Abstract: In one embodiment, a device obtains telemetry data associated with an online application accessible via a network. The device trains, based on the telemetry data, a machine learning model to determine whether a given address in the network is associated with the online application. The device uses the machine learning model to generate a listing of network addresses associated with the online application. The device provides the listing of network addresses for use by an application detection service in the network to determine that an initial packet of a traffic flow is associated with the online application based on a match between a destination address of that packet and a network address in the listing of network addresses.

Abstract: A system that intercepts and analyzes application program interface (API) traffic, identifies correlations between components of API traffic, and uses those correlations to detect anomalous behaviors. API traffic, including requests and responses, is intercepted and analyzed to identify correlations in the API traffic. The correlations may be based on API traffic and can include a sequence of APIs, parameters passed between earlier and subsequent APIs, user roles within a user session and APIs accessed by the user roles, and other correlations. Correlation data for user sessions is generated and stored, and later compared to subsequent user session traffic. If the subsequent user session traffic does not comply with the correlations detected in earlier user sessions, an anomaly may be triggered.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for providing passive continuous session authentication. An example method includes authenticating a session for a user of a client device. The example method further includes generating a video data structure comprising a video stream, deriving a set of biometric attributes of the user from the video stream, synchronizing temporal information with the set of biometric attributes derived from the video stream, generating an aggregated behavioral attribute data structure comprised of the video data structure and the set of biometric attributes derived from the video stream synchronized to the temporal information, and re-authenticating, by the session authentication circuitry at a second time after the first time, the session for the user of the client device based on the aggregated behavioral attribute data structure.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for rating tasks and policies using conditional probability distributions derived from equilibrium-based solutions of games. One of the methods includes: determining, for each action selection policy in a pool of action selection policies, a respective performance measure of the action selection policy on each task in a pool of tasks, processing the performance measures of the action selection policies on the tasks to generate data defining a joint probability distribution over a set of action selection policy-task pairs, and processing the joint probability distribution over the set of action selection policy-task pairs to generate a respective rating for each action selection policy in the pool of action selection policies, where the respective rating for each action selection policy characterizes a utility of the action selection policy in performing tasks from the pool of tasks.

Abstract: A system for enabling a user access to one or more products/services of a host offering services through a network or the internet. The system generates a unique user identifier which is unique to the user in response to, or as a result of, creating an account with an authenticator application product of the system. The unique user identifier is used by a host to confirm registration of the user with the services offered by the host. The system requires user authentication involving one or more biometric authentication processes to create an account and thereafter access the account to select one or more host services. Upon selecting a given host service, the host verifies the account and transmits visual indicia to an electronic device on which the services will be displayed and accessed. The system enters the visual indicia through one or more scanning or imaging modalities to access the selected services.

Abstract: Techniques are described herein for processing intra- and inter-messaging platform communications, including by receiving and analyzing messages originating from one sender for distribution to a recipient, where the sender and recipient may be on a same or separate messaging platform. Clusters of such messages with similar contents or other similar characteristics are identified and categorized, such as in accordance with configuration information regarding one or both of the originating and destination messaging platforms. Based on a determination of one or more categories associated with such an identified message cluster, as well as an analysis of metadata associated with the profile of the sender of the messages, various actions may be taken with respect to such message clusters or with parties associated with such message clusters, including actions based at least in part on the configuration information.

Abstract: A node in a communications network is configured to use a reinforcement learning agent to manage a process associated with the communications network. The node is further configured to adjust a value of an exploration rate associated with training of the reinforcement learning agent, based on a performance indicator associated with the managed process.

Abstract: A method of blocking access of a threatening user includes (a) executing an application on a user terminal, (b) collecting, by the user terminal, access information and transmitting the access information to a server unit, (c) determining, by the server unit, whether a user is a target whose access is to be blocked on the basis of the access information, (d) transmitting, by the server unit, a normal execution code or a blocking message to the user terminal according to a result of the determination, and (e) executing the user terminal according to the normal execution code or the blocking message.

Abstract: Provided is a process for mobile-initiated authentications to web services. Credential values of the user are established within a trusted execution environment of the mobile device and representations are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may convey access to a web-based service from a relying device. The server may pass credentials corresponding to the web-service received from the mobile device and verified to permit user access to the web-service to the relying device. The relying device presents credentials to the web-service to login, authenticate, or otherwise obtain user-level permission for the user on the relying device. The user of the mobile device may authenticate with the mobile device to the server, and may initiate the authentication process from the mobile device, without inputting credentials corresponding to the web-service on the relying device.

Abstract: Systems and methods are disclosed for dynamic selection of resource objects in a cloud-based system. The method may comprise defining a scope group from a scope tree, via a dynamic query, wherein the dynamic query comprises executing a query on the scope tree, the query including a name-type rule, a label-type rule, or a combination thereof; and selecting a subtree of the scope tree, to include in the scope group, based on the query. One or more subtrees may be selected as part of a scope group which are then applied by a cloud operating system to control, allow, or prevent access and determine a user's worldview in regards to a networked cloud-based system with all its various components, applications and resources.

Abstract: Methods, systems, and computer-readable media for compliance lifecycle management for cloud-based resources are disclosed. A selection is received of a compliance pack from a plurality of compliance packs. The compliance pack comprises a plurality of rules associated with policy compliance. The compliance pack is selected from the plurality of compliance packs via a user interface. The selection is associated with one or more resources hosted in one or more provider networks. An evaluation is performed of compliance of the one or more resources with respect to the plurality of rules of the compliance pack. Data describing the evaluation is generated and displayed. The data comprises an aggregate compliance status for at least one of the one or more resources, and the aggregate compliance status represents an aggregate compliance with the plurality of rules.

Abstract: An apparatus includes a network interface and a processor. a network interface that receives a call report including an application programming interface (API) name of an API, a service name of a security service, and an identifier of a customer apparatus; and a processor configured to build a first first-order model, at least in part based on the API name, to perform a determination that an update for the security service is available, and to produce an update request, at least in part based on the first-order model and the determination, wherein the network interface transmits the update request to the customer apparatus.

Abstract: The technology disclosed relates to analysis of security posture of a cloud environment. In particular, the disclosed technology relates to a system and method for analysis of infrastructure posture of a cloud environment, that include detecting a triggering criterion corresponding to initiation of an update scan of the infrastructure posture of the cloud environment, and invoking an incremental change detector based on the triggering criterion. The incremental change detector is configured to scan the cloud environment and return a scan result that identifies one or more changes to a set of infrastructure assets in the cloud environment within a selected time period. A cloud infrastructure graph is updated based on the one or more changes to the set of infrastructure assets, wherein the cloud infrastructure graph defines nodes that represent resources in the cloud environment and edges, between the nodes, that represent relationships between the resources.

Abstract: Methods and Systems for collecting feedback data are disclosed. An Application Programming Interface (API)-based survey feedback dashboard can be prepared for storing survey feedback data for an API-based survey. The API-based survey can be sent to multiple survey taking users using a unique link that can link field information from the survey meta information and the survey structural information of the API-based survey feedback dashboard with the API-based survey.

Abstract: Computer-implemented methods for management of data collection devices. Aspects include creating a cluster of data collection devices and a distributed meta-key manager for the cluster and providing an authentication key for each data collection device to access the distributed meta-key manager. Aspects also include collecting and storing data by one or more of the data collection devices and periodically perform a quorum check for each data collection device of the cluster. Aspects further include updating an operational mode of each data collection device based on the quorum check and offloading the stored data from a data collection device based on successful verification of the stored data and the operational mode of the data collection device.

Abstract: A generic wireless device management system and a method for operating the management system in a controlled environment is disclosed. The enterprise management system includes a generic wireless device and a generic provisioning server. The generic wireless device, which is initially in a generic blank state, coordinates with the generic provisioning server to authenticate an inmate and to load an inmate profile. After loading the inmate profile, the generic wireless device provides access to content specific to the inmate. After the inmate signs out of the generic wireless device, the generic wireless device is returned to a generic blank state.

Abstract: An information handling system includes a basic input/output system (BIOS), a memory, and a processor. The processor scans a current state of each BIOS attribute in the BIOS, and stores one or more changed attributes in a secure event log in the memory. The processor converts each changed attribute into a different threat event including a first changed attribute into a first threat event. The processor provides a list of threat events to multiple threat chains, each of which determine whether the threat events match threat criteria in a threat chain policy. In response to the threat event matching a threat criterion in the threat chain policy, the threat chain provides a threat state change to the processor, which in turn provides new threat state changes to a threat state change consumer.

Abstract: Apparatuses, systems and methods are described herein for separately collecting and storing form contents. Different information may be collected from a user on a form. Based on determining that portions of the form request a first type of information, an extended reality (XR) environment may be provided to the user. The user may provide the first type information via an input method in the XR environment. The user may provide a second type of information using a different input method outside of the XR environment. The first type of information may be processed and stored in a different database as compared to the second type of information. The database storing the first type of information may have a higher security standard than the database storing second type of information.

Abstract: Methods, systems, and computer program products for incremental regulatory compliance are provided herein. A computer-implemented method includes obtaining at least one first document indicative of a first set of requirements, at least one second document indicative of a second set of requirements, and a baseline document indicative of one or more security controls currently implemented in a system architecture; performing a document comparison between the at least one first document, the at least one second document, and the baseline document to identify overlapping requirements across the first set and the second set that are not satisfied by the one or more security controls; and recommending at least one additional security control to be implemented in said system architecture for satisfying at least one of the identified overlapping requirements.

Abstract: A system, method, and computer-readable media for linking identify information between a group-based communication system and an external application based on a user authorization to share credentials. After sharing the user's credentials, the user may be authenticated with the external application and user data from the group-based communication system may be shared with the external application. Additionally, a preview of a web resource associated with the external application may be displayed to the user within the group-based communication system allowing the user to interact with the web resource from within the group-based communication system.

Abstract: A method for protecting the integrity of measurement data acquired by a sensor includes: in response to the measurement data being acquired, determining, by the sensor, whether an aggregate value has already been generated, and: if the aggregate value has not yet been obtained, mapping, by a predetermined aggregation function that takes the measurement data as a mandatory argument and a previously generated aggregate value as an optional argument, the measurement data to the aggregate value; whereas if the aggregate value has already been obtained, mapping, by the predetermined aggregation function, the combination of the aggregate value and the measurement data to a new aggregate value; and in response to a predetermined condition being met, computing, using a secret key of the sensor, a signature of the aggregate value; and outputting the signature via a communication interface of the sensor, and/or storing the signature in a memory.

Abstract: During a deployment phase, each worker that enters a secure area is identified. The behavior of each worker is monitored while the worker is in the secure area in order to develop an Artificial Intelligence (AI) model that is specific to each worker and is representative of at least part of the behavior of the corresponding worker in the secure area. During an operational phase, each worker that enters the secure area is identified. The behavior of each worker is monitored while the worker is in the secure area. The current behavior of each worker in the secure area is compared with the behavior represented by the AI model that corresponds to the worker. An alarm is raised when the current behavior of one or more workers diverges from the behavior represented by the AI model that corresponds to the worker.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: Methods, systems, and devices are provided for supporting user plane integrity protection (UP IP) for communications with a radio access network (RAN). Various embodiments may include indicating whether or not a wireless device supports UP IP over Evolved Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access (eUTRA) by including UP IP support indications in user equipment (UE) security capability information elements (IEs).

Abstract: A method of mobile device management (MDM) comprising scanning, by an optical reader of a first mobile device, an optical code. The optical code is generated based on a policy and a group that includes the first and a second mobile device. The optical code has encoded enrollment details of the policy. Responsive to the scanning, the method includes connecting to a computer interface on which an enrollment application is accessible and causing display of an enrollment page. The method includes receiving identification input entered into the enrollment page. In response to the identification input, the method includes automatically transferring the enrollment details and the identification input to the enrollment application. Based on the transfer, enrolling the first mobile device in a MDM system. Enrollment of the first mobile device includes enabling a set of functions of the first mobile device consistent with the policy of the group.

Abstract: A policy-controlled access system comprising a client device running a local application, A mid-link server monitors network traffic from the client device. The network traffic includes third-party content accessed by a user on the client device. A request for data from the end-user is received using the local application, a category associated with the request for the data is determined, and a plurality of policies associated with access to the data is determined based on the category. A machine-learning based Uniform Resource Locator (URL) score associated with the data is determined based on URLs extracted from user activities. A machine learning based policy engine preference is generated based on priority levels of the plurality of policies. The access to the data is provided based on the machine-learning based URL score in accordance with the machine learning based policy engine preference.

Abstract: A method for implementing a storage system is described. The method includes accepting a filepath from a user that specifies a file. The method includes forming a primary key for a representation of the file. The method includes applying the primary key to a database cloud service to obtain a representation of the file. The representation of the file includes an inode for the file's meta data. The method includes using the inode for the file's meta data to obtain the file's meta data from a high performance object cloud storage service. The file's meta data points to information within the high performance object cloud storage service for accessing the file's stripes. The method includes accessing the information within the high performance object cloud storage service to obtain an object ID for a stripe within the file. The method includes using the object ID to access the stripe from a low performance object cloud storage service.

Abstract: A management apparatus is operated by one operating entity. The management apparatus includes: a storage unit that stores a policy information, which is associated with data provided by a data provider to another operating entity that is different from the one operating entity, and which defines a provision permission policy of the data provider for the data; an acquisition unit that refers to a log information in which a first hash value of one policy information is recorded and that obtains a policy information corresponding to the one policy information from the storage unit, the one policy information being associated with one data provided to a data user from the another operating entity; and a comparison unit that calculates a second hash value of the obtained policy information and that compares it with the first hash value.

Abstract: Systems, apparatus, methods, and articles of manufacture for AI-driven cybersecurity enclaves, such as a computerized environment that executes one or more specially-trained AI models to govern communications between users and AI service providers.

Abstract: A system and a method of preventing generation of duplicate network routes in a Software Defined Wide Area Network (SD-WAN) are described. A network route management service receives network route information from a network device connected to a subnetwork present in the SD-WAN. The network route information is compared with a master network route information for identifying presence of one or more duplicate network routes in the network route information. Upon identification, the duplicate network routes are removed from the network route information, and the network route information excluding the one or more duplicate network routes is transmitted to the network device.

Abstract: Systems, methods, and devices log activity associated with security platforms implemented across web servers and application server. Systems include a first server including one or more processors configured to generate a plurality of log files based on requests received from a client device, where each log file is generated based, at least in part, on event information associated with a request and at least one of a plurality of custom parameters. Systems further include a second server comprising one or more processors configured to host an application accessed by the client device, where the first server is coupled between the client device and the second server and is configured to handle requests between the client device and the second server. Systems also include a database system configured to store application data associated with the application and the client device.

Abstract: Various embodiments of an apparatus, method(s), system(s) and computer program product(s) described herein are directed to an Archiving Engine that detects a regulated user account(s) joining a virtual meeting and instantiating a virtual meeting participant instance to capturing one or more communication channels of the virtual meeting hosted by a communication system. The Archiving Engine generates an archival file(s) based on the captured communication channel data. The Archiving Engine generates one or more translated files by applying a compliance policy associated with at least one of the regulated user accounts to the one or more archival files.

Abstract: A moderator system that can receive outputs of various stages of the security analytic framework and can receive input from external sources to provide information about emerging styles of attacks. One or more models/behavioral profiles can be curated by the moderator system, and the moderator system can provide updates to components of the security analytics framework.

Abstract: Technologies for providing selective offload of execution of an application to the edge include a device that includes circuitry to determine whether a section of an application to be executed by the device is available to be offloaded. Additionally, the circuitry is to determine one or more characteristics of an edge resource available to execute the section. Further, the circuitry is to determine, as a function of the one or more characteristics and a target performance objective associated with the section, whether to offload the section to the edge resource and offload, in response to a determination to offload the section, the section to the edge resource.

Abstract: Various embodiments of an apparatus, method(s), system(s) and computer program product(s) described herein are directed to a Geographic Archiving Engine. The Geographic Archiving Engine identifies a geographical region associated with a regulated user account requesting access to a virtual meeting. The Geographic Archiving Engine instantiates a regional virtual meeting participant instance for the identified geographical region. The Geographic Archiving Engine captures, via the regional virtual meeting participant instance, a communication channel(s) of the virtual meeting. The Geographic Archiving Engine generates an archival file(s) based on the communication channel data captured by the regional virtual meeting participant instance. The Geographic Archiving Engine generates a translated file(s) by applying a compliance policy, associated with a regulated user account(s), to the one or more archival files.

Abstract: A communication control apparatus according to one aspect of the present invention determines whether a message to be transmitted from an information processing apparatus include at least one attached file, when the message is transmitted from the information processing apparatus to one or more destinations via a network. When the communication control apparatus has determined that the message to be transmitted includes said at least one attached file, the communication control apparatus acquires approval of transmission of said at least one attached file from an approver, and transmits the message including said at least one attached file to said one or more destinations, on condition that approval of transmission of said at least one attached file has been received from the approver.

Abstract: A storage system management application User Interface (UI) includes an unhealthy SDNAS object resolution page. A set of SDNAS objects having an unhealthy status is determined from an SDNAS process executing on a base platform. Each unhealthy SDNAS object is identified, and a recovery process for the unhealthy SDNAS object is determined. The set of unhealthy SDNAS objects and the recovery procedures are returned to the unhealthy SDNAS object resolution page of the UI. Controls are provided on the page to receive input related to selection of a single unhealthy SDNAS object, a group of two or more unhealthy SDNAS objects, or all unhealthy SDNAS objects for resolution. In response to selection of one or more unhealthy SDNAS objects, the user interface provides a series of one or more API calls to the base platform to effect resolution of the selected unhealthy SDNAS objects via the SDNAS process.

Abstract: Systems and methods for securing data transmissions using distance measurements are disclosed. A mobile device (such as a smart phone) and a base station can use ultra-wideband technology to determine the distance between the two devices. The distance measurements produced by the mobile device and the base station can be compared, directly or indirectly by the mobile device, the base station, and/or an access device to determine whether the mobile device is present at an access device or if the mobile device is not present at the access device (as expected during a relay attack). If the mobile device is not present at the access device, the access device can prevent or cancel an interaction based on the data transfer (e.g., opening a locked door of a secure building in response to receiving an access credential from the mobile device).

Abstract: A process for establishing a future 2-way authentication between a client application and an application server. In operation, an OIDC server receives a request from the client application to establish a secure connection from the client application. The request includes a certificate generated using a public-private key pair associated with the client application or a user, and authentication credentials associated with the client application or the user. The OIDC server establishes that the authentication credentials are valid, and provisions a cryptographic identifier of the certificate associated with the request to a list of trusted certificates. The OIDC server then provides one or more application servers with access to the list of trusted certificates to enable the application servers to authenticate the client application based on verifying that cryptographic identifier of the certificate presented by the client application is provisioned into the list of trusted certificates.

Abstract: A service for providing messaging extension apps can be an online store that can be browsed and searched for the apps. The store uses extension app identifiers which are related to app identifiers that are sent between devices in a conversation of messages so that a receiving device can, when it does not have the extension app installed to interact with received content, use the extension app identifier to download and install the required extension app. In one embodiment, the download and install can occur while the messaging app remains the foreground app, and the messaging app adds an icon of the newly installed extension app into a browsable tray in the UI of the messaging app.

Abstract: Systems and methods for dynamic, hyper context-based microsegmentation are described. In one aspect, a computing device is detected on a network. A network hyper context is assigned to the computing device based on network properties and computing device properties associated with the computing device. A policy defining a segment identifier identifying a network segment and corresponding to the network hyper context is accessed. The segment identifier is assigned to the computing device. The computing device is segmented onto the network responsive to detecting the computing device.

Abstract: The method for automatically generating a playbook performed by a computing apparatus according to the present disclosure comprises periodically collecting asset information and CTI (Cyber Threat Intelligence) information of a target network, extracting TTP (Tactics, Techniques, Procedure) information using the collected asset information and the collected CTI information, retrieving a data source of the extracted TTP information, generating a temporary playbook including a data component matching a detection method of the extracted TTP information among a plurality of data components of the retrieved data source, verifying validity of the temporary playbook based on data component order information of the temporary playbook and determining whether rearrangement of data components included in the temporary playbook is needed, and rearranging data components included in the temporary playbook, and storing it as a final playbook.

Abstract: The present disclosure includes, responsive to a request from a user device, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security; responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and forwarding the request to a system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked.

Abstract: A computer implemented method of remote access computer security, the method comprising steps a computer processor is programmed to perform, the steps comprising: by a computer, receiving and combing data on a client device, data on a user of the client device, data on a network, and data on an information technology service, determining a policy for controlling remote access to the information technology service based on the combined data, and controlling remote access of the user to the information technology service using the remote client device over the network, based on the determined policy.

Abstract: Systems, devices and processes are provided to facilitate the authentication of media player devices for media streaming. Specifically, the various embodiments provide a media player device authentication technique that monitors the locations of media player devices to determine a pattern of device co-location with a primary device. The media player devices can then be selectively designated as confirmed devices based on their determined pattern of device co-location with a primary media player device. Those media player devices that are designated as confirmed devices can then be selectively enabled for media streaming. Conversely, media player devices that are not designated as confirmed devices based on a pattern of co-location can be prevented from receiving media streams even when they have the correct login information and password.

Abstract: A method scalably authorizes requests. A request to authorize access to a resource is received. A plurality of policies controlling the request is identified. The plurality of policies are concurrently processed. A decision for a policy is received. The decision is of a plurality of decisions corresponding to the plurality of policies. The policy is of the plurality of policies. The decision is determined using a machine learning model and the request. An aggregate decision is generated from the plurality of decisions. A token to access the resource is transmitted in response to the aggregate decision.

Abstract: A node, that includes a processor executing a first operating system, a peripheral port connected to a peripheral device, where the peripheral port is configured to block access to the peripheral device, a system control processor executing a second operating system, where the system control processor is configured to perform a method for providing access of the peripheral device to the first operating system, the method that includes receiving a peripheral access message from a remote authentication server, where the peripheral access message includes a peripheral device identifier associated with the peripheral device, and in response to receiving the peripheral access message, unblocking the access to the peripheral device.

Abstract: Systems and methods are described for improving the utilization of an extended display system. Some aspects relate to an extended display generator having an input stream module to generate or receive input streams. Input streams may be generated locally (e.g., by a game engine) or remotely (e.g., from the internet). A function module of the generator provides functions that modify or extract information from the input streams. Then extended display generator applies a template to the input streams and function outputs, defining how such display content is presented to a user. A graphical user interface is used to specify which input streams, functions, and visual template should be used. The extended display shows the selected input stream(s) and the functional output(s) in a format defined by the visual template.

Abstract: Described herein are techniques for providing one or more users with access to content obtained from a plurality of content providers. In some embodiments, such techniques may comprise maintaining a number of access credentials associated with a plurality of different content providers, obtaining access to a plurality of media content libraries, each of the plurality of media content libraries managed by a content provider of the plurality of different content providers, and providing the plurality of media content libraries to at least one user device as a single library of media content. Such techniques may further comprise receiving, from the user device, a selection of a media content from the single library of media content and providing, to the user device, access to the selected media content within a corresponding media content library of the plurality of media content libraries using an access credential.

Abstract: Disclosed are various approaches to automate vulnerability assessment implement policy-based mitigation. A plurality of vulnerability records from respective ones of a plurality of vulnerability feeds are aggregated. Each of the plurality of vulnerability records are stored in a standardized format. A plurality of enterprise-specific severity scores are generated by calculating an enterprise-specific severity score for each of the plurality of vulnerability records. Then, a web page can be created that includes at least a subset of the plurality of enterprise-specific severity scores and respective ones of the plurality of vulnerability records.