Abstract: Methods and systems of managing or reconciling location-based transactions are disclosed. At least a location attribute related to a virtual coupon is derived from a digital representation of a real-world scene captured at least in part by a mobile device. At least one virtual coupon is generated based on at least the location attribute, wherein the virtual coupon is related to a purchasable item associated with the real-world scene. A reconciliation matrix related to the purchasable item based on at least the location attribute is identified. A transaction for the purchasable item is reconciled among at least one vendor account and at least one consumer account according to the at least one virtual coupon and the at least one reconciliation matrix.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: A system for data encryption includes any or all of: a set of items, a set of keys, and a server. A method for data encryption includes any or all of: encrypting items, sharing items, and reading items. The method can optionally additionally or alternatively include any or all of: performing a registration process, creating items, restricting access of users and/or supplementary systems to items, and/or any other suitable processes.

Abstract: A computer-implemented method includes: receiving a request for associating a first index of privileges and permissions with an identity token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process; in response to determining that the identity token is valid and verifying that the requester is the person identified by the identity token, associating the first index of privileges and permissions of the first subscriber with the identity token; and providing the identity token associated with the first index of privileges and permissions of the first subscriber, the identity token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.

Abstract: A client computing device has a storage device storing a plurality of files and a system agent. The system agent applies a hash function to binary data read from the plurality of files to generate a set of data signatures. A server computing device has a database interface to access a database representing a state of the network and storage for a set of exemplar data signatures resulting from a scan of one or more exemplar computing devices, each data signature generated by applying a hash function to binary data representing a file. The client computing device is configured to receive and compare the set of exemplar data signatures with the generated set of data signatures, and to transmit data to the server computing device based on the comparison. The server computing device is configured to obtain data received from the client computing device and update records in the database.

Abstract: Secure peer-to-peer connection network and/or protocols for a group-based communication system, in which, a peer-to-peer connection request associated with a first identifier for a first client device and a second identifier for a second client device are received. The first identifier and the second identifier are compared to a group-based communication system validation registry associated with the group-based communication system and, based at least in part on a determination that the peer-to-peer connection request is authorized per the group-based communication system validation registry, a peer-to-peer connection between the second client device and the first client device is established.

Abstract: Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for secure document management including receiving, at a kernel level of an operating system, a document access instruction for a document from a user level application. A document identifier associated with the document is retrieved. Document access permissions associated with the document identifier are determined. Whether the document access instruction for the document is allowable is determined based on the document access permissions. The document access instruction is allowed to proceed if the document access instruction is allowable. The document access instruction is denied if the document access instruction is not allowable.

Abstract: Methods, apparatus, and systems are provided to secure access to an account of a user. The account may have a system administrator. The user may have a credential for accessing the secure data on the account. The methods, apparatus, and systems involve setting a universal reset credential associated with the account, denying the system administrator of the account permission to change the first credential of the access feature, and permitting the system administrator to reset the access feature from the first credential to the universal reset credential.

Abstract: An example method for monitoring operations of a business organization electronic computing device includes executing a checklist on a monitoring electronic computing device to obtain an operational status of an application being implemented on the business organization electronic computing device. Data is received from the business organization electronic computing device regarding the operational status of the application being implemented on the business organization electronic computing device. When a determination is made that the data identifies an operational threat for the business organization electronic computing device, an action is proposed or implemented to remediate the operational threat. An implementation of the checklist is adjusted based on an effectiveness of the action to remediate the operational threat.

Abstract: Disclosed herein is an identity network that can provide a universal, digital identity for users that can be used to authenticate the user by an identity provider for relying parties. The identity network receives a request from a relying party that includes deep linking to an identity provider selected by the user. The request specifies the user as well as any other information about the user the relying party is requesting. A service of the identity network launches the application for the identity provider on the user's device using a software development kit. The user can log into the identity provider's application, which validates the user and provides the user authentication/validation and information about the user to the identity network. The identity network can then provide the indication of the user's authentication and the user information to the relying party.

Abstract: The disclosed computer-implemented method may include receiving an input from a user identifying specified persons that are to be included in a concealed list of persons. The specified persons may be unaware of their inclusion in the concealed list of persons. The method may also include generating the concealed list of persons and determining that a potential participant from the user's concealed list of persons has selected the user in a corresponding concealed list of persons that belongs to the potential participant and, in response to the determination, the method may include creating a private conversation instance that is unique to the user and the potential participant. The generated private conversation instance may include an interaction interface that allows the user and the potential participant to interact in a confidential manner. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed systems and methods may receive a first salted password having a first password, a first user device identifier, and a first browser identifier, extract the first password, the first user device identifier, and the first browser identifier from the first salted password, and determine whether the first password, the first user device identifier, and the first browser identifier respectively match a stored first password, a stored first user device identifier, and a stored first browser identifier. The systems may grant the request to access the one or more resources for the first user device or perform other actions depending on whether the first password, the first user device identifier, and the first browser identifier respectively match the stored first password, the stored first user device identifier, and the stored first browser identifier.

Abstract: The various implementations described herein include methods and devices for creating and using trust binaries. In one aspect, a computer-readable storage medium includes a trust database storing a plurality of trust binaries, each trust binary corresponding to a respective executable program. Each trust binary of the plurality of trust binaries includes: a trust binary name generated by applying a hash function to a respective header of the respective executable program; and a function digest for each executable function identified in the executable program. The function digest is generated based on a respective starting address and one or more respective static parts of the respective executable function. The plurality of trust binaries are indexed in the trust database using their respective trust binary names.

Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.

Abstract: Computer implemented method and a system for auto completion of text based on the context associated with the text. The computer implemented method includes steps of receiving input text, identifying a certain context associated with the input text from multiple predefined contexts, by feeding the input text into a context-prediction component of a machine learning model that predicts the certain context, selecting a certain context-specific component of the machine learning model from multiple context-specific components according to the identified certain context, feeding the input text into the selected context-specific component that outputs autocomplete text associated with the identified certain context. The context-specific components are each trained to generate autocompleted text associated with a respective context pre-defined for the respective context-specific component.

Abstract: At least one processor may capture a plurality of image snapshots containing information about a monitored system at a plurality of sequential times, each snapshot having the same vertical and horizontal dimensions. The processor may label the plurality of image snapshots as indicative of an event that took place in the monitored system, may receive additional data describing the event, may cluster the labeled plurality of image snapshots and the additional data using at least one machine learning clustering algorithm, and may merge the clustered plurality of image snapshots and the clustered additional data into merged data. The processors may create a model by processing the merged data using at least one neural network, the model being configured to detect future events of a same type as the event in the monitored system. The processor may store the model in a memory in communication with the processor.

Abstract: Structured access to volunteered private data disclosed. Access can be based on security and privacy constraint information (SPCI) that can be selected by the party volunteering the private data. The volunteered data can be stored in a protected portion of a public network. The SPCI can be correlated to the volunteered data. In response to receiving a request for access to the volunteered data, an attribute of the request can be determined to satisfy one or more rules related to the SPCI prior to facilitating access to a version of a portion of the volunteered data. The version of the portion of the volunteered data can be a redaction of the portion of the volunteered data. The version of the portion of the volunteered data can be aggregated with other portions of other volunteered data determined to satisfy corresponding SPCI related rules.

Abstract: A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.

Abstract: Embodiments disclosed provide a virtual currency system within a messaging application by performing operations comprising: launching, within a messaging application, a third-party application; receiving, by the messaging application from the third-party application, a request to perform an ecommerce transaction in relation to an item available for consumption on the third-party application; determining, by the messaging application, an expected attribute for the item based on accessing a database that stores expected attribute information for multiple items; verifying, by the messaging application, that an attribute of the item specified by the request corresponds to the expected attribute for the item; and processing, by the messaging application, the ecommerce transaction in response to successfully verifying that the attribute of the item satisfies a verification criterion based on the expected attribute for the item.

Abstract: Systems, methods, apparatus, and articles of manufacture to facilitate playback of multimedia content are disclosed. An example apparatus includes a network interface configured to receive audio content over a playback network. A processor comprising instructions which when executed, cause the processor to detect that a portable playback device has joined the playback network. The processor is to update a state variable to indicate that the portable playback device has joined the playback network. The processor is to play audio content received over the playback network based on the state variable. The processor is to detect that the portable playback device is not joined to the playback network. The processor is to, after detecting that the portable playback device is not joined to the playback network, update the state variable to indicate that the portable playback device is not joined to the playback network.

Abstract: Methods and systems are for a content delivery management platform that organizes and monitors content delivery networks by the applications, features, or functions that they serve. The content delivery management platform is agnostic to the content delivery network. To provide this functionality, the content delivery management platform uses an abstraction layer to interface between the content delivery networks and the needs of the content provider (e.g., the owner of the content delivery management platform) as it serves users (e.g., provides the applications, features, or functions).

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.

Abstract: Embodiments of a method performed by an Interconnect Border Control Function (IBCF) in an Internet Protocol (IP) Multimedia Subsystem (IMS) network and corresponding embodiments of an IBCF are disclosed. In some embodiments, the method performed by the IBCF comprises receiving, from an IMS node in a virtual IMS network domain of a virtual IMS network operator, a Session Initiation Protocol (SIP) message that serves as a request for a leased IMS service. The SIP message comprises information that identifies the leased IMS service, information that identifies an IMS network slice, information that identifies the virtual IMS network operator, information that identifies one or more sub-services requested for the leased IMS service, and/or information that identifies an IMS network slice instance. The method further comprises making a decision as to whether to accept or reject the request based on the information comprised in the SIP message.

Abstract: An information processing apparatus, a meeting system, and a method. The information processing apparatus registers material to be distributed to a participant of a meeting, controls an output device to output the material, acquires meeting progress information indicating progress of the meeting and additional information added by the participant to the material, and generates meeting result information that indicates meeting result based on the material, the meeting progress information, and the additional information.

Abstract: A computerized method and processing system provides for transposing virtual content items between computing environments. The method and system includes receiving a transpose request to transpose a first item from the first computing environment to a second computing environment, including first item data relating to the first item. The method and system includes accessing a plurality of transpose rules relating to transposing the first item to the second computing environment and accessing environment data relating to the first computing environment and the second computing environment. The method and system includes determining a second item for utilization in the second computing environment, a virtual translation of the first item based on the transpose rules and the second computing environment data. The method and system includes transmitting an authorization command to the second computing environment to authorize utilization of the second item in the second computing environment.

Abstract: A multi-lender architecture is configured to provide a loan applicant with automated pre-qualification and automobile loan eligibility evaluation for multiple candidate lenders. Lender output data may include sensitive data. The lender output data is stored in a data object of a first format and one or more fields of the data object are encrypted at the field level. The encrypted data object may be transmitted through multiple application layers or terminals. The encrypted data object may be reformatted at one or more application layers or terminals without decryption. A reformatted encrypted data object containing the lender output data may be decrypted at the last layer before forwarding the lender output data to the loan applicant.

Abstract: A system for transmitting and storing data based on a connection for a vehicle is presented. The system includes a computing device, the computing device configured to receive a vehicle data, communicatively connect the computing device to a second device as a function of a mesh network, authenticate a second device as a function of an authentication module, generate a vehicle collection datum as a function of the vehicle data, communicate the vehicle collection datum to the second device as a function of the mesh network, and store the vehicle collection datum in a recorder database as a function of a lack of identification of the mesh network.

Abstract: In various embodiments, a computer-implemented method for generating and verifying officially verifiable electronic representations may be disclosed.

Abstract: A system for managing multiple-domain access credentials of a user enabled to access a plurality of domains. The system includes a credential management server wherein access credentials of the user are separately present for each of the domains, each of the access credentials including the access level of the user for each of the domains, a service device for interfacing the credential management server and at least a network server in turn including applications and resources related to at least a domain.

Abstract: A method of allowing collaboration on an encrypted document stored in a cloud computing network, the encrypted document associated with a first user having a first user account in the cloud computing network, the method comprising: in response to a request from the first user to share the encrypted document, sending a link to a public network destination to a second user address of a second user; receiving a request via the link from an unconfirmed user to access the data in the encrypted document; requesting of the unconfirmed user to login to a second user account on the cloud computing network; authenticating the identity of the unconfirmed user as the second user; upon authenticating the identity of the unconfirmed user as the second user, decrypting the encrypted document to generate a decrypted document; storing the decrypted document in the first user account; granting the second user access to the decrypted file simultaneously to access granted to the first user; subsequent to the first user or the se

Abstract: A system and method using blockchain for monitoring and tracking service provider involvement in a transaction on behalf of a customer company. In the system and method, session information related to the transactions are encrypted using an encryption key specific to a company on whose behalf the service provider is acting. The encrypted action is signed the with a private key of a public/private key pair. The signed, encrypted action record is placed on the blockchain, which can later be accessed to review the actions on behalf of the specific company.

Abstract: Methods, systems, and apparatus, including a method for updating user consent in a verifiable manner. In some aspects, a method includes receiving, from a client device, a request including an attestation token. The attestation token includes a set of data that includes at least a user identifier that uniquely identifies a user of the client device, a token creation time that indicates a time at which the attestation token was created, user consent data specifying whether one or more entities that receive the attestation token are eligible to use data of the user, an action to be performed in response to the request. The attestation token also includes a digital signature of at least a portion of the set of data, including at least the user identifier and the token creation time. An integrity of the request is verified using the attestation token.

Abstract: A system, method, and computer-readable medium for determining risk associated with anomalous behavior of a user on a computer network including receiving anomalous behavioral data corresponding to anomalous activity of the user on the computer network, determining surprisal values corresponding to one or more behavioral factors based on one or more of: one or more probabilities corresponding to one or more current values or one or more characteristics of the one or more behavioral factors, determining one or more dynamic weights corresponding to the one or more behavioral factors based at least in part on the one or more current values and historically expected values of the one or more behavioral factors for the user, and determining a risk metric corresponding to the anomalous activity of the user based on the surprisal values, the one or more dynamic weights, and static weights assigned to the one or more behavioral factors.

Abstract: The present disclosure is directed to continuous data profiling (CDP). Entities may house large amounts of disorganized and/or duplicative data. To organize and standardize data across a data set, the data may be profiled. However, profiling large data set can be inefficient and give rise to security problems, as profiling datasets typically requires exporting a dataset to a third-party profiling runtime environment. To remedy these issues, the present disclosure is directed to a continuous data profiling platform that comprises a CDP manager communicatively coupled to a client's database. The CDP manager provides access to a CDP API that may install CDP tools on a client's native database environment, enabling the database management system to profile datasets within the client's native database environment, which results in a more efficient use of computing resources and more secure process of profiling datasets.

Abstract: A persistent storage device includes a filesystem having a data exclusion list and a protection system stored thereon. The data exclusions list identifies excluded filesystem folders. A processor is programmed to create a canary file in at least one of the excluded filesystem folders. The processor intercepts input/output (I/O) events, each being directed to a respective target filesystem object. The processor stores system event metadata associated with each of the I/O events. The system event metadata includes a file identifier of the respective target filesystem object. The processor creates a backup copy for each respective target filesystem object. The processor releases the I/O events to be performed on the respective target filesystem objects. In addition, the processor determines, based on at least one file identifier, that one of the respective target filesystem objects is the canary file, and replaces each respective target filesystem object with its respective backup copy.

Abstract: Managing data in a distributed computing environment, such as a cloud computing platform for healthcare. The platform selects a set of hierarchical resources deployed in the distributed computing environment, wherein the set of hierarchical resources comprises a resource member. The platform converts the set of selected hierarchical resources to a localized schema. The platform determines a score for the resource member based on the proximity of the resource member to the healthcare privacy dictionary, wherein the proximity is determined using the localized schema. The platform updates the set of hierarchical resources based on the determined score. The platform controls access to a resource member based on the score determined based on a proximity of a localized schema representation of the resource member to a healthcare privacy dictionary.

Abstract: A dynamic next-stop or next-item recommendation system that is built entirely from raw card transaction data logs. These data logs contain rich transaction data between cardholders and merchants. A query network approach is constructed for geometrical expressivity and automatically learns the inherent class-hierarchy. To ensure scalability and interpretability of the approach, merchants or entities are grouped into interpretable categories and propose a quadtree-based spatial decomposition of the underlying geography. A two-step recommendation process initiates: (1) predict next-merchant quadtree-box and category combination (2) recommend merchants within the predicted combination. This novel neural architecture may handle the hierarchical classification task in the first part of the recommendation system and compare the methods to previous state-of-the-art approaches in related areas.

Abstract: An illustrative computing system for a dynamic user access control management system classifies users and data resources according to their risk and importance by a user management engine with artificial intelligence, machine learning characteristics. The dynamic user access control management system analyzes the log files of data resources to measure system performance characteristics and user access behavior. This system monitors the device and network by which a data access request to a data resource is made. The dynamic user access control management system validates the leave status of a user initiating a data access request. The dynamic user access control management system automatically determines a user access level for a data resource through intelligent analysis of collected information and defers to a user's manager for an access level determination when the determination to grant an access level is outside of the knowledge base of the user management engine.

Abstract: A communication node for delivering secure content in respect of a requested service to a target entity. The communication node has respective interfaces towards: at least one network for communicating with mobile terminals; a service-provider node providing the requested service; and an authorization node for effecting payments. After having completed a set-up phase and in response to a payment, the communication node enables forwarding of secure content, relating to at least one service requested by a user of a first mobile terminal to a target entity associated with the first mobile terminal. The set-up phase involves: identifying the at least one requested service from the first mobile terminal; linking in the service-provider node the at least one requested service to the first mobile terminal; and assigning a reference in the service-provider node to a payment to be made in respect of the at least one requested service.

Abstract: A design method for a vehicle control system includes designing in such a manner that an allowable delay time that is allowed from when operation information is input to an information acquisition unit to when a control signal of an actuator to be operated is output is set in the actuator, and in a case where the allowable delay time is less than a predetermined reference time, an operation-signal generation unit of the actuator is provided in a zone ECU disposed in each predetermined zone of a vehicle and to which the actuator to be operated is connected.

Abstract: The present disclosure relates generally to data access control solutions. In particular, techniques are provided to implement a secure and distributed file storage scheme and in particular, a managed access system using a blockchain. In some aspects, a process of the disclosed technology includes operations for associating a first key share with a first copy of a file, wherein the first copy of the file is stored by a first party, associating a second key share with a second copy of the file, and recording versioning information corresponding with the file on a distributed ledger accessible by the first party and the second party. In some aspects, the process can further include operations for managing access to the file using the first key share and the second key share. Systems and machine-readable media are also provided.

Abstract: At a client computer, a web browser is connected to a local web server. The local web server is coupled with a local utility executing on the client computer that is distinct from the web browser. The web browser sends, to the local web server via a first communications channel, a first open-ended message that does not require a return message. The local web server waits until the local utility determines there is information to be provided to the web browser and sends, via the first communications channel, a first return message responsive to the first open-ended message. The web browser, in response to and upon receiving the first return message responsive, maintains communication with the local web server by sending, using a second communications channel distinct from the first communications channel, a second open-ended message that does not require a return message to the local web server.

Abstract: An information processing apparatus includes a control circuit configured to operate as a setting tool that performs setting of an application installed in a client device by executing a setting tool program. The setting tool includes an application setter and a server synchronizer. The application setter is configured to perform setting of an application in a client device. The server synchronizer is configured to synchronously register the client device on which setting has been performed by the application setter in a server apparatus that manages a client device which is provided with a function of the application with the setting performed on the client device by the application setter as a trigger.

Abstract: Computer-implemented systems and methods for authorization are provided. A system for distributed authorization includes a resource server which stores a protected resource of a resource owner and a service provider client device which provides a service which uses the protected resource. The system also includes a federated privacy exchange system configured to provide an authorization service for allowing the service provider client device to access the protected resource according to permissions data. The federated privacy exchange system includes a privacy-respecting authorization server configured to store a resource definition for the protected resource, and an agent device configured to provide an agent interface for managing credentials and controlling permissions and policies at the authorization server and store protected data including any one or more of account identifier data, authenticator data, resource server relationship data, and permissions data.

Abstract: A storage appliance arranges snapshot data and snapshot metadata into different structures, and arranges the snapshot metadata to facilitate efficient snapshot manipulation, which may be for snapshot management or snapshot restore. The storage appliance receives snapshots according to a forever incremental configuration and arranges snapshot metadata into different types of records. The storage appliance stores these records in key-value stores maintained for each defined data collection (e.g., volume). The storage appliance arranges the snapshot metadata into records for inode information, records for directory information, and records that map source descriptors of data blocks to snapshot file descriptors. The storage appliance uses a locally generated snapshot identifier as a key prefix for the records to conform to a sort constrain of the key-value store, which allows the efficiency of the key-value store to be leveraged.

Abstract: A system allows an end-user to locate and gain access to an access-controlled facility or resource, such as a restroom, phone charging station, or Wi-Fi hot spot. Some implementations of the system monitor the formation and concentration of individuals into crowds that may place a higher demand on facilities and resources located near the crowd. The system may distribute mobile facilities to areas that offer convenient access to potential developing crowds, and when the system determines that there is a disparity between available resources and crowd demand reaches a certain level it may deploy one or more mobile facilities to positions proximate to that crowd. A mobile facility may also be requested on demand by a user or organizer, and some implementations provide cost sharing mechanisms and other user benefits related to requesting and accessing the facility.

Abstract: A computer-implemented method for data segmentation to improve security is described. The method includes receiving a request, from a client device of a user, for authentication information; parsing the request; based on the parsing, determining an authentication score that represents a likelihood that the request is from an authenticated device; determining, from the authentication score, a number of segments into which the requested authentication information is divided; and for each of the segments, assigning one or more portions of the authentication information to that segment, in which each segment is associated with one or more times at which to transmit information assigned to that segment, and at one or more times specified by that segment, transmitting one or more portions of the authentication information assigned to that segment to the client device.

Abstract: An anti-malware computer providing a hardware-centric solution for preventing (or substantially reducing) hacking which cannot be affected by contaminated software. The anti-malware computer is configured with an anti-malware circuit device, Internet regulator devices and an Internet active indicator that facilitate receiving an Internet access request from an Internet regulator device. Responsive to the Internet access request received, establishing an Internet communications link between the anti-malware computer and the Internet and illuminating an Internet active indicator. Monitoring for active Internet activity cessation from the anti-malware computer and if inactive initiating an Internet inactivity timer and counting the total Internet inactivity time. If an Internet inactivity level has been met blocking the Internet communications link between the anti-malware computer and the Internet and deactivating the Internet ready indicator.

Abstract: A USB mass storage device access control method and access control apparatus, a terminal device, and a computer readable storage medium. The access control method includes: in response to detecting that a USB mass storage device is inserted into a macOS, completing matching between an application and the USB mass storage device; controlling the macOS to release an access control permission for the USB mass storage device; and controlling the application to obtain the access control permission for the USB mass storage device. The solution can solve the problem in the prior art that an application cannot be controlled to implement, on a macOS, access control over a USB mass storage device.

Abstract: Systems and methods for facilitating secure unlocking of a computing device based on user-defined rules are provided. According to one embodiment, a request to unlock a client device is received by a security agent running on the client device. Responsive to the request, information regarding a set of operating characteristics of the client device is obtained by the security agent. One or more authentication mechanisms of multiple authentication mechanisms available on the client device are selectively enabled or disabled by the security agent based on the information regarding the set of operating characteristics and a set of user-defined rules.