Abstract: A method for securing electronic transactions includes associating a mobile electronic device with a first user. A first computer system retrievably stores registration data relating to the first user, including a device identifier that is unique to the mobile electronic device. A security application that supports in-application push notifications is installed on the mobile electronic device. The first computer system sends a push notification to the mobile electronic device, the push notification prompting the first user to provide a confirmation reply via a user interface of the security application for activating the mobile electronic device as a security token. The mobile electronic device is activated as a security token for the first user in response to receiving at the first computer system, from the mobile electronic device, the confirmation reply from the first user.

Abstract: This application discloses a remote attestation mode negotiation method and apparatus. Before remote attestation is performed, automatic negotiation is performed between a to-be-verified network device and a server, so that the to-be-verified network device and the server can determine, through negotiation from remote attestation modes supported by both the to-be-verified network device and the server, a remote attestation mode used to subsequently perform remote attestation between the network device and the server, and there is no need to manually statically configure a remote attestation mode for the network device and the server, thereby greatly reducing labor costs of determining the remote attestation mode. In addition, when there are a large quantity of devices, the automatic remote attestation mode negotiation method also helps configure a remote attestation mode more flexibly.

Abstract: There are provided systems and methods for a voice vector framework that authenticates user interactions. A service provider server receives user interaction data having audio data that is associated with an interaction between a user device and the service provider server. The server extracts user attributes from the audio data and obtains user account information associated with the user device. The server selects a classifier that corresponds to a select combination of features based on the user account information and applies the classifier to the user attributes. The server generates a voice vector that includes multiple scores indicating likelihoods that a respective user attribute corresponds to an attribute of the select combination of features. The server compares the voice vector to a baseline vector corresponding to a predetermined combination of features and sends a notification to an agent device with an indication of whether the user device is verified.

Abstract: Devices, systems, and methods of detecting user identity, authenticating a user to a computerized service or to an electronic device, differentiating between users of a computerized service, and detecting possible attackers or possible fraudulent transactions. A method includes: generating a user authentication session that requires a user to enter a secret by performing a task; monitoring the user interactions during task performance; extracting a user-specific behavioral characteristic, and utilizing it as a factor in user authentication. The task requires the user to perform on-screen operations via a touch-screen or touchpad or mouse or other input unit of the electronic device, or to move in space or tilt in space the entirety of the electronic device in a way that causes inputting of the secret data-item.

Abstract: A method of digital authentication and related devices are disclosed. The method includes providing an authenticator for use with a first computing device; displaying a login screen on the first computing device, wherein the login screen is associated with an application; receiving a first set of factors at the first computing device; sending information related to the first set of factors to a processing system; receiving a second set of factors from one of the first computing device or a second computing device; and using information related to one or more of the first set of factors and the second set of factors to: authenticate the application on the first computing device, authenticate a user on the login screen displayed on the first computing device, or a combination thereof.

Abstract: A system includes an intelligent electronic device (IED) and a proxy device communicatively coupled to the TED via a Media Access Control (MACsec) communication link. The proxy device is configured to perform operations that include receiving permissions data, receiving a request to perform an action associated with the TED, determining whether the action is authorized based on the permissions data, and transmitting data to the TED via the MACsec communication link in response to determining that the action is authorized.

Abstract: Described embodiments provide systems and methods for contextual confidence scoring-based access control. The systems and methods can include one or more processors configured to receive a request from the client device to access an item of content. The one or more processors can select a first subset of authentication techniques. The authentication techniques identifiable with a score. The one or more processors can determine that a sum of the scores of the selected first subset of the authentication techniques exceeds a threshold. The one or more processors can transmit, to the client device, one or more authentication requests utilizing the selected first subset of authentication techniques. The one or more processors can provide, responsive to successful authentication by the client device, access to the item of content to the client device.

Abstract: A resource security integration platform may be configured to establish API integration between software applications and various APIs. The security platform may be configured to register for authorization with multiple APIs in order to communicate with those API such that so that the source applications do not need to authenticate or communicate with the API themselves. A source request is received from a source system including an indication of a resource and an address of an application programming interface of a destination system. A definition of the application programming interface is determined based on the address. Authorization for accessing the destination system is obtained using the definition. Then an interface request message is generated and sent it to the destination system using the authorization. The interface response message is received from the destination system and response data based on the interface response message is sent to the source system.

Abstract: Disclosed herein are systems, methods, and apparatuses where a controller can automatically manage a physical infrastructure of a computer system based on a plurality of system rules, a system state for the computer system, and a plurality of templates. Techniques for automatically adding resources such as computer, storage, and/or networking resources to the computer system are described. Also described are techniques for automatically deploying applications and services on such resources. These techniques provide a scalable computer system that can serve as a turnkey scalable private cloud.

Abstract: Systems, devices, and methods are provided that allow the authentication of devices within analyte monitoring systems. The analyte monitoring systems can be in vivo systems and can include a sensor control device with a sensor and accompanying circuitry, as well as a reader device for communicating with the sensor control device. The analyte monitoring systems can interface with a trusted computer system located at a remote site. Numerous techniques of authentication are disclosed that can enable the detection of counterfeit components, such as a counterfeit sensor control device.

Abstract: user is authenticated via remote authentication to access a managed device, the restricted GUI Element information is pushed from the remote authentication server to the managed device where this information is used to grant or deny GUI access to the corresponding functional elements of the device. The process allows for granular control of each user's rights on different managed devices.

Abstract: Systems and methods include obtaining a profile for an application, wherein the profile includes one or more tenants, rules for use of the application by the one or more tenants, and users for the rules; monitoring a user of a tenant of the one or more tenants inline via a node in a cloud-based system; identifying an application of the one or more applications based on the monitoring and associated rules for the user; and enforcing the associated rules for the user for the application.

Abstract: A graphical user interface (GUI) and operator console management system for a distributed terminal network is described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals based on an operator configuration. Security scores may be determined by a provider, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The provider may use the security scores to determine user privileges or permissions for the operations. The provider may deliver instructions or messages to the terminals based on the determinations.

Abstract: The present disclosure generally relates to media request handling by electronic devices having multiple users. In some embodiments, a computer system receives a user request to play media and, based on a determination of user identity, plays the requested media using a media service according to user-selected settings.

Abstract: According to an example aspect of the present invention, there is provided a method comprising, receiving, by an intermediary network function, a subscription request from a network function consumer requesting data of a network function producer, wherein the subscription request comprises a client credential assertion of the network function consumer and an access token, authorizing and authenticating, by the intermediary network function, the network function consumer upon successful validation of the access token and the client credential assertion validation and transmitting, by the intermediary network function, an access token request to an authorization server to get another access token, wherein said another access token is to be used to validate the network function consumer to access services of the network function producer, and the access token request comprises the client credential assertion of the network function consumer requesting data of the network function producer.

Abstract: Methods and systems for using block chain technology to verify transaction data are described herein. A computing platform may receive data about events related to transactions, personal or corporate information, supply chains, and other relevant information about a person or corporate entity. The event information may be received, aggregated, and processed to determine metadata about the person or corporate entity. The metadata may indicate, for example, a trustworthiness of the person or corporate entity for various purposes. Such event information and/or metadata may be stored as transactions in a block chain that may be accessible by counterparties to a potential transaction involving the person or corporate entity. The automated event processing computing platform may further use automated techniques to implement smart transactions between the person/entity and counterparty based on the trust metadata.

Abstract: A method for protecting against exposure to content violating a content policy, the method including receiving a number of content items including a first set of content items associated with a content group, determining a measurement associated with an amount of the first set of content items belonging to a specific content category, assigning one or more of the number of content items to be categorized by at least one of the machine learning algorithm or a manual review process, automatically applying the specific content category to one or more other content items of the content group such that the one or more other content items are not reviewed by the manual review process, and transmitting at least one of the number of content items, wherein the content category of each of the number of content items indicates whether the specific content item violates any content policies.

Abstract: An apparatus comprising a network interface card (NIC), including packet processing circuitry to determine whether the NIC is to operate according to a first telemetry protection mode to prevent copying of packet data payloads for telemetry or a second telemetry protection mode to enable copying of packet payloads for telemetry.

Abstract: Methods and systems for adaptive multi-factored geo-location based access rights management and enforcement for accessing location restricted data services are described. The method performed by server system includes receiving request to access a data service from a user device associated with a user. The method includes accessing geo-location information associated with the user upon receipt of request. The geo-location information includes geo-location data associated with the user device. The method includes generating geo-location signature associated with the user device, based on the geo-location information. The geo-location signature includes a plurality of location context identifiers. The method includes validating the user device when the geo-location signature and a geo-fence of the data service meet a matching threshold condition and transmitting a response message to the user device based on the validating step.

Abstract: An electronic control unit is connected to a network in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the network via the second control circuit. The second control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. Upon determining that the frame conforms to the first rule, the second control circuit transmits the frame to the first control circuit. The first control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule. The second rule is different from the first rule.

Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for performing malware detection and mitigation on behalf of a client device by a forward proxy server. For example, the client device is configured to route network traffic through the forward proxy server. The forward proxy server is configured to detect file transfer operations between the client device and a destination server. Responsive to detecting a file transfer operation, the forward proxy server obtains a copy of the file to be transferred and provides it to a malware identification service, which analyzes the file for malware. The malware identification service may execute on the forward proxy server or another server communicatively coupled thereto. Responsive to determining that the file has been compromised with malware, the forward proxy server performs one or more actions to mitigate the malware.

Abstract: A messaging system includes features of gathering information regarding content accessed across multiple applications and/or devices and making that information available to account holders of the messaging system. The messaging system stores data related to accessed content in a plurality of indices and makes that data available to enable account holders to access previously-accessed content, even if the previous access occurred in a different software application, on a different device, or on a device with a different operating system. Account holders may also be provided with recommendations based on gathered information.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor circuit and a memory circuit; first means for accessing a machine learning engine; second means for accessing a user interface; and instructions encoded within the memory to instruct the processor to: load into the machine learning engine via the first means an object prevalence model, including an enterprise-specific prevalence model; provide to the machine learning engine an object set from the enterprise; identify an enterprise-novel object from the object set; solicit and receive via the second means user-sourced feedback for the enterprise-novel object; and act according to the user-sourced feedback.

Abstract: A network apparatus is configured to detect a network connection request on a platform having a hardware accelerator to process network traffic, wherein the hardware accelerator implements computing tasks related to data packets of at least part of the network traffic. The network apparatus is further configured to intercept the network traffic related to the network connection request before the start of the hardware accelerator process, to extract network connection data required by a network traffic analysis function from the network traffic, to allow the hardware accelerator to start acceleration process after the network connection data extraction has finished, and to analyse the network connection based on the extracted network connection data.

Abstract: At least one aspect of the present disclosure is directed to systems and methods of generating on-device content items to improve security and network utilization. A client device can access content resources and category information from a data structure in the memory the memory of the client device. The client device can generate on-device content items based on the content resources and the category information. The client device can receive an indication to display a content item in an application executing on the client device. The client device can scan the client device for context information to create a relevant device context. The client device can select an on-device content item based on the relevant device context. The client device can provide the selected on-device item to the application for display, detect an interaction with the displayed content item, and update a content selection model or a content generation model.

Abstract: Techniques for deobfuscating and decloaking web-based malware with abstract execution is disclosed. In some embodiments, a system/process/computer program product for deobfuscating and decloaking web-based malware with abstract execution includes receiving a sample; performing an abstract execution of a script included in the sample; identifying the sample as malware based on the abstract execution of the script included in the sample; and generating a log of results from the abstract execution of the script included in the sample.

Abstract: Embodiments of the present disclose provide a method and apparatus for identifying network attacks. The method can include: acquiring access data within at least two time periods of a target website server, wherein the access data include one or more fields; determining, for each of the at least two time periods, a quantity of access data having same content in at least two of the one or more fields; determining whether the quantities of access data for each of the at least two time periods are the same; and in response to the quantities of access data being the same, determining that at least two access requests of the access data are network attacks.

Abstract: A testing device (10) transmits a test packet that increases processing load to a device protected by a security system, the security system performing authentication of a packet transmitted to a to-be-protected device and a packet limit per source IP address. In addition, the testing device (10) generates a test session according to a scenario when transmitting the test packet and configures a packet so that the test packet uses a plurality of source IP addresses. In addition, the testing device (10) responds to a response request up to a predetermined stage of authentication among a plurality of stages of authentication performed by the security system so that the security system authenticates the test packet to be valid. In addition, the testing device (10) monitors, at a predetermined stage, packet filtering situation and processing load of the security system to which the test packet is transmitted.

Abstract: A cybersecurity system and method for handling a cybersecurity event includes identifying a cybersecurity alert; selectively initializing automated threat intelligence workflows based on computing a cybersecurity alert type, wherein the automated threat intelligence workflows include a plurality of automated investigative tasks that, when executed by one or more computers, derive cybersecurity alert intelligence data; and executing the plurality of automated investigative tasks includes automatically sourcing a corpus of investigative data; deriving the cybersecurity alert intelligence data based on extracting selective pieces of data from the corpus of investigative data, wherein the cybersecurity alert intelligence data informs an inference of a cybersecurity alert severity of the cybersecurity alert; and automatically routing the cybersecurity alert to one of a plurality of distinct threat mitigation or threat disposal routes based on the cybersecurity alert severity of the cybersecurity alert.

Abstract: There are provided systems and methods for an automated device data retrieval and analysis platform. A service provider server invokes an instance of an application in a remote processing environment using device data associated with the application and sends a control message that prompts the instance to send a request to a web server for a process script that invokes a process executable in the remote processing environment. The service provider server obtains traffic data a behavior of application data based on an interaction between the instance and the web server, and determines features of the application in a native state from the behavior of the application data. The server generates a data profile of the application that indicates the features in the native state and provides the data profile to a remote engine to detect potential malicious activity associated with the application from the detection operation.

Abstract: The present application describes method including a step of determining, via a trained predictive machine learning model assessing real-time information exceeding a confidence threshold and impacting a node present at a geographic location on a first network, that an imminent event proximate to or directly at the node/router will disrupt traffic flowing via an encrypted pathway between the node and a second network. Another step of the method may include transmitting, to an administrator or a gateway at a third network, a request to transfer the traffic based upon the determined imminent event. Yet another step of the method may include receiving, via the administrator or the gateway at the third network, an acceptance of the traffic transfer request. A further step of the method may include coordinating, with the gateway, for the traffic to flow via another encrypted pathway to the second network.

Abstract: A valid route origin authorization (ROA) for a specified IP address is published and a distributed denial-of-service (DDoS) attack to a given IP address is detected. A flowspec rule is advertised from a given autonomous system network to one or more neighboring autonomous system networks in response to the detection of the distributed denial-of-service (DDoS) attack. A modified Resource Public Key Infrastructure (RPKI) validation is performed using the published valid route origin authorization (ROA) in response to the advertisement of the flowspec rule. The flowspec rule is implemented to mitigate the distributed denial-of-service (DDoS) attack in response to the validation of the flowspec rule.

Abstract: A method for transmitting data in a computer network is provided, which comprises, at a first node of the network: receiving a computing puzzle from a puzzle server node of the network distinct from the first node; determining a solution to the puzzle for transmitting a message to a second node of the network distinct from the puzzle server node; and transmitting data to the second node, wherein the transmitted data comprises a message and the determined solution to the puzzle.

Abstract: An automated creation of a phishing document uses personal data of a person stored in a database of persons and anonymous and categorisable personal properties stored in a hierarchical properties database. A relevance value is assigned to each personal property. At least one property of the person contained in the personal data has a correspondence in the properties database, that is a correspondence property. It is verified whether one of the correspondence properties is hierarchically subordinate to a phishing-document-specific default personal property. This subordinate correspondence property forms a creation property. The phishing document is created based on the creation property if this requirement is met. It is verified whether the relevance value of the creation property corresponds to a predefined target relevance value. The creation property is selected as a preparation property and used to prepare the phishing document if the assigned relevance value corresponds to the target relevance value.

Abstract: A system and method for accelerating a cybersecurity event detection and remediation includes extracting corpora of feature data from a suspicious electronic communication, wherein the corpora of feature data comprise at least one corpus of text data extracted from a body of the suspicious electronic communication; computing at least one text embedding value for the suspicious electronic communication; evaluating the text embedding values of the corpus of text data against an n-dimensional mapping of adverse electronic communication vectors, the n-dimensional mapping comprising a plurality of historical electronic communication vectors derived for a plurality of historical electronic communications; identifying whether the suspicious electronic communication comprises one of an adverse electronic communication based on the evaluation of the text embedding value, and accelerating a cybersecurity event detection by routing data associated with the suspicious electronic communication to one of a plurality of dis

Abstract: Systems, methods, and computer-readable media for gathering network intrusion counter-intelligence. A system can maintain a decoy network environment at one or more machines. The system can identify a malicious user accessing network services through the network environment. Further, the system can receive network service access requests from the user at one or more machines in the network environment and subsequently direct the network service access requests from the malicious user to the decoy network environment based on an identification of the malicious user. The network services access requests can be satisfied with network service access responses generated in the decoy network environment. Subsequently, the system can maintain malicious user analytics based on the network service access requests of the malicious user that are directed to the decoy network environment.

Abstract: Extending access to a data model in a data analytics computer data processing system includes loading into a programmatically isolated process address space of a computer, an instance of an extension framework computer program and executing in the framework, computer program logic configured to establish a communicative channel between the isolated process address space and a data analytics computer data processing system executing in a separate process address space. Thereafter, within the framework a directive may be received to access a data model managed in the data analytics computer data processing system. In response, a function may be selected in respect to an API to the data analytics computer data processing system corresponding to the received directive. Finally, the selected API function may be invoked over the communicative channel and a result derived from the data model may be received in the framework from over the communicative channel in response to the selected API function.

Abstract: A computer-implemented method of generating in a display a dynamic accessibility diagram representing a firewall configuration of a firewall in a computer network. A computer generates in the display a pair of concentric rings representing the firewall, including outer and inner concentric rings each having segments respectively representing remote address ranges and local address ranges of the ACL rules. Selection of a segment causes generation of an accessibility curve between the selected segment and a pairing segment, thereby graphically representing accessibility between the corresponding remote and local address ranges.

Abstract: A management system includes: a plurality of network devices that each control communication of a device; and a management apparatus. The management apparatus includes: a processor; and a memory that stores network device information including identification information and an installation area of each of the network devices, the identification information and the installation area being associated with each other. The processor performs receiving device information including identification information and an installation area of the device, and performing a process for changing whether or not to allow communication of the device. The performing a process for changing whether or not to allow communication of the device includes causing the network device corresponding to a same area as the installation area of the received device information to permit communication of the device corresponding to the identification information of the received device information.

Abstract: The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A system for managing network connections includes a storage component, a decoding component, a rule manager component, and a notification component. The storage component is configured to store a list of expected connections for a plurality of networked machines, wherein each connection in the list of expected connections defines a start point and an end point for the connection. The decoding component is configured to decode messages from the plurality of networked machines indicating one or more connections for a corresponding machine. The rule manager component is configured to identify an unexpected presence or absence of a connection on at least one of the plurality of network machines based on the list of expected connections. The notification component is configured to provide a notification or indication of the unexpected presence or absence.

Abstract: The present application is directed to a non-transitory computer readable medium. The medium includes program instructions that, upon being executed by a processor, effectuate detecting a virtual private network (VPN) provider in a network. The program instructions also effectuate receiving, from the VPN provider, server credentials for a VPN. The program instructions further effectuate generating a security policy based upon a type or pattern of network traffic associated with the VPN. The program instructions even further effectuate converting the security policy to a table interpretable by a node in the network.

Abstract: An indication that a change associated with adjusting capacity to provide security services to network traffic in a network environment is received. In response to receiving the indication, a set of instructions for configuring at least one of: a network device and a security appliance is determined. As a result of applying the instructions, at least one of: an amount of network traffic provided by the network device to the security appliance will increase, or at least a portion of network traffic that would otherwise be provided by the network device to the security appliance will instead be provided to another security appliance. The set of instructions is transmitted.

Abstract: Calls between a customer and an agent often require additional processing of the media in real time. Processing every call in such a manner is often unnecessary and the results deleted or ignored, or prohibited due to a policy for certain calls. Knowing if a call should be processed may be determined too late for the media to be forked. While the customer and agent may engage in the call as a peer-to-peer connection, additional processing requires holding the initial invite long enough, such as with a preservation message, that a session boarder controller may fork the call for subsequent processing without timing out.

Abstract: System and methods for transmitting conference application content during a network conference. In an embodiment, a method is provided for transmitting conference application content during a network conference. The method includes participating in a network conference using a client application, selecting a conference application from a plurality of conference applications, and running the conference application from the client application during the network conference.

Abstract: System and methods for associating conference application content with an instance of a network conference. In an embodiment, a method is provided for associating conference application content with an instance of a network conference. The method includes activating a client application, selecting a conference application from a plurality of conference applications, running the conference application from the client application, attaching content from the conference application to an instance of a network conference to generate a conference invitation, and transmitting the conference invitation a network server.

Abstract: System and methods for recording conference application activity associated with a network conference. In an embodiment, a method is provided for recording conference application activity associated with a network conference. The method includes activating a client application, activating a recording of conference application activity, selecting a conference application from a plurality of conference applications, and running the conference application from the client application. The conference application is run during at least one of before, during, and after a network conference so that conference application activity is recorded. The method also includes exiting the network conference, and completing the recording of the conference application activity.

Abstract: System and methods for running conference applications before, during, and after a network conference. In an embodiment, a method is provided for running a conference application before joining a network conference. The method includes activating a client application, selecting a conference application from a plurality of conference applications, running the conference application from the client application before joining a network conference, and joining the network conference using the client application.

Abstract: A system for collaboratively generating and/or managing a media channel is provided. The system includes an identification component, a generation component and a permissions component. The identification component identifies a first set of media content associated with a first social group and a second set of media content associated with a second social group. The generation component generates a media channel based on the first and second sets of media content identified as being respectively associated with the first and second social groups. The permissions component grants access to the media channel based at least on permissions generated for the first and second sets of media content in connection with the respective first and second social groups.

Abstract: System and methods for sharing a screen shot of a conference application during a network conference. In an embodiment, a method is provided for sharing a screen shot of a conference application during a network conference. The method includes participating in a network conference using a client application, selecting a conference application from a plurality of conference applications, running the conference application from the client application during the network conference, capturing a screen shot of a display window generated by the conference application during the network conference, and transmitting the screen shot to attendees of the network conference.

Abstract: The present disclosure relates to systems, non-transitory computer-readable media, and methods for accurately, flexibly, and efficiently broadcasting public combined live video streams from multiple participant devices, which change over the course of the live broadcast, as well as generating dynamic user interfaces that streamline adding, removing, and swapping participant devices from the public combined live video stream. In particular, a live video streaming system facilitates compositing live video streams from multiple participant devices into a public combined live video stream within a digital room before broadcasting the public combined live video stream to viewer devices.