Abstract: Arrangements for secure user authentication through hardware analysis and monitoring are provided. In some aspects, a computing platform may receive, from one or more hardware devices, user interaction data. The computing platform may establish a baseline indicating an expected usage pattern of the user. The computing platform may receive, from the one or more hardware devices, subsequent user interaction data and determine whether the subsequent data is unauthorized. Based on the subsequent data not being unauthorized, the computing platform may calculate an updated baseline in real-time as the subsequent data is received. The computing platform may monitor for additional user interaction data from the one or more hardware devices and compare the additional user interaction data with the updated baseline. In response to the additional user interaction data deviating from the updated baseline by a predetermined threshold, the computing platform may identify an anomaly and transmit a security notification.

Abstract: This disclosure provides systems, methods and apparatus for controlling a device operational mode. Some examples involve receiving an indication of an authentication attempt, determining an authentication mode corresponding with the authentication attempt and determining a device operational mode corresponding with the authentication mode. Responsive to determining that an authentication process corresponding with the authentication attempt completed successfully, a device operational mode corresponding with the authentication mode may be implemented. Examples of device operational modes include a limited access mode and a distress mode, both of which may involve blocking access to at least one type of device functionality or access to at least one type of data. The distress mode also may involve sending SOS data to one or more other devices. The quick launch mode may cause one or more selected software applications to initialize.

Abstract: The present invention relates to a novel real estate documents identification and verification device and associated system and method. The device includes a fingerprint scanner for scanning a fingerprint of a user for displaying properties tied to the user. The device stores the property documents and fingerprint(s) in an internal memory thereof and a touch-based display screen for displaying the property documents. In some embodiments, the device is configured to transfer the captured fingerprint onto the property documents for performing an authorized transaction. The device can be used for selecting a property and verifying a user as an authorized user of the property. The device is designed to ensure that a property is tied to a person via their fingerprint to eliminate any fraud.

Abstract: Disclosed herein is a method for face authentication. The method includes the following steps: a) at least one face detection step including determining at least one first image by using at least one camera; b) at least one skin detection step including projecting at least one illumination pattern including a plurality of illumination features on the scene by using at least one illumination unit, determining at least one second image using the at least one camera, and determining a first beam profile information; c) at least one 3D detection step including determining a second beam profile information of at least four of the reflection features located inside the image region of the second image corresponding to the image region of the first image; and d) at least one authentication step including authenticating the detected face by using at least one authentication unit.

Abstract: Devices and methods to retrieve acoustic data and identify voices within the acoustic data.

Abstract: Provided is to prevent a false determination due to an attachment condition of an apparatus that transmits and receives an acoustic signal, and perform accurate personal authentication. A personal authentication device includes: a personal authentication means that authenticates an individual by using first information at least including an acoustic characteristic calculated from an acoustic signal propagating through the head of the user, which is detected by an apparatus being attached on a head of a user for transmitting and receiving the acoustic signal, and a feature amount extracted from the acoustic characteristic; an attachment trouble rule storage means that stores an attachment trouble rule for detecting an attachment trouble with the apparatus; and an attachment trouble detection means that detects a trouble with an attachment state of the apparatus when the first information satisfies the attachment trouble rule.

Abstract: Provided is to prevent a false determination due to an attachment condition of an apparatus that transmits and receives an acoustic signal, and perform accurate personal authentication. A personal authentication device includes: a personal authentication means that authenticates an individual by using first information at least including an acoustic characteristic calculated from an acoustic signal propagating through the head of the user, which is detected by an apparatus being attached on a head of a user for transmitting and receiving the acoustic signal, and a feature amount extracted from the acoustic characteristic; an attachment trouble rule storage means that stores an attachment trouble rule for detecting an attachment trouble with the apparatus; and an attachment trouble detection means that detects a trouble with an attachment state of the apparatus when the first information satisfies the attachment trouble rule.

Abstract: A system and method for interacting with a voice-assisted member interface hosted by a provider backend server of a provider using a voice enabled-apparatus hosted by an apparatus vendor separate and distinct from the provider, the voice-enabled apparatus including a microphone unit, a speaker and a processor coupled to the microphone unit and the speaker, the processor configured to cause the voice-enabled apparatus to perform one or more functions in response to audio signals received at the microphone unit.

Abstract: Centralized management of a Data Processing Unit (DPU) Baseboard Management Controller (BMC) through an integrated server remote access controller (iRAC) may include embedding a secure token in a communication from the iRAC to a BMC of a DPU, the secure token authorizing the iRAC to the DPU BMC and authorizing the DPU BMC to the iRAC. The secure token may include a first layer token authorizing the iRAC to the DPU and authorizing the DPU to the iRAC and a second layer token authorizing the DPU to the DPU BMC and authorizing the BMC to the DPU. Alternatively, the secure token may be generated by the iRAC generating an initial token authorizing the iRAC to the DPU and authorizing the DPU to the iRAC, the iRAC embedding the initial token in a request to the DPU for a resource of the DPU BMC and the DPU generating the secure token.

Abstract: A system includes a user terminal and a plurality of ledger nodes. The user terminal acquires an object fingerprint of an item and biometric information of an owner of the item. The plurality of ledger nodes provides an electronic bulletin board. The user terminal writes an ownership right certificate including the object fingerprint of the item and the biometric information of the owner on the electronic bulletin board. The system may further include a server apparatus. The user terminal may transmit an item registration request including at least the object fingerprint of the item and the biometric information of the owner to the server apparatus.

Abstract: Tests are transmitted from a client device to server-side software located on a server device. Results of the tests are received from the server-side software. An authentication sub-flow is selected, based on results of the tests, from a plurality of authentication sub-flows enabling a client-side program to operate on cloud-based data associated with server-side software. Client authentication is facilitated for the client-side program to operate on the cloud-based data using the selected authentication sub-flow. The cloud-based data is operated on from the client-side program using the client-authentication.

Abstract: Authentication devices and methods. The authentication device includes a connection component configured to establish a physical connection with a computing system configured to perform at least an authentication procedure, a housing including a screen portion to at least visually present authentication data as part of an interaction with the computing system, and a cable portion connecting the housing and the connection component, wherein the cable portion is configured to prevent stress from being imparted on the connection component at least due to handling of the housing.

Abstract: Embodiments of the present invention provide a system for validating users in an electronic network based on graphical authentication credentials. The system is configured for receiving a file comprising graphical authentication credential from a user device of a user, decrypting the file comprising the graphical authentication credential, loading a deep learning model associated with the user, building a deep learning network using the deep learning model, running the file comprising the graphical authentication credential through the deep learning network, and verifying that the graphical authentication credential matches one or more stored credentials associated with the user based in running the file through the deep learning network.

Abstract: Systems, devices, and methods related to wireless battery management system (wBMS) are provided. For example, a wBMS network manager comprises a memory to store a list of hardware identifiers (IDs), wherein each hardware ID in the list is associated with a respective one of a plurality of battery modules; and mapped, based on a predetermined mapping, to a different one of a plurality of source IDs; an interface to receive, from a remote battery module, a packet including a source ID and a hardware ID associated with the remote battery module; and one or more processing units to search, using the source ID in the received packet and the predetermined mapping, for a first hardware ID from the list of hardware IDs; and authenticating the remote battery module based on a comparison of the hardware ID in the received packet to the first hardware ID from the list.

Abstract: Role-based access controls (RBAC) are extended to include multi-party authorizations for certain computing cluster operations or data items. Upon receiving a request to perform an operation over a computing cluster or its data, a check is carried out to determine if the operation (e.g., READ, WRITE, EXECUTE, DELETE, etc.) is subject to both a role-based access control as well as a multi-party authorization (MPA) consensus protocol. The determination to allow or deny the request includes (1) accessing a role-based access control record corresponding to the operation or data item, and (2) invoking the multi-party authorization consensus protocol. Prior to performance of the operation, a computer program collects “approve” or “deny” responses from individual ones of the multiple parties. When approval consensus is reached, the operation is performed. If approval is denied, or if an approval consensus is not reached within a time limit, then the operation is not performed.

Abstract: Methods, systems, and computer program products for thwarting a malware attack. A data storage system stores data items, some of which data items correspond to snapshots. Upon identification of a possible ransomware attack on a data item, the system identifies a version of the snapshot that is not subject to the ransomware attack and seeks to protect the data state of the system from further damage (e.g., due to performance of unauthorized operations on the version of the snapshot that is not subject to the ransomware attack) by requiring consensus from a multi-party authorization (MPA) consensus regime before carrying out requested operations over the snapshot. The MPA consensus regime operates by determining that the operation is subject to a role-based access control (RBAC) as well as a multi-party authorization (MPA) consensus protocol, and then allowing or denying execution of the requested operations based on achieving consensus from among candidate approvers.

Abstract: A policy acquisition unit (104) acquires a password policy prescribed in an authentication system (200) that performs user authentication using a password. A policy presentation unit (105) presents the password policy acquired by the policy acquisition unit (104) to a user when the authentication system (200) is to accept an input of a password from the user for the user authentication.

Abstract: A program analysis device including: code block extraction means for extracting code blocks having specific qualities from code blocks included in binary data of a program; backdoor score calculation means for calculating, for each code block extracted by the code block extraction means, based on the contents of operations in each code block, a backdoor score, which is a score indicating the possibility of each code block being a backdoor code or a score indicating the degree of impact of each code block on a system when it is executed; and output means for outputting the code blocks extracted by the code block extraction means and the backdoor score calculated for each of the extracted code blocks by the backdoor score calculation means.

Abstract: Systems and methods are provided that may be implemented to provide a basic input/output system (BIOS) with the ability to authenticate and then execute one-time unique instructions that are previously left behind (i.e., stored) in public memory of an information handling system by a containerized computing environment session that is no longer executing on the information handling system. The disclosed systems and methods may be so implemented to share with the system BIOS privileged instructions to identify which executables are authorized for execution on a targeted information handling system. The privileged instructions may be previously created and optionally stored together with an executable code in system public memory, and these instructions may provide instructions on how to execute the executable code.

Abstract: A system for digital rights management including a processor in a platform and a memory device comprising instructions that when executed configure the processor to perform operations. The operations may include determining whether a digital media is locally installed in a platform before initiating an operating system, and launching a first UEFI application configured to generate attestation data and communicate attestation based data to a server through an encrypted medium in response to determining the digital media is not installed. The operations may also include receive a binary file of the digital media and a first decryption key and performing a sealing of the binary file using a sealing enclave of the first UEFI application and generating a local decryption second key based on the first key and local entropy. The operations may also include installing the sealed binary file on local storage.

Abstract: A system and method for inspecting virtual instances in a cloud computing environment for cybersecurity threats utilizing disk cloning. The method includes: selecting a virtual instance in a cloud computing environment, wherein the virtual instance includes a disk having a disk descriptor with an address in a cloud storage system; generating an instruction to clone the disk of the virtual instance, the instruction when executed causes generation of a cloned disk descriptor, the cloned disk descriptor having a data field including the address of the disk of the virtual instance; inspecting the cloned disk for a cybersecurity threat; and releasing the cloned disk in response to completing the inspection of the cloned disk.

Abstract: Trusted execution environment construction is described and includes obtaining regulatory requirement information of a trusted execution environment. The regulatory requirement information is parsed to obtain atomized security function information applied to the trusted execution environment. Formal parsing processing is performed on the security function information to obtain a security solution of the trusted execution environment to prove that it satisfies the regulatory requirement information and generating a test case corresponding to the security solution based on an axiom of the security solution. Using a predetermined property migration mechanism based on the security solution and the test case corresponding to the security solution, a trusted execution environment is constructed that has same property information as the security solution and the test case with respect to a predetermined property item in a target scenario.

Abstract: An access token broker is executed within a first iFrame, a fully trusted application is executed in a second iFrame within the first iFrame, and a partially trusted application is executed in a third iFrame within the second iFrame. The partially trusted application may identify the iFrame in which the access token broker is executing and request an access token from the access token broker. The access token broker determines whether the request for the access token is to be granted. If the request is to be granted, the access token broker requests the access token from a hosting application. The hosting application obtains the requested access token from an access token server and provides the access token to the access token broker. The access token broker receives the access token from the hosting application and provides the access token to the partially trusted application.

Abstract: The present application discloses a processor and an attack detection method thereof. The processor includes a first register and an execution unit. The execution unit is configured to: execute a first jump-related instruction under a first privilege mode; set a first field of the first register to a first jump status parameter according to execution of the first jump-related instruction; jump to a first corresponding instruction in a specified register of the first jump-related instruction; determine whether the first corresponding instruction is a legal instruction and whether a first parameter of the first corresponding instruction is equal to the first jump status parameter to obtain a first determination; and determine whether to send an alert message according to the first determination.

Abstract: A system includes calling to a first function, determination, in response to the call, of whether to execute a first version of the first function or a second version of the first function, execution of the first version of the first function if it is determined to execute the first version of the first function, and execution of the second version of the second function if it is determined to execute the second version of the first function, wherein the second version of the first function comprises a security-related features and the first version of the first function does not comprise the security-related feature.

Abstract: In some examples, a system provides access, to a first server, a copy of a volume of data associated with a second server, where the first server is protected against unauthorized access. The first server receives first signatures generated by an agent in the second server based on applying a function on data objects of the volume. The first server generates, at the, second signatures derived based on applying the function on data objects of the copy of the volume. The first server determines whether malware that performs unauthorized data encryption of data of the second server is present, based on comparing the second signatures to the first signatures.

Abstract: The disclosure relates to a method for detecting a suspected infection event, the method comprising: receiving data associated with back-up copies of a plurality of machines including at least a first machine and a second machine, in which the data is indicative of a size of the associated back-up copy; and determining whether to classify data associated with at least one back-up copy associated with at least a second machine as anomalous based on an anomalous pattern identified in data associated with a back-up copy associated with a first machine.

Abstract: Systems and methods are disclosed for identifying resources responsible for events. In one embodiment, a method may include determining a number of unique actors in a plurality of actors that have accessed the resource. The method may further include identifying from the plurality of actors a set of affected actors that has been affected by an event and identifying from the set of affected actors a subset of resource-affected actors that accessed the resource prior to being affected by the event. The method may further include determining a number of resource-affected actors in the subset of resource-affected actors and, based on the number of unique actors and the number of resource-affected actors, determining an event score for the resource. The event score may be a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors.

Abstract: Described are techniques for multi-tenant security. The techniques include detecting malicious activity on a compromised application in a multi-tenant host. The techniques further include automatically performing a live migration of each tenant of the multi-tenant host to a respective single-tenant host. The techniques further include mitigating the malicious activity on the compromised application that is migrated to a single-tenant host, and automatically performing another live migration of each benign tenant to a new multi-tenant host.

Abstract: A system and method for securing deployment of computing infrastructure resources.

Abstract: The systems and methods use a gradient boosted decision tree, which may be trained in data sparse environments. The system also uses a data transformation step to collapse complex data into a standardized feature input (e.g., a fixed length feature input) that may be processed by the model with a constant (or near-constant) lookup time and with minimal latency. Finally, the system generates a dual variable output that provides both a metric of whether a communication is fraudulent and/or unauthorized as well as a confidence level of that determination.

Abstract: An example method for monitoring for security threats in a container system comprises: monitoring, by a container storage management system configured to manage storage resources for containerized applications deployed on one or more nodes within a container system, activity within the container system; detecting, by the container storage management system based on the monitoring, an anomaly associated with the activity; and determining, by the container storage management system based on the detecting the anomaly, that data stored by the one or more storage resources is possibly being targeted by a security threat.

Abstract: A refresh control method includes: generating a first random number; and preforming, in response to execution times of a regular refresh operation reaching the first random number after execution of a previous row hammer refresh operation, a new row hammer refresh operation.

Abstract: Techniques for sample traffic based self-learning malware detection are disclosed. In some embodiments, a system/process/computer program product for sample traffic based self-learning malware detection includes receiving a plurality of samples for malware detection analysis using a sandbox; executing each of the plurality of samples in the sandbox and monitoring network traffic during execution of each of the plurality of samples in the sandbox; detecting that one or more of the plurality of samples is malware based on automated analysis of the monitored network traffic using a command and control (C2) machine learning (ML) model if there is not a prior match with an intrusion prevention system (LPS) signature; and performing an action in response to detecting that the one or more of the plurality of samples is malware based on the automated analysis of the monitored network traffic using the C2 ML model. In some embodiments, the IPS signatures and C2 ML model are automatically generated and trained.

Abstract: Systems and methods for archive scanning are provided herein. In some embodiments, a method includes: selecting an archive; reading a metadata representing a plurality of files within the archive; reading a plurality of hash strings from the archive; comparing the plurality of hash strings with a database of hash strings; and determining, based on the comparing, if the plurality of files within the archive represent a security threat based on the plurality of hash strings.

Abstract: A storage system, including a host device; and a storage device including a memory and at least one processor configured to implement a storage internal protection (SIP) module, wherein the SIP module is configured to: obtain, from the host device, a plurality of storage commands corresponding to the memory, filter the plurality of storage commands to obtain a filtered plurality of storage commands, apply information about the filtered plurality of storage commands to a machine-learning ransomware detection algorithm, and based on the machine-learning ransomware detection algorithm indicating that a ransomware operation is detected, provide a notification to the host device.

Abstract: Systems and methods for smart incentivization for achieving collaborative machine learning are disclosed. A system receives local model parameters from plurality of client devices in a network, for global model corresponding to collaborative machine learning. The system determines an optimum score for each client device using pre-trained Conditional Variational Auto Encoder (CVAE), based on local model parameter. The system computes contribution score for each client device by determining relative distance value of optimum score corresponding to each client device with optimum score corresponding to another client device from the plurality of client devices, and a global model optimum score of global model. The system updates global model with local model parameter received from the selected set of client devices of the plurality of client devices corresponding to good class, average class, and bad class.

Abstract: Systems, methods, and processing devices for aiding with cyber intrusion investigations that includes capabilities for extracting data from a specified range of a volatile memory of a target processing device, reconstructing data structures and artifacts from the extracted data; and generating and presenting a visualization of the reconstructed data structures and the reconstructed artifacts.

Abstract: Provided is a method to update an OS installed in a secure element on an OS update platform exposing the same ES9+ interface as an SM-DP+, the secure element being an eUICC or an iUICC cooperating with a terminal, the secure element and the terminal being comprised in a device. The method comprises loading an OS update script in the OS update platform of the secure element manufacturer, triggering the LPA of the terminal to connect to the OS update platform by using the ES9+ SM-DP+ protocol, downloading by the LPA the OS update script in an ISD-P of the secure element and installing the OS update script in the ISD-P of the secure element, and after the installation of the OS update script in the ISD-P, return by the secure element an execution result to the OS update platform through the LPA.

Abstract: Methods and systems for managing the operation of data processing systems are disclosed. A data processing system may include a computing device that may enter various operating states by performing various types of startups. The startups may include use of code bases for which the computing device may not inherently be able to validate. To reduce risk of using the code bases, the computing device may perform processes to validate the code bases prior to using the code bases. Additionally, the computing devices may limit the types of interfaces that may be established during the startups while allowing other types of interfaces to be established to provide startup flexibility.

Abstract: Disclosed methods for enabling flexible policies for user access to BIOS attribute settings perform operations including creating a BIOS attribute map encompassing one or more configurable BIOS attributes, generating a role-based authorization table associating an authorization role to each of the configurable BIOS attributes, and deploying the role-based authorization table to an information handling system. Responsive to a user launching a BIOS attribute configuration tool, a user role associated with the user is detected and the role-based authorization table is retrieved. Based on the role-based authorization table and the user role, configurable BIOS attributes for the user are identified. The configurable BIOS attributes may then be presented to the BIOS configuration to enable the user to perform configuration operations for the configurable BIOS attributes.

Abstract: Methods and systems for managing the operation of data processing systems are disclosed. A data processing system may include a computing device that may enter various operating states by performing various types of startups. The startups may include use of code bases for which the computing device may not inherently be able to validate. To reduce risk of using the code bases, the computing device may perform processes to validate the code bases prior to using the code bases. The processes may include obtaining security information for a portion of the code base from a trusted source, and using the security information to validate portions of the code base ahead of use of the portions to complete startups.

Abstract: Storage devices may be utilized in external devices that communicate with host computing devices over various communication ports and protocols. Traditionally, storage devices utilize boot loading data, such as boot ROMS, to start normal operations of the device. However, many storage devices are unable to change or update boot loading data once the device has been manufactured or deployed. Thus, methods, systems, and devices described herein decouple the boot loading process from the storage device and load boot loading data from an external device. The boot loading data can be loaded via a wireless communication connection from an external device, where it can be updated as needed. Once loaded, the bootloader can begin the process of loading firmware and starting the normal operation of the drive over regular wired communication ports. When the boot loading data or firmware cannot be loaded externally, traditional booting methods can be used utilizing previously stored copies of the required data.

Abstract: Disclosed methods maintain security key information, including a unique security key, for one or more blade servers inserted in slots of one or more modular chassis. Following an indication of a logical trusted group comprising a plurality of slots, a trusted group database, including the security key information for each blade server in a slot of the trusted group, is maintained. Responsive to detecting movement of a blade server between two slots of the trusted group, a pre boot process of the server blade in the second slot is automatically authenticated via the security key information in the trusted group database. If a blade server not associated with the trusted group is inserted into a trusted group slot, automatic authentication is blocked and the user is prompted to manually authenticate the new blade server. If manual authentication is successful, security key information for the new blade is added to the database.

Abstract: A disclosed method provides a Device Integrity and Zero Trust (DIZ) protocol to implement proactive as well as reactive firmware vulnerability management. The DIZ protocol identifies device-level firmware versions and vulnerabilities and dynamically compiles appropriate firmware updates. The protocol may further construct a telemetry of the security vulnerability statistics for dynamic identification of Signs of Compromise (SoC) and collectively interpret various other platform telemetry stats for compiling vulnerability resolutions. An artificial intelligence (AI) based scalable and continuous Adaptive and Trust Assessment (ATA) method is employed for dynamic integration of partner solutions based on threat intelligence and remediation data. Disclosed solutions may further implement a geo location independent security adaption method. The identification and assessment of SoCs beneficially reduces an attacker's ability to breach an organization's IT systems.

Abstract: The proposed systems and methods apply natural language processing to identify implicit security requirements flowing from input text narratively describing desired features for a software project. These systems and methods can identify hidden security requirements that may not be readily apparent from the features described in the input text. For example, a story may include a feature of a return URL (Uniform Resource Locator), which is the URL for the website to which a user will be redirected. A security vulnerability that would not be obvious from this feature is that a user might be directed to an attacker controlled site instead of the originally intended site. A security requirement that could counteract this vulnerability would be to include the feature of verifying all redirects go to Whitelisted Sites.

Abstract: A disclosed method for managing enterprise security posture includes maintaining a security system repository (SSR) including information mapping one or more software libraries to vulnerability information indicative of one or more identified vulnerabilities, providing one or more library scanning tools configured to scan the one or more software libraries and provide notifications indicative of one or more new vulnerabilities, generating an SSR catalog indicative of vulnerability information pertaining to the one or more software libraries, and an enhanced plugin module (EPM) is provided wherein the EPM is configured to consume installed application metadata enabling to produce an inventory indicative of updates to deploy.

Abstract: A system and method of predicting the probability of exploitation of vulnerabilities of a computing environment. The method includes acquiring one or more environment variables associated with a computing environment. The method includes identifying a vulnerability in the computing environment based on a vulnerability database (VDB) and the one or more environment variables associated with the computing environment. The method includes generating an input dataset based on behavioral-based endpoint detection and response (EDR) data associated with the vulnerability. The method includes providing the input dataset to one or more predictive models respectively trained to predict probabilities of exploitation of vulnerabilities of computing environments based on the input dataset. The method includes generating, by a processing device, a vulnerability risk score for the vulnerability of the computing environment based on the input dataset and the one or more predictive models.

Abstract: Systems and methods are provided for inspecting, identifying, blocking, and combatting browser security vulnerabilities. In various embodiments, an inspection module may execute on a browser accessing a web domain on a first computing device. Inspection modules may dynamically analyze a set of scripts associated with the web domain to identify privacy vulnerabilities. Such vulnerabilities may be blocked and/or combatted to prevent communications of private information to one or more third-, fourth-, . . . , nth-party sites and applications. Embodiments may generate a customized privacy plan directed to one or more privacy vulnerabilities and execute on a graphical user interface on a computing device.

Abstract: Systems and methods are provided for inspecting, identifying, blocking, and combatting browser security vulnerabilities. In various embodiments, an inspection module may execute on a browser accessing a web domain on a first computing device. Inspection modules may dynamically analyze a set of scripts associated with the web domain to identify privacy vulnerabilities. Such vulnerabilities may be blocked and/or combatted to prevent communications of private information to one or more third-, fourth-, . . . , nth-party sites and applications. Embodiments may generate a customized privacy plan directed to one or more privacy vulnerabilities and execute on a graphical user interface on a computing device.