Abstract: A system and method for resolving contradictory device profiling data. The method includes: determining a set of non-contradicting values and a set of contradicting values in device profiling data related to a device based on a plurality of conflict rules; merging values of the set of non-contradicting values in device profiling data into at least one first value; selecting at least one second value from the set of contradicting values, wherein selecting one of the at least one second value from each set of contradicting values further includes generating a certainty score corresponding to each value of the set of contradicting values, wherein each certainty score indicates a likelihood that the corresponding value is accurate, wherein the at least one second value is selected based on the certainty scores; and creating a device profile based on the at least one first value and the at least one second value.

Abstract: A method and system for authenticating a device is provided. A noisy response is received from a physically unclonable function for a challenge. An error code is generated for correcting the noisy first response. An expected response is generated from the noisy first response and the error code. The expected response and corresponding first helper data is store. The helper data includes the first challenge and the error code. The helper data is provided to a device in response to an authentication request from the device, the first device including the physically unclonable function.

Abstract: The disclosure describes techniques for automatically pairing multiple source devices to a sink device in response to a single source device being paired to the source device. For instance, in response to a single source device being manually paired with wireless earbuds, the techniques may automatically pair other source devices that are associated with a common user account. In addition, this disclosure describes techniques for configuring a sink device to periodically broadcast advertisement messages indicating a current state of the sink device, which enables source devices that receive the advertisement message to determine whether to establish a connection with the sink device based on a current state of the sink device.

Abstract: Methods, systems and computer programs are presented for classifying malware using audio and image signal processing. One method includes an operation for converting a software application to an audio signal and an image signal. Audio features are extracted from the audio signal and image features are extracted from the image signal and are used to classify the software application.

Abstract: A processing device initializes a memory device in an unauthenticated state in which the memory device is unable to execute one or more restricted commands. The processing device accesses a security capsule that is digitally signed using a private key. The processing device transitions the memory device to an authenticated state based on verifying that the security capsule is validly signed. The processing device uses a public key corresponding to the private key to verify the security capsule is validly signed. While in the authenticated state, the memory device is able to execute the one or more restricted commands.

Abstract: A system for application (APP) protection includes a processor. The processor is arranged to execute a guest virtual machine (VM), at least one primary VM, a hypervisor, and a host VM, wherein at least one APP protection with at least one identification (ID) of the at least one APP running on the guest VM is downloaded to the guest VM. The hypervisor includes an install service module and a launcher module. The host VM is arranged to: receive at least one install command from the guest VM, and generate an install service command to the install service module; verify the at least one APP protection by the at least one ID and generate at least one verification result; obtain the at least one ID from the at least one primary VM according to the at least one verification result; and generate a launch command to the launcher module.

Abstract: Systems and methods are described for managing access control. An example method may comprise receiving an address associated with a user device. An identifier may be determined based on the address. Based on the identifier, the user device may be determined to be associated with a trusted user. Based on the determination that the user device is associated with the trusted user, the user device may be granted access to a trusted network service.

Abstract: A wireless device receives, from a first base station, a RRC release message comprising a suspend configuration, wherein the suspend configuration comprises a configuration of a SDT procedure, and the configuration indicates a radio bearer configured for the SDT procedure. The wireless device suspends, based on the suspend configuration, one or more radio bearers comprising the radio bearer configured for the SDT procedure. Based on initiating the SDT procedure the wireless device resumes the radio bearer configured for the SDT procedure and transmits, to a second base station, a radio resource control (RRC) resume request message. The wireless device communicates with the second base station and during the SDT procedure, data associated with the SDT procedure, receives, from the second base station, a second RRC release message comprising a resume indication after completion of the SDT procedure, and initiates, based on the resume indication, an RRC resume procedure.

Abstract: A method for selecting a policy includes evaluating a number of metrics for a number of policies including generating, for each policy of a number of policies, values of the metrics, the generating including applying the policy to a system to generate the values, processing the values of the metrics for the number of policies to determine a boundary of combinations of metric values, combinations on the boundary representing a policy such that no other policy of the number of policies improves all the metric values, presenting, in a user interface, the boundary of combinations of metric values, receiving, at the user interface, a selection of one of the policies made based on the boundary, and providing configuration data associated with the selected policy for implementation in a deployed system.

Abstract: An example system includes a processor to compute a token-level fingerprint for each of a number of tokens in a received window of text. The processor can compute a window representation for a window of text based on the token-level fingerprints. The processor can also update the window representation in a rolling scheme when sliding the window of text.

Abstract: Statistical analysis can be used to attempt to identify potentially malicious references, such as trap URLs. When a URL is utilized for a request, that request can be intercepted before analysis before that URL is resolved to an address. Portions of this URL, as well as the entire URL, can be compared against one or more lists of known URLs using a probabilistic matching process to determine whether there are any matches that are very close but not quite exact. Any determined match with high probability above a suspicion threshold can be flagged as being suspicious, or associated with a potentially malicious site. An action can then be taken, such as to block that URL or prompt a user for confirmation of intent.

Abstract: A face authentication apparatus (50) includes an image generation unit (102) that generates a first image by capturing an image of a person, a control unit (104) that, when the first image does not satisfy a criterion for face collation, controls lighting and causes the image generation unit (102) to generate a second image by capturing an image of the person again, and a face authentication unit (52) that executes face authentication by using the second image.

Abstract: A computing platform may train a synthetic identity detection model to detect synthetic identity information. The computing platform may receive identity information corresponding to an identity generation request. The computing platform may input, into the synthetic identity detection model, the identity information, which may cause the synthetic identity detection model to: identify at least one collision between the received identity information and stored identity information, and generate, based on the at least one collision, a synthetic identity score indicating a likelihood that the received identity information corresponds to a request to generate a synthetic identity. The computing platform may compare the synthetic identity score to at least one synthetic identity detection threshold. Based on identifying that the synthetic identity score meets or exceeds the at least one synthetic identity detection threshold, the computing platform may execute one or more security actions.

Abstract: Authentication systems and methods can selectively authenticate a request to access a resource data store storing access rights associated with a user device. The systems and methods can scalably execute challenges workflows as part of the authentication process. For example, a request to access one or more access rights stored in the data store can be received from the user device. The user device can be authenticated using challenge workflows selected based on a device identifier of the user device. The selected challenge workflows can be executed to determine whether or not to grant access to the access rights stored in the resource data store.

Abstract: A system and method for correlating network event anomalies to identify attack information, that identifies anomalous events within the network, identifies correlations between anomalies and other network events and resources, generates a behavior graph describing an attack pathway derived from the correlations, and determines an attack point of origin using the behavior graph.

Abstract: A cybersecurity service assesses, scores, and/or prioritizes activities associated with a directory service. When the directory service is requested to change a directory service assignment, the directory service may first request a verdict from the cybersecurity service. The cybersecurity service may use profiling and/or machine learning to predict directory service assignments. The cybersecurity service may then score and prioritize requests to change/update directory service assignments. Small deviations from predicted directory service assignments, for example, may indicate harmless/normal directory service activity. Larger deviations, though, may indicate abnormal directory service activity. Larger deviations may even indicate malicious directory service activity, such as permission escalation and cyberbreaches. Scoring and prioritization allows for resource allocation and timely mitigations by human experts.

Abstract: An apparatus comprises at least one processing device configured to generate an annotation for a pattern-matching rule in a rule-based analysis service specifying one or more asset-generic patterns, the generated annotation comprising instructions for writing additional pattern-matching rules in response to detecting the asset-generic patterns on specific information technology assets. The at least one processing device is also configured to monitor information associated with operation of information technology assets and to detect at least one of the asset-generic patterns of the pattern-matching rule on a given one of the information technology assets. The at least one processing device is further configured to generate a given additional pattern-matching rule in the rule-based analysis service specifying (i) asset-specific patterns and (ii) actions to take in response to detecting the asset-specific patterns.

Abstract: Embodiments of the disclosure provide a tracking performance display method and a host. The method includes: visual content is provided in a see-through mode, and the visual content corresponds to a real-world scene; tracking performance associated with the real-world scene is evaluated; and a tracking performance indicator corresponding to the tracking performance is displayed in the visual content.

Abstract: A cross-domain data access service enables data access across two or more computing domains, such as, for example, transient access by a public device to data held in a private cloud. In particular, the cross-domain data access service can identify a data subset from within a secure datastore of a first computing domain. The cross-domain data access service can replicate the data subset within a transient datastore that is segregated from the secured datastore. The cross-domain data access service can implement a data access policy so as to enable a client device from a second domain to access the transient datastore.

Abstract: A system and method for detecting a vulnerable workload deployed in a cloud environment based on a code object of an infrastructure as code file utilizes a security graph. The method includes: extracting the code object from a state file, which includes a mapping between the code object to a first deployed workload and a second deployed workload; generating a node representing the code object in the security graph; generating a connection in the security graph between the node representing the code object and a node representing the first workload and a connection between the node representing the code object and a node representing the second workload; and determining that the second workload is a vulnerable workload, in response to detecting that the first workload node is associated with a cybersecurity threat, and that the nodes representing the workloads are each connected to the node representing the code object.

Abstract: A computer-readable medium storing a program for causing a computer to execute processing in one of stages of a supply chain, the processing including: obtaining, from an immediately upstream stage, a first cumulative value being from a most upstream stage to the immediately upstream stage and a first random number used to generate a first commitment obtained by concealing the first cumulative value; generating, based on the first random number, a link commitment obtained by concealing information indicating a relationship between the immediately upstream stage and the stage; calculating, based on the first cumulative value, a second cumulative value being from the most upstream stage to the stage; generating a proof indicating that the second cumulative value is calculated using the correct first cumulative value and that is a zero-knowledge proof based on the link commitment; and causing the link commitment and the proof to be recorded in a blockchain.

Abstract: Disclosed is a method for defending against a malicious data traffic, the method includes: monitoring, by a defender device, data traffic flowing through a network device; generating a first control signal, by the defender device, in response to a detection that the data traffic includes a predefined amount of malicious data traffic, to cause a delivery of the data traffic to the defender device; terminating the malicious data traffic in the defender device. Also disclosed is an apparatus implementing the method, a computer program product and a system.

Abstract: An access manager determines whether access will be granted to a guarded species or space utilizing a controller including a digital processor with a memory for storing an ID library and a transducer block coupled with the processor for accessing a plurality of different ID types and an access control block coupled with the processor for granting or denying access.

Abstract: A method includes receiving, by a first device, a request from a second device to participate in a session, the request being a message compliant with a webRTC framework and including an identifier of a process hosted by the second device; verifying, by the first device, a type of the process hosted by the second device based on the identifier; initiating, by the first device, one or more actions on the first device in response to verification of the type of the process, the actions being other than those to communicate data between the first device and second device; and establishing, by the first device, the session with the second device after initialization of the actions on the first device.

Abstract: A system and method for real-time fraud detection with a social engineering phoneme (SEP) watchlist of phoneme sequences may perform real-time fraud prevention operations including receiving incoming call interactions and grouping the call interactions into one or more clusters, each cluster associated with a speaker's voice based on voiceprints. For a pair of voiceprints in a cluster, a phoneme sequence is extracted for each voice print. From the extracted phoneme sequences, a similarity score is then calculated to determine if a match exists between the extracted phoneme sequences based on a threshold. If determined a match exists, the phoneme sequence may be added to a SEP watchlist.

Abstract: User data is aggregated across a plurality of electronic communication channels and domains. An online system initially authenticates a user for access to the online system over a network. The online system provides a user identifier for the user to an authentication service. The authentication service generates a non-repeatable challenge from the aggregated user data for the user identifier and provides the non-repeatable challenge to the online system. The online system provides the challenge to the user and receives a response from the user. The online system provides the response to the authentication service and the authentication sends a success or failure back to the online system based on the response to the challenge, and based on the success or failure the online system makes a final determination for authenticating the user for accessing to the online system.

Abstract: In exemplary embodiments of the present invention, a router determines whether or not to establish a stateful routing session based on the suitability of one or more candidate return path interfaces. This determination is typically made at the time a first packet for a new session arrives at the router on a given ingress interface. In some cases, the router may be configured to require that the ingress interface be used for the return path of the session, in which case the router may evaluate whether the ingress interface is suitable for the return path and may drop the session if the ingress interface is deemed by the router to be unsuitable for the return path. In other cases, the router may be configured to not require that the ingress interface be used for the return path, in which case the router may evaluate whether at least one interface is suitable for the return path and drop the session if no interface is deemed by the router to be suitable for the return path.

Abstract: A computer-implemented method is provided for exchanging cryptographic key information between a device and a central point comprises obtaining a cryptographic secret, wherein the cryptographic secret is known to the central point. The method furthermore comprises obtaining a public key of the central point. The method furthermore comprises generating a cryptographic key pair for the device with a private key of the device and a public key of the device. The method furthermore comprises signing the cryptographic secret with the private key of the device. The method furthermore comprises encrypting the cryptographic secret signed with the private key of the device with the public key of the central point. The method furthermore comprises providing the encrypted and signed cryptographic secret, an address of an electronic mailbox of the device, and the public key of the device for the central point via an electronic mailbox of the central point.

Abstract: A mobile communication device operates to: pair with a remote device, generate first control data to control an auxiliary device coupled to a home automation device also paired to the mobile communication device; establish a group of the plurality of home automation devices; generate second control data corresponding to the group of auxiliary devices associated with the group of the home automation devices; establish tasks, via user interaction with the graphical user interface, the tasks each having an associated action to be performed by one or more of the home automation devices; display a menu of the tasks; receive selection of a selected task; and generate third control data in response to selection of the selected task, transmits the third control data to the one or more of the home automation devices associated with the selected task to perform the associated action corresponding to the selected task.

Abstract: Disclosed is a system for providing a personal information-based speech information processing service, and a system for providing a speech information processing service based on personal information protection, in which speech information including personal information is prevented from being fraudulently used in a cloud network or a public network, and personal information that needs to be protected is blocked not to be transmitted to/stored in/managed by a cloud service server regardless of a user's recognition.

Abstract: A cloud security control platform and method enforces security controls across multiple cloud environments, services and disparate teams while providing a frictionless “Permissions on Demand” mechanism for approvals and exceptions. In contrast to the prior art, security is evaluated on a permission by permission basis, with the default being that all permissions are denied and then only given to a particular identity on an as-needed basis. This approach reduces the security risks associated with the vast capabilities available in Public Cloud environments and permits an organization that uses the platform to grant access, approve exceptions and delegate approvals with the appropriate compliance.

Abstract: Presented herein are systems and methods for enabling and providing safe and secure last resort access to a computing system. Embodiments may leverage trusted platform modules that exists in information handling systems to provide a more convenient and more secure rescue account. In one or more embodiments, the last resort access may be based on federated approval from a vendor/provider and a customer. In one or more embodiments, part of the cryptographic information is stored/controlled by a provisioner (or vendor), and another part is stored/controlled by the customer. Since both parts are involved in the last resort access process in order to gain access, neither entity alone can gain access to the information handling system.

Abstract: There are provided systems and methods for an authorization and access control system for access rights using relationship graphs. A service provider may provide an authorization and access control system that allows users within the service provider and/or customer entities to assign and change access rights or permissions to computing resources. When providing control of these access rights, the service provider may utilize relationship graphs, queried and generated using a graph database, to visualize and determine access rights that are inherited through different relationships and policies defining these access rights. The relationship graph may show edges for nodes that correspond to related objects, such as actors, groups, and resources. Paths over the relationship graph may be used to determine access rights that may be inherited by users. Once determined, these access rights may be established and/or updated with computing systems.

Abstract: Methods and systems are described herein for bypassing secondary tiers of authentication for particular security categories. An authentication system, when authenticating a user, may receive an authentication request with authentication data enabling authentication through a multi-tier authentication mechanism. When the request has been authenticated through a multi-tier authentication mechanism, the authentication system may identify a category associated with the request and generate a temporal unlock flag for that category of future requests, such that the temporal unlock flag indicates that multi-tier authentication is not required for a predetermined amount of time for requests of that category. The temporal unlock flag may be inserted into the user's record. When future requests of that same category are received, only a single-tier authentication mechanism may be required for authentication.

Abstract: Methods and systems are disclosed herein for a media guidance application that allows access restrictions to be modified in a flexible manner based on a deviation in a user's projected location. Specifically, the media guidance application determines at an end of a first time period whether a user is in a projected location for a second time period. If the user is in a projected location for the second time period, the media guidance application sets a second level of media access restriction. However, if the media guidance application determines that the user is not in the projected location for the second time period, the media guidance application maintains the first level of media access restriction.

Abstract: In one embodiment a Hardware Server Module (HSM) (10) implementing a distributed quorum authentication enforcement is provided, whereby user access to a resource (40) on the device (10) is enforced via an API gateway (16). The HSM comprises one or more resources, a separate resource manager API for accessing the one or more resources, an enforcement module for enforcing access to the one or more resources via the API gateway according to a quorum policy, and a quorum manager for generating and storing a quorum request in a database. The API gateway (16) can be a RESTful API using HTTP requests to produce and consume data related to quorum services via at least one of a GET, PUT, POST, PATCH and DELETE command type. Other embodiments are disclosed.

Abstract: Data records associated with an account may be used to track incidents in a supply chain. Incident records associated with a supply chain are accessible and modifiable by users with an active user account associated with an incident management application. The application may receive requests to perform user actions on multiple incidents. Each request may be validated according to account-specific permissions and user-specific privileges. Multiple users may be grouped according to user classes indicative of their status as internal users or external users. Non-users may be invited to perform user actions on incident data through access links generated by the application instance. Access links may allow a non-user to become an invited or registered external user. A registered external user may be promoted to a named external user. Various visibility groups may limit the user actions that any given user of a particular user class can perform on incident data.

Abstract: A computer stores, within a single user account, multiple supervised computing resources and multiple additional computing resources. The multiple supervised computing resources are associated with a security policy. The computer executes a first instance of a specified application that lacks read access and lacks write access to any and all of the multiple supervised computing resources. The computer executes, simultaneously with the first instance, a second instance of the specified application that accesses at least a portion of the multiple supervised computing resources. The computer applies rules from the security policy to the second instance of the specified application while foregoing applying the rules from the security policy to the first instance of the specified application.

Abstract: The invention relates to an electronic device, and more particularly, to systems, devices and methods of authenticating the electronic device using a challenge-response process that is based on a physically unclonable function (PUF). The electronic device comprises a PUF element, a processor and a communication interface. The PUF element generates an input signal based on at least one PUF that has unique physical features affected by manufacturing variability. A challenge-response database, comprising a plurality of challenges and a plurality of corresponding responses, is set forth by the processor based on the PUF-based input and further provided to a trusted entity. During the trusted transaction, the processor generates a response in response to a challenge sent by the trusted entity based on the PUF-based input, and thereby, the trusted entity authenticates the electronic device by comparing the response with the challenge-response database.

Abstract: An embodiment includes a method to increase the efficiency of security checkpoint operations. A security checkpoint kiosk serves as a Relying Party System (RPS). The RPS establishes a secure local connection between the RPS and a User Mobile-Identification-Credential Device (UMD). The RPS sends a user information request to the UMD, via the secure local connection, seeking release of user information associated with a Mobile Identification Credential (MIC). The RPS obtains authentication of the user information received in response to the user information request. The RPS retrieves user travel information based on the user information. The RPS determines that the user travel information matches the user information. When the user travel information matches the user information, the RPS approves the user to proceed past the security checkpoint kiosk.

Abstract: Systems and methods are provided herein for enabling a user to download a blocked asset. These systems and methods allow a user to request that a parent, or another user, can approve download of the blocked asset. The request may be transmitted as a notification to a mobile phone or another suitable device, such that the parent, or the other user, can approve the request, even though they may be remote from the requesting user. Both the requesting user and the user whose approval is required to unblock the media asset (i.e., the approver), are identified by the system based on an identifier associated with each user. This informs the approver which user submitted the request. Additionally, this also adds a layer of security, since the approver must enter an identifier to authenticate their identity to the system before being able to unblock the asset for the requesting user.

Abstract: Zero trust and micro-segmentation techniques may be collectively used to enhance network security. To establish, refine, and enforce a zero-trust least-privileged policy, the network may be segmented to put each device of the network into a respective network of one, which forces all network traffic to pass through a zero-trust gatekeeper. The gatekeeper may then monitor and analyze the traffic to establish, refine, and enforce the zero-trust least-privileged policy, which reduces network access to only a limited set of network actions and/or paths. Using the gatekeeper, network traffic may be monitored to progressively establish the policy as well as to continually refine the policy. Recommended actions may be determined based on the analysis of the monitored network traffic and provided to the user to allow user feedback on the communication rules of zero-trust policy.

Abstract: Techniques described herein relate to a method for predicting results using ensemble models. The method may include receiving trained model data sets from a model source nodes, each trained model data set comprising a trained model, an important feature list, and a missing feature generator; receiving a prediction request data set; making a determination that the prediction request data set does not include an input feature for a trained model; generating, based on the determination and using a missing feature generator, a substitute feature to replace the input feature; executing the trained model using the prediction request data set and the substitute feature to obtain a first prediction; executing a second trained model using the prediction request data set to obtain a second prediction; and obtaining a final prediction using the first prediction, the second prediction, and an ensemble model.

Abstract: A cyber security appliance can inoculate a fleet of network devices by analyzing each endpoint of a secure connection. The appliance can receive a hostname for a malicious web server. The appliance can generate an unencrypted target fingerprint based on sending a series of unencrypted connection protocol requests to the malicious web server and an encrypted target fingerprint based on sending a series of encrypted secure connection protocol requests to the malicious web server. The appliance can build a combined web server fingerprint for the malicious web server based on both the encrypted target fingerprint derived and the unencrypted target fingerprint. The appliance can determine a set of suspicious IP addresses based on the combined web server fingerprint for the malicious web server. The appliance can inoculate a fleet of network devices against a cyberattack using the IP addresses to preemptively alert the fleet of cyber-attack.

Abstract: Various aspects of the disclosure relate to automated compliance verification systems for authenticating and verifying compliance associated with electronic transactions. A compliance verification platform may be an intermediary between an application for managing and/or recording transactions and a transaction processing platform for processing a transaction. Based on successful compliance verification and authentication, the compliance verification platform may send notifications to the transaction processing platform to process a transaction requested via the application.

Abstract: Embodiments of the present invention provide a system for interconnection, translation, and transition between disparate digital ecosystems. The system is configured for determining that a user is requesting to access a first digital ecosystem, receiving a first authentication credentials of the user from the first digital ecosystem for verification, determining that the verification of the first authentication credentials is successful and provide access to the first digital ecosystem, determining that the user is requesting transition to a second digital ecosystem from the first digital ecosystem, receiving second authentication credentials of the user from the second digital ecosystem for verification, determining that the verification of the second authentication credentials is successful and provide access to the second digital ecosystem, and preparing and transmitting a data payload to the second digital ecosystem.

Abstract: A user plane integrity protection method sending, by a user equipment (UE), user plane integrity protection information of the UE to a first base station, wherein the user plane integrity protection information indicates whether the UE supports a user plane integrity protection, and enabling the user plane integrity protection according to a user plane integrity protection algorithm when the UE supports the user plane integrity protection.

Abstract: A method for extended authentication sessions on an electronic device may include an authentication service computer program executed by an authentication service electronic device: receiving a customer identifier for a customer and a unique identifier for a mobile electronic device; authenticating the customer based on the customer identifier and the unique identifier for the mobile electronic device; setting a device cookie that is specific to the mobile electronic device on the mobile electronic device; and providing the device cookie and a client secret to an OAuth services backend, wherein the OAuth services backend validates the customer identifier and client secret and generates a first token and a second token, the first token having an expiration that is shorter than that of the second token. The mobile electronic device is configured to receive and store the first token and the second token.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that enable client devices to install integrations of a third party application that supports variable host address identification.

Abstract: A security system generates a digital signature for a small cell of a wireless network and assigns the digital signature to the small cell for connecting to the wireless network. The digital signature can be generated based on a connectivity schedule for the small cell. When the security system obtains a connection request from the small cell to connect to the wireless network, the security system compares an instance of the digital signature included in the connection request with an expected digital signature and compares the point in time when the connection request was communicated with an expected time indicated in the connectivity schedule. The security system detects an anomaly when the instance of the digital signature deviates from the expected digital signature or the point in time deviates from the expected time, and causes performance of an action based on a type or degree of the anomaly.