Abstract: During operation, the system receives a request, via a REST API, for data stored in a database which uses a schema associated with a current version, wherein the request indicates a version of the REST API. Responsive to determining that the indicated version is a prior version of the REST API which does not correspond to the current version of the database schema, the system: dispatches the request to a translation proxy; applies rules which converts the request to indicate an updated REST API version corresponding to the current version of the schema; obtains results from the database based on the converted request and the applied rules; and returns the results, wherein the prior version of the REST API comprises an old version and wherein the current version of the schema comprises a new version, which enables functionality from the new version to work with the old version.

Abstract: A system includes an intelligent electronic device (IED) and a proxy device communicatively coupled to the TED via a Media Access Control (MACsec) communication link. The proxy device is configured to perform operations that include receiving permissions data, receiving a request to perform an action associated with the TED, determining whether the action is authorized based on the permissions data, and transmitting data to the TED via the MACsec communication link in response to determining that the action is authorized.

Abstract: According to one embodiment, a memory system includes a first nonvolatile memory, a second nonvolatile memory and a controller. The first nonvolatile memory includes a first memory element. The second nonvolatile memory includes a second memory element in which data is able to be written only once. The second memory element stores first key information. The controller receives second key information stored in an information processing apparatus, generates a first key using the first key information and the second key information, and generates a second key using at least the first key. The controller encrypts data, which is to be written into the first nonvolatile memory, with the second key, and decrypts data, which is read from the first nonvolatile memory, with the second key.

Abstract: A terminal device uploads data to a storage device. The terminal device includes a processor and a memory storing instructions that cause the device to determine whether data to be uploaded is a file or a partial dataset being used by an application, determine whether one or more data objects created in a given format is included in the data to be uploaded determined to be the partial dataset, generate image data and a shared byte string from the data to be uploaded if the data objects created in the given format are included in the data to be uploaded, send the data to be uploaded to the storage device as shared data if the data to be uploaded is the file, and send the image data and the shared byte string to the storage device as the shared data if the data to be uploaded is the partial dataset.

Abstract: A user inputs a speech including a keyword via a speech input device; a first processor searches a job history by the keyword, the job history being stored on a storage, the job history including a job record, the job record including a set of values having ever been used for a job executed by an image processing apparatus. A job record specifying device includes a second processor that conducts an analysis on different values in multiple job records; selects a speech with reference to the different values; transfers the speech to a speech generator; and finds a specific job record from the multiple job records using a keyword extracted from a speech inputted via the speech input device in response to the speech outputted by the speech generator. The image processing apparatus reflects a target set of values in the specific job record, to the setting of a job.

Abstract: A system and method configures permission settings for applications (“apps”) running on a computing device of a user. A data center generates at least one model of collective privacy preferences. The computing device is in communication with the data center via a communications network. The computing device comprises a processor that execute at least a first app that requests access to at least one permission of the computing device and a personal privacy assistant app. The personal privacy assistant app receives the at least one model from the one or more servers of the data center; collects information about the user; identifies at least one recommended permission setting for the first app based on the at least one model and such that the recommended permission setting is user-specific; and configures the computing device to implement the received at least one user-specific recommended permission setting.

Abstract: Systems and methods for a security rating framework that translates compliance requirements to corresponding desired technical configurations to facilitate generation of security ratings for network elements is provided. According to one embodiment, a host network element executes a collection of security checks on at least a first network element. The execution is performed by receiving configuration data of the first network element pertaining to each security check of the collection of security checks in response to a request by the host network element and validating each security check by comparing the received configuration data pertaining to each security check with a pre-defined or configurable network security configuration recommendation to generate a compliance result. Further, the host network element generates a compliance report by aggregating the compliance results obtained by executing each security check of the collection of security checks.

Abstract: Systems and methods for controlling access to a blockchain are disclosed. The systems and methods are comprised of a security agent, a controller, an authenticator, a rules engine, and a policy engine. In certain embodiments, the security agent receives a message from an application, parses the message, and transmits the message to the controller if the message comprises one or more predetermined applicable rules or policies. The controller receives the message with its rules and policies, queries the rules engine and the policy engine to apply the rules and policies, and transmits an authentication request to the authenticator. The authenticator then requests an authentication signal from a user and transmits the results to the controller. The controller applies the results and forwards them to the security agent, which may or may not release the message to the blockchain depending the results.

Abstract: Methods and systems described in this disclosure receive a call from a caller, generate a first session through a first channel associated with the caller when the call is received and then send a request for authentication credentials to a device associated with the caller. In some embodiments, sending the request for authentication credentials generates a second session through a second channel associated with the caller. The caller can be authenticated to the first session using communication received during the second session through the second channel.

Abstract: A method, device, and system for configuring a session for communication between electronic devices includes sending, by a session management entity of a wireless network, a first request message to a policy control entity of the wireless network, the first request message comprising a key identifier, receiving, by the session management entity, a first response message from the policy control entity, wherein the first response message corresponds to a response to the first request message, and the first response message comprises a session policy for a communication session corresponding to the key identifier, and configuring, by the session management entity, the communication session based at least in part on the session policy.

Abstract: In an embodiment, a method includes receiving, by a processor and from a user device associated with a user, a request to access a service associated with a first protocol. The method further includes receiving, by the processor, a virtual credential of the user authorized by an authorizing entity. The virtual credential is compliant with a second protocol different than the first protocol. The method further includes verifying, by the processor, that the virtual credential is authorized by the authorizing entity. The method further includes transforming, by the processor, the virtual credential to generate a transformed virtual credential compliant with the first protocol. The method further includes sending, by the processor, a representation of the transformed virtual credential to the service. The method further includes verifying, by the processor and after the sending, that the transformed virtual credential is valid.

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

Abstract: Methods and systems for verifying a user's identity on a computing device using two-factor authentication are described. More particularly, the system utilizes a personal identification number input by a user, together with one or more of a secure browsing feature, a device fingerprint, and a token generator to authenticate the user on the computer.

Abstract: A system generates network perimeter for an organization based on the connection data. The system builds a model, for example, a machine learning based model configured to receive a network zone as input and output a score indicating security of the network zone. The system receives information describing connection requests received from client devices associated with the organization. The system adjusts parameters of the machine learning based model based on information describing the connection requests. The adjusting of the machine learning based model improves the accuracy of prediction based on the information describing the connection requests. The system determines a network perimeter for the organization using the machine learning based model. The network perimeter may be used for implementing a network policy for the organization based on the determined network perimeter.

Abstract: The present invention relates to a method for configuring a second home automation device (D2) by means of replacing a first home automation device (D1), the method comprising the following steps: recording (ERU1) at least one set of configuration data or instructions (cfg1) associated with a unique identifier of a first home automation device (D1); receiving (ERU9) a configuration request from a second home automation device (D2); determining (ERU10) an association between the second home automation device (D2) on the one hand and the first home automation device (D1) on the other hand; determining (ERU11) at least one set of configuration data or instructions (cfg2) associated with the second home automation device (D2); sending (ERU12) at least one configuration message (MCfg) comprising the at least one set of configuration data or instructions (cfg2) to the second home automation device (D2).

Abstract: The invention relates to a system that implements application lineage metadata and registration. An embodiment of the present invention is directed to auto-generating Application Lineage data. This may be accomplished by implementing code markers, such as @Annotations, within the code. An embodiment of the present invention may scan the code each time a build is kicked off by a continuous integration and continuous delivery (CI/CD) pipeline. At the end of the build, the documentation may be automatically generated with application lineage information.

Abstract: This application provides a wireless local area network configuration method and a device, and relates to the field of communications technologies, so as to increase a success rate of configuring authentication information of a home wireless local area network for a home device, and improve efficiency in connecting the home device to the home wireless local area network. A specific solution is as follows: A terminal obtains authentication information of a first wireless local area network, configures an SSID of the first wireless local area network as a hidden SSID, and sends at least one first probe request frame, where the first probe request frame carries at least a part of the authentication information of the first wireless local area network.

Abstract: An apparatus and method for intelligent processing of cyber security risk assessment data are provided. The apparatus includes a processor and a memory communicatively coupled to the at least a processor. The memory contains instructions configuring the at least a processor to receive a cyber profile associated with a digital environment. The processor is also configured to generate a cyber profile summary of the cyber profile data and generate a user interface data structure including the cyber profile summary and the cyber profile. A graphical user interface (GUI) is communicatively connected to the processor and the GUI is configured to receive the user interface data structure including the cyber profile summary and the cyber profile and display the cyber profile summary on a first portion of the GUI.

Abstract: A cloud based network includes a plurality of nodes, each of which include at least one containerized microservice that enables intent-driven operation of the cloud based network. One or more resource controllers, each designated to manage a custom resource, communicate with a master controller of the node to manage operational and configuration states of the node and any microservices containerized within the node. The master enables a user to monitor and automate the management of microservices and the cloud based network as a whole. The containerized microservice architecture allows user customizable rendering of microservices, reconciliation of old and new versions of microservices, and facilitated management of a plurality of nodes.

Abstract: Techniques for using contextual information to manage data that is subject to one or more data-handling requirements are described herein. In many instances, the techniques capture or depend upon the contextual information surrounding the creation and/or subsequent actions associated with the data. The contextual information may be updated as the data is handled in various manners. The contextual information may be used to identify data-handling requirements that are applicable to the data, such as regulations, standards, internal policies, business decisions, privacy obligations, security requirements, and so on. The techniques may analyze the contextual information at any time to provide responses regarding handling of the data to requests from requestors, such as administrators, applications, and others.

Abstract: Disclosed herein is a system and a method to remotely control operation of an electronic lock securing access to a real estate property. The invention disclosed allows a buyer agent to remotely control operation of an electronic device associated with the prospective buyer and uses the electronic device of the buyer to unlock an electronic lock that secures access to the real estate property. This alleviates the need to share the password with the buyer and thereby maintaining confidentiality of the electronic lock password and security of the real estate property and at the same time enabling access of the property to the buyer without the buyer agent being physically present on the real estate property.

Abstract: Systems and methods for overcoming technical problems associated with virtual private networks and application provisioning systems to provide ways for end-users and/or providers to control access, use, and communications associated with websites, online applications, and online services. Such systems and methods leverage techniques analogous to technologies known for implementing man-in-the-middle (MITM) attacks.

Abstract: The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices comprises collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing tier is configured to control network traffic of IoT devices of a private network; generating, by the executing tier, security policies for IoT devices from PEBs of the IoT devices; and controlling, by the executing tier, network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: Disclosed herein, among other things, are systems and methods for authentication and encryption key exchange with an ALD for hearing device applications. A method includes receiving an acoustic input at a microphone of a hearing device, and receiving a wireless signal over a wireless link from an assistive listening device (ALD) at an antenna of the hearing device, the wireless signal including digital audio information. The acoustic input is compared to the digital audio information using a processor of the hearing device. Upon determining that the acoustic input and the digital audio information are correlated at a threshold level, the processor is used to create and distribute an encryption key to the ALD to secure the wireless link. The ALD may include a processor for correlating the input and the information, and for creating and distributing the encryption key, in some embodiments.

Abstract: Techniques are disclosed for processing data packets and implementing policies in a software defined network (SDN) of a virtual computing environment. At least one SDN appliance is configured to disaggregate enforcement of policies of the SDN from hosts of the virtual computing environment. The servers are communicatively coupled to network interfaces of the SDN appliance. The servers host a plurality of virtual machines The SDN appliance comprises a plurality of smart network interface cards (sNICs) configured to implement functionality of the SDN appliance.

Abstract: Apparatuses, methods, systems, and program products are disclosed for task management. An apparatus includes a processor and a memory that stores code executable by the processor. The executable code includes code to receive information for defining one or more form fields of a compliance template associated with a compliance task. The information is derived from a compliance policy. The executable code includes code to include one or more interactive multimedia elements in the compliance template. The one or more interactive multimedia elements are associated with at least one of the one or more form fields. The executable code includes code to electronically present the compliance template during the compliance task to gather compliance information related to the compliance task.

Abstract: Methods, systems, and computer-readable media for analysis of role reachability using policy complements are disclosed. An access control analyzer determines two nodes in a graph that potentially have a common edge. The nodes correspond to roles in a provider network, and the roles are associated with first and second access control policies that grant or deny access to resources. The access control analyzer performs a role reachability analysis that determines whether the first role can assume the second role for a particular state of one or more key-value tags. The role reachability analysis determines a third access control policy authorizing a negation of a role assumption request for the second role. The role reachability analysis performs analysis of the third access control policy with respect to a role assumption policy for the second role for the particular state of the one or more key-value tags.

Abstract: A system includes a privacy vault storing user-associated contents. The vault also stores access permissions defined for third-parties with whom the user has a sharing relationship. An access permission defines, for at least one third party, procurement and utilization policies for vault contents accessed by the third-party. The system may access a user account to recover user-associated contents stored by the accessed account and stores the recovered contents in the privacy vault. The system receives a request from a third-party to access identified contents stored in the privacy vault and determines if the contents are procurable by the third party based on an access permission defined, in the privacy vault, for the third-party. The system provides procurable contents to the third party along with indication of any constraints on the contents defined by utilization policies of the access permission defined for the third party.

Abstract: Various systems, methods, and apparatuses relate to managing data transmissions from one or more Internet of Things (IoT) devices. A method includes discovering one or more IoT devices; tracking data transmission between the one or more IoT devices and an IoT server; restricting audiovisual data transmission by at least one of the one or more IoT devices based on a user profile associated with a user by providing an instruction to the at least one of the one or more IoT devices; determining that the at least one of the one or more IoT devices is continuing to transmit audiovisual data to the IoT server subsequent to the restriction; based on the determination, denying network access; and presenting, via a user device, a user interface including an indication whether communications to the IoT server have been prevented for each of the one or more IoT devices.

Abstract: A cybersecurity engine can guide a forensic investigation of a security incident by estimating the utility of investigating events associated with the security incident, selecting a subset of such events based on the estimated utilities, and presenting data associated with the selected events to the investigator. A method for guiding a response to a security incident may include estimating, for each of a plurality of security events associated with the security incident, a utility of investigating the security event. The method may further include selecting a subset of the security events based, at least in part, on the estimated utilities of investigating the security events. The method may further include guiding the response to the security incident by presenting, to a user, data corresponding to the selected security events.

Abstract: Disclosed are systems, methods, and computer-readable media for ensuring that one or more compliance information bundles associated with one or more end-point identifiers maintain compliance with one or more regulations. It is detected that a rules engine has been updated with a new regulation. Based on an identification that one or more compliance information bundles associated with the one or more end-point identifiers will not be compliant with the new regulation after an expiration of a grace period associated with the new regulation, a status associated with each one or more compliance information bundles is changed to a provisionally-approved status. The changing of the status associated with each of the one or more compliance information bundles to the provisionally-approved status causes each of the one or more compliance information bundles to be treated, temporarily like the status of each the one or more compliance information bundles is an approved status.

Abstract: As described herein, a system, method, and computer program are provided for using shared customer data and artificial intelligence to predict customer classifications. A first system of a first business entity receives an artificial intelligence model generated using output of a secure multi-party computation applied to: a first schema of first customer data stored by the first system, and a second schema of second customer data stored by a second system of a second business entity. Additionally, the first system executes the artificial intelligence model on the first customer data stored by the first system to generate a predictor, the predictor configured to receive input and process the input to predict a classification for the input. Further, the first system distributes the predictor for use by the second system of the second business entity to predict at least one classification for the second customer data.

Abstract: A method for managing data in view of data controls includes determining that a jurisdictional restriction associated with a jurisdiction applies to utilization of a portion of data, determining that a compliant service to utilize the portion of data is unavailable, deploying an instance of the compliant service, and utilizing the portion of data using the instance of the compliant service.

Abstract: A system and method of selectively outputting content on a head mounted wearable computing device is provided. The system may determine a context associated with the operation of the head mounted wearable computing device, and selectively output content on the head mounted wearable computing device, or delay the output of content, based on the context. The content may be displayed in one or more designated portions of the display of the head mounted wearable computing device so as to reduce distraction to the user, and enhance situational awareness and situational safety during use of the head mounted wearable computing device.

Abstract: A data platform for managing an application as a first-class database object. The data platform includes at least one processor and a memory storing instructions that cause the at least one processor to perform operations including detecting a data request from a browser for a data object located on the data platform, executing a stored procedure, the stored procedure containing instructions that cause the at least one processor to perform additional operations including instantiating a User Defined Function (UDF) server, an application engine, and the application within a security context of the data platform based on a security policy determined by an owner of the data object. The data platform then communicates with the browser using the application engine as a proxy server.

Abstract: A system and method for conducting a computerized surveillance in a computerized environment, including: initiating an installation of an agent on an endpoint device (EPD) in response to an indication of a potential malicious activity executed on the EPD; activating the agent to collect data on the EPD; based on the analysis of the collected data, selecting at least one mitigation action to be executed by the agent; and initiating an uninstallation of the agent from the EPD.

Abstract: Examples described herein include systems and methods for deploying Data Loss Prevention (DLP) policies to user devices. An example method can include receiving a configuration specifying at least one DLP policy applicable to an application, along with an indication of an assignment group specifying users, or user devices, to which the DLP policy should apply. Information regarding the DLP policy and assignment group can be provided to an identity service and then synchronized with a second server that manages the application. The method can further include provisioning the application to a user device and instructing the user device to retrieve the DLP policy from the second server and implement it when executing the provisioned application.

Abstract: A computerized broker system for enabling coordination of computerized federation resources in a networked computer environment to support discovery, connection and correspondence with the computerized federation resources, the computerized broker system disclosed. The computerized broker system enables the coordination of unique meaningful multipart identifiers and resolver outcomes that satisfy the mutual interest of federation members and ensure agreement, interoperability, usability, reusability, flexibility, stability, expected behaviors, scalability, avoidance of conflict, and other such mutual benefits that are difficult to achieve at scale through member to member cooperation and with no brokerage. A method for distributing and discovering networked resources in a computerized broker system is disclosed and a further method for managing federated networks and federation resources in a computerized broker system is also disclosed.

Abstract: Providing policy check functionality to file uploads is disclosed. An attempted file upload is detected at a browser isolation system. A user of a client is prompted to provide a credential associated with the file and usable to access contents of the file. A policy is applied to the file upload.

Abstract: Methods and systems for monitoring use, determining risk, and pricing insurance policies for a vehicle having autonomous or semi-autonomous operation features are provided. In certain aspects, with the customer's permission, a computer-implemented method for updating an autonomous operation feature may be provided. An indication of a software update associated with the autonomous operation feature may be received, and several autonomous or semi-autonomous vehicles having the feature may be identified. The update may be installed within the several vehicles, such as via wireless communication. Also, a change in a risk level associated with the update to the autonomous operation feature may be determined, and an insurance discount may be determined or adjusted.

Abstract: Embodiments of the present invention disclose systems and methods for controlled access to a website from a mobile device when the mobile device is connected with an external public or private network away from home. Certain embodiments provide for such protection and security through the use of smart and secure home router which is connected to the mobile device through a virtual private network, whether in a module form or as a standalone server.

Abstract: A policy-controlled access system comprising a client device running a local application, A mid-link server monitors network traffic from the client device. The network traffic includes third-party content accessed by a user on the client device. A request for data from the end-user is received using the local application, a category associated with the request for the data is determined, and a policy associated with access to the data is determined based on the category. A risk score associated with the data is determined based on the policy using machine learning models. The machine learning models analyze user activities from the network traffic for the determination of the risk score. The risk score is compared with a threshold value and based on the comparison the request is authorized. Machine learning-based recommendations associated with the data are generated. The recommendations include modifications in the policy for access to the data.

Abstract: A computer implemented method for resolving a Domain Name System, DNS, query received at a third party cloud computing environment comprises: receiving a DNS query at the third party cloud computing environment. The DNS query is forwarded to a sinkhole DNS server if the DNS query comprises an unauthorised domain name. The DNS query is forwarded to a default DNS server of the third party cloud computing environment if the DNS query does not comprise an unauthorised domain name.

Abstract: An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some aspects, the non-transitory computer readable medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a transaction transmitted over an N12 interface, extract, from the transaction, one of an expected response (XRES) or an authentication token (AUTN), a user identifier (ID), and a cipher key, capture a first message transmitted over an N1 interface, and determine that the first message is associated with the user ID and the cipher key extracted from the transaction.

Abstract: In various embodiments, a computer-implemented method comprises determining that a first property associated with a dashboard is modified at a first device, determining that the dashboard is accessible at a second device, where the first device and the second device are coupled via a trusted tunnel bridge, and in a real-time response to determining that the first property was modified, transmitting, to the second device via the trusted tunnel bridge, an update that causes the second device modify the dashboard based on the modified first property.

Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.

Abstract: A packet-filtering network appliance such as a threat intelligence gateway (TIG) protects TCP/IP networks from Internet threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their associated flows are sent to cyberanalysis applications located at security operations centers (SOCs) and operated by cyberanalysts. Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, which generates a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses.

Abstract: Latency in a cloud security service provided via a network security device is reduced by receiving in the network security device a new network connection request for a connection between a local network device and a remote server. If a locally cached rule is applicable to the new network connection request, the applicable locally cached rule is applied to selectively allow the new network connection based on the rule. If no locally cached rule is applicable to the new network connection request, the new network connection request is forwarded to the remote server and to a cloud security service, and a response from the remote server is selectively forwarded to the local network device only upon receiving a determination by the cloud security device as to whether the new network connection is a security risk.

Abstract: Disclosed herein are systems and methods for blocking information from being received on a computing device. In one aspect, an exemplary method comprises, by a hardware processor, intercepting a Domain Name System (DNS) request, the intercepted DNS request being initiated by an advertising module of the computing device; obtaining a set of rules for a transmission of the intercepted DNS request; estimating a probability of the intercepted DNS request being a DNS request that was initiated by one or more actions of a user based on the obtained set of rules; and blocking displaying the advertisement information on the computing device based on the estimated probability, wherein the blocking displaying the advertisement information comprises blocking the advertisement information from being received on the computing device.

Abstract: This application discloses an authorization revocation method and an apparatus, and relates to the communications field. An example method includes: receiving, by a first entity, an authorization revocation request message from a second entity, wherein the authorization revocation request message carries an identifier of an application programming interface (API) invocation entity; and sending, by the first entity, an authorization revocation response message to the second entity based on the authorization revocation request message, wherein the authorization revocation response message indicates that authorization revocation succeeds or fails.