a threat level for the mobile device based on one or more of: (i) the risk level of at least one of the one or more applications, (ii) usage information of the at least one of the one or more applications, or (iii) configuration information of the mobile device is shown.

Abstract: Information about an electronic message that is from a sender for an intended recipient is received. It is determined whether an electronic message account of the sender of the electronic message is likely an independently controlled account. In response to the determination that the electronic message account of the sender of the electronic message is likely an independently controlled account, the electronic message is analyzed to determine whether the message is an automatically generated message. In response to the determination that the message is an automatically generated message, a security action is performed.

Abstract: A method comprising partitioning a space of user requests into subsets, and determining a risk score for a user request based on the evolution of the number of user requests in the subset of user requests to which this user request belongs.

Abstract: Malicious activity data is obtained, that is indicative of attempted attacks on a computing system. Clusters of targets are identified and it is determined whether the malicious activity preferentially targets one cluster of targets over other. Also, low prevalence attacks are identified and it is determined whether a low prevalence attack has a high concentration in one or more of the target clusters. If the malicious activity either preferentially targets a cluster, or a low prevalence attack has a high concentration in a cluster, then the attack is identified as a targeted attack, so that remediation steps can be taken.

Abstract: Embodiments of this application disclose a website attack detection and protection method and system performed by a computing device, applied to the field of information processing technologies. In the method in the embodiments, the computing device calculates a parameter value of an information aggregation degree parameter corresponding to each field included in a header of a request for accessing a website, and then determines, according to the parameter value or a variation degree of the parameter value of the information aggregation degree parameter of the field, whether the website suffers a Challenge Collapsar attack.

Abstract: A method for detecting a man-in-the-middle attack against communications between a client device and a specific remote end point over a network, the method using probe software installed on the client device, the method comprising the probe software sending a connection initiation request from the client device over the network, directed to the remote end point, to at least partially initiate a secure network connection between the remote end point and the client device, receiving at the client device encryption credentials sent to the client device in response to the connection initiation request, the probe software comparing the received encryption credentials with expected encryption credentials for the remote end point, and the probe software determining that a man-in-the-middle attack is present if the received encryption credentials do no match the expected encryption credentials.

Abstract: This disclosure describes a technique to determine whether a client computing device accessing an API is masquerading its device type (i.e., pretending to be a device that it is not). To this end, and according to this disclosure, the client performs certain processing requested by the server to reveal its actual processing capabilities and thereby its true device type, whereupon—once the server learns the true nature of the client device—it can take appropriate actions to mitigate or prevent further damage. To this end, during the API transaction the server returns information to the client device that causes the client device to perform certain computations or actions. The resulting activity is captured on the client computing and then transmitted back to the server, which then analyzes the data to inform its decision about the true client device type.

Abstract: The present disclosure describes systems and methods for using a model for a predetermined role for simulated phishing campaigns. A campaign controller communicates simulated phishing communications to one or more devices of a user using a model that the campaign controller selects from a plurality of models in a database that have been established for predetermined roles of a company. The model is selected based on one or more attributes of the user that are identified by the campaign controller. The campaign controller identifies one or more attributes of each user of a plurality of users for the simulated phishing campaign, and the campaign controller selects a respective model for each user based on the attributes of each user, wherein the models are not all the same for all of the users.

Abstract: Target application information for validation is received at a network device from user equipment. The received target application information is validated. Risk information associated with the validated target application information is determined. Based on the determined risk information, prompt information is returned to the user equipment.

Abstract: Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes receiving first user input defining a filter of an anomaly action rule, the filter defining at least one of an attribute of an anomaly or an attribute of a computer network entity. The method also includes receiving second user input defining an action of the anomaly action rule. The method further includes generating the anomaly action rule based on the first user input and the second user input, wherein the anomaly action rule causes performance of the action upon detecting an anomaly on the computer network that satisfies the anomaly action rule.

Abstract: A federated gateway bridges service definition formatting differences between a first and a second independent enterprise information technology (IT) management domain. A service request is received within the federated gateway from a service consumer application executing within the first independent enterprise IT management domain to a remote service provider application in the second independent enterprise IT management domain. The federated gateway dynamically performs real-time service call translation during transmission of the service request from a local service definition format to a remote service definition format defined respectively within the first and second independent enterprise IT management domains.

Abstract: Existing policies enforced at or above an operating system (OS) layer of a device are obtained. Translation rules are stored that include data structure descriptions of conditions, corresponding actions performed when the conditions are satisfied, and attributes specified in the existing policies, and attributes of one or more layers below the OS layer that are relevant to policy enforcement in the one or more layers below the OS layer. The existing policies are parsed using the data structure descriptions to identify the conditions, corresponding actions, and attributes specified in the existing policies. New policies are generated that are consistent with the existing policies. The new policies include the identified attributes specified in the existing policies and the attributes relevant to policy enforcement in the one or more layers below the OS layer. The new policies are enforced in the one or more layers below the OS layer.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: In one example, there is disclosed a domain master for a data exchange layer (DXL), including: a hardware platform configured to execute instructions; and one or more memories having stored thereon instructions to instruct the hardware platform to: communicatively couple to the DXL; provide a DXL messaging service including native support for request-response (1:1) transactions via a publish-subscribe (1:N, N>1) fabric; provide DXL domain master services for a DXL domain; and provide DXL-based real-time policy and task distribution for DXL endpoints of the DXL domain.

Abstract: System and method for establishing secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.

Abstract: Systems and methods directed to discovery by a user equipment (UE) of a bot functionality available from an entity during a call set up between the UE and the entity are provided. The UE may initiate call the entity, for example a business, using a session initiation protocol (SIP) in a communication network, and, as a part of SIP signaling, an operator of the communication network may add to a SIP header a profile of the bot functionality offered by the business, which is forwarded to the UE. Once the UE processes the information included in the profile, the UE and the business may communicate using the bot functionality.

Abstract: A user equipment can have simultaneous peer to peer circuit switched and Internet protocol multimedia subsystem communications that allow content presentation to the user. The communicating user equipment can indicate their packet switched Internet protocol multimedia subsystem combinational service capabilities to each other, and further, monitor the capability of the associated radio access network. Thereafter, when a capability exchange is undertaken, session initiation protocol messages can be exchanged between the communicating user equipments to determine and initialize the appropriate conversational communications medium.

Abstract: Custom traffic tagging on a control plane backend is disclosed. Information associated with a video session is obtained. Based at least in part on at least some of the obtained information associated with the video session, additional metadata to associate with the video session is determined. The additional metadata is determined from metadata obtained from one or more disparate sources. The video session is associated with the determined additional metadata.

Abstract: In one embodiment, a method, system and apparatus are described, the method including receiving an initial request from a client device, being a request to establish a connection, including an initial connection IP address of the client device, recording the initial connection IP address, receiving an additional request at the network interface, the additional request comprising a URL, an actual client IP address of the client device, and a request for streaming content, comparing the initial connection IP address with the actual client IP address, performing one of providing the streaming content in response to the additional request if the initial connection IP address and the actual client IP address are the same, or providing a response to the additional request comprising a redirect instruction if the initial connection IP address and the actual client IP address are different. Related methods, apparatus, and systems are also described.

Abstract: An architecture that can facilitate initiation of an automatic synchronization operation based upon presence information in connection with a wireless communications network is provided. For example, when certain mobile devices register with a particular network entity (e.g., a femtocell) that services a particular target location (e.g., place of residence), then such registration can be leveraged to indicate presence at the target location. Accordingly, synchronization between the mobile device and other devices can be automatically initiated, without requiring input or effort by a user, or even that the user remembers to perform the synchronization operation. Moreover, the synchronization operation can be wireless, so connection cables need not be maintained or employed.

Abstract: Various methods, apparatuses, and media for implementing a session sharing shared worker module are provided. A processor executes a first web application and a second web application within a web browser. The first web application is associated with a first tab and the second web application is associated with a second tab having different web content than the first tab. The processor determines whether a shared worker is available within the web browser. A session sharing module is configured to: register each of the first tab and the second tab with the shared worker based on determining that the shared worker is available within the web browser; receive a first request from the first tab to connect to a server and a second request from the second tab to connect to the server; combine the first request and the second request into one packaged request; and send the one packaged request to the server via one connection point.

Abstract: Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.

Abstract: A system is described herein that facilitates the monitoring of inmate communications. The system provides a remotely-accessible means for a reviewer to monitor a call between an inmate and another person. The system includes a monitoring server and a monitoring station. The monitoring server is configured to receive a call and call information from a communication center and process the call for monitoring, schedule a review of the call; and store the call, the call information, and scheduling data. The monitoring station is configured to receive the call and the call information from the monitoring server based on the scheduling data, and to display the identifying information and facilitate the review of the call.