Abstract: A method for utilizing a security service engine (SSE) to assess security vulnerabilities on a security gateway element (SGE) includes establishing a security configuration for a SGE corresponding to a provisioned security service policy definition and configuring a plurality of SGE security service managers hosted by a SSE on the SGE based on policies included in the security service policy definition. The method further includes executing, by the SSE, each of the plurality of SGE security service managers as a software based service in real time to enforce the policies of the security service policy definition on the SGE and remediating the security configuration of the SGE if one or more of the plurality of SGE security service managers detects a security vulnerability corresponding to the operation of the SGE.

Abstract: Systems and methods for identity authentication based on liveness-verified biometric data that cannot be stolen/spoofed. In various embodiments, the disclosed systems and methods facilitate access to SaaS platforms, transactions, and/or physical assets via identity authentication based on comparison of liveness-verified biometric data (e.g., data that has been verified as derived from the correct actual live individual to avoid bad actors spoofing the data to gain access—in one embodiment, as one factor in a two factor authentication schema) to pre-verified identity data. Liveness-verified biometric data may, in various embodiments, be derived from facial features, fingerprints, voice recognition, DNA, etc. Generally, if the liveness and identity of the requesting individual cannot be verified, then the individual will not be permitted access.

Abstract: A method includes determining, based on login information corresponding to a plurality of login attempts, that a set of password spray criteria have been satisfied. The method also includes generating respective scoring patterns corresponding to one or more password lengths and based on the respective scoring patterns, generating a common digital signature for a set of common passwords. The method further includes generating a spray digital signature for a set of potential spray passwords based on the respective scoring patterns. Additionally, the method includes comparing the spray digital signature with the common digital signatures to determine a number of matching components between the spray digital signatures and the common digital signature. Based on the number of matching components, the method includes determining whether a password spray has been attempted.

Abstract: An approach is provided that receives a login request from a selected user. The approach first authenticates the selected user using a unique user identifier and a password associated with the selected user. In response to a successful first authentication, the approach performs a second authentication of the selected user using a second factor authentication code that was included in the login request. The second authentication includes retrieval of an expected second factor authentication code using an index into a block of codes with the index and the block of codes both being associated with the selected user. The login request is allowed and the index is changed in response to the second factor authentication code matching the expected second factor authentication code. The login request is denied in response to the second factor authentication code failing to match the expected second factor authentication code.

Abstract: A method and system of protecting an artificial intelligence (AI) application are provided. Parameters of the AI application are identified. An assessment of a vulnerability of the AI application is performed, including: applying a combination of protection measures comprising two or more protection measures against at least two different attacks and at least one dataset, and determining whether the combination of protection measures is successful in defending the AI application. A target configuration of an AI model to protect the AI application is determined based on the assessed vulnerability of the AI application. An AI enhanced algorithm is determined to adjust the AI model to include a combination of most computationally efficient defenses based on the target configuration. The adjusted AI model is used to protect the AI application.

Abstract: Sensor-assisted location technology is disclosed. Primary location technologies, such as GPS, can be used to determine the current location (e.g., a location fix) of a location-enabled device. In some instances, the primary location technology may be unreliable and/or consume more power than an alternative location technology. Sensors, such as accelerometers, compasses, gyrometers, and the like, can be used to supplement and/or increase the accuracy of location data. For example, a location-enabled device can identify an area with unreliable GPS location data and use sensors to calculate a more accurate location. Areas identified may be crowd-sourced. Sensors can be used to identify errors in the location data provided by primary location technology. Sensors can be used to modify a sampling interval of the primary location technology. Sensor can be used to smooth motion on a user interface between sampling intervals of the primary location technology.

Abstract: A monitoring device is configured to monitor a monitoring target device. The monitoring device includes a circuit information distribution program configured to distribute circuit information for programming a physically unclonable function (PUF) circuit to the monitoring target device; a transmission processing program configured to transmit a challenge value to the monitoring target device to which circuit information is distributed; a reception processing program configured to receive a response value corresponding to the challenge value of the PUF circuit programmed in the monitoring target device; and an authentication processing program configured to authenticate the monitoring target device based on input and output correspondence information of the PUF circuit programmed in the monitoring target device and the response value which has been received.

Abstract: A system and method for performing a task on a computing device based on access rights are described. In one aspect, an exemplary method comprises, gathering data characterizing a task by intercepting function calls used to perform the task, and sending a request to an operating system of the computing device to temporarily interrupt the called functions until access rights are determined, determining a threat level of the task based on the gathered data and task templates, generating a test based on the threat level and test generating rules and presenting the test to the user, analyzing results of the test and determining access rights of the task based on the results, and performing the task based on the access rights.

Abstract: A cloud-based server and a port monitor on a device provide authentication of a user to access print jobs on the server. An application may print or perform other operations from the cloud-based server to a printing device. The port monitor uploads data for a document to the cloud-based server. Once the data for the document is uploaded, a claim code is generated by the cloud-based server. The port monitor receives the claim code. The port monitor initiates the launch of a browser having a uniform resource locator (URL) address for the server along with the claim code. The user is authenticated using a login page and the claim code associated to the user to allow access to the document on the server.

Abstract: A method for providing a gift includes receiving a gift token creation request representative of a selection of a gift recipient and gift limitations from a first computing device. The method includes generating a tokenized PAN associated with a gift account and transmitting the tokenized PAN and gift limitations to a second computing device. The method includes detecting a transaction authorization request that is representative of an attempted transaction at a merchant POS device based on monitoring of transaction authorization data originating from a plurality of merchant POS devices. The transaction authorization request represents an attempted tokenized PAN, an attempted transaction amount and a merchant code. The method includes determining that the attempted tokenized PAN matches the tokenized PAN associated with the gift account.

Abstract: An architecture to allow the spatial separation of information sources, information processing, and information consumption using objects and tags, including in mobile/multi-access edge computing (MEC) communication environments, is disclosed. In an example, a request for information provided to a network entity (such as a MEC entity) results in the receipt of an object and a tag, as a device operates in an operational area of an information service. The object provides data for the information service, and the tag provides the metadata related to a context of the information service and the object from another entity, for another entity located within the operational area of the location service. The use of this object, including in the form of an application, data, or user object type, allows a transfer and use of data and context for the information service that is independent from the access network.

Abstract: A computing system includes a server. The server is communicatively coupled to a data repository and is configured to store a data in the data repository. The server is further configured to create a server instance, wherein the server instance is associated with a user. The server is additionally configured to create a session based on an external entity requesting a resource from the server instance, and to execute a bot detection logic to determine if the external entity is a bot. If the external entity is a bot then the server is configured to perform a bot-based action, wherein the server is configured to provide for multi-instance support to a plurality of users.

Abstract: Systems and methods for authenticating a user using an interactive voice response application. The method includes receiving data representing a spoken voice utterance corresponding to a user of an interactive voice response application. The method further includes processing the data representing the spoken voice utterance based on a length and a quality of the spoken voice utterance. The method also includes comparing the processed data representing the spoken voice utterance and a voiceprint associated with the user. The method further includes generating a security token in response to determining that the processed data representing the spoken voice utterance substantially matches the voiceprint associated with the user. The method also includes receiving the security token from the interactive voice application and validating the security token corresponding to the user in response to determining that the security token matches a security token generated by a server computing device.

Abstract: The present invention provides a file synchronization and centralization system and a file synchronization and centralization method, which forcibly transmit, to a central server, data corresponding to a synchronization condition, among data being operated or data having been operated, and deletes the transmitted data from a PC, thereby making it impossible to transfer the data (including files and documents) to the outside or completely blocking a route through which the data can be attacked by ransom ware. The file synchronization and centralization system includes a central server and a PC.

Abstract: A method for managing personal data stored in a distributed system, in which the personal data are transmitted from a terminal device to at least one network node; and in which there is furnished to the user, by the distributed system, a user interface by way of which the personal data are to be managed in respective network nodes of the distributed system which manage the personal data; and in which management instructions furnished via the user interface, for managing the personal data within the distributed system, are transmitted via a predefined interface that is configured at least on the respective network nodes of the distributed system which manage the personal data.

Abstract: Embodiments of the present disclosure relate to customizing an electronic survey using social networking information. One or more embodiments of a survey system receive social networking information associated with a respondent from a third-party social networking system in connection with a request to provide a survey to a client device of the respondent. One or more embodiments of the survey system use the social networking information to determine a plurality of survey questions for the electronic survey. Additionally, one or more embodiments of the survey generate a customized electronic survey to include the plurality of survey questions and then provide the customized survey to the respondent's client device.

Abstract: The present disclosure relates to a device authentication method as a procedure designed for authenticity of an apparatus. A connecting apparatus to be authenticated and an authentication box are connected to a trusted network through which authentication information is received by the connecting apparatus. The connecting apparatus is electrically connected to a non-trusted network through which the connecting apparatus and an intermediary server are electrically connected with each other; a virtual hub network is created by the intermediary server and electrically connected to both the authentication box and the connecting apparatus such that the connecting apparatus is authenticated by authentication box based on the authentication information.

Abstract: A method and apparatus include a terminal device receiving a first message from a server that hosts a service available to the terminal device. The first message includes information about at least one attribute relating to a changeability of that at least one attribute having been changed. The terminal device sends a second message to the server in response to the first message that includes information identifying the information about the at least one attribute of the first message. The terminal device receives a third message from the server that includes information indicating a changeability setting for each of the at least one attribute identified in the first message. The terminal device updates how a user interface for the service is to be displayed so the user interface is displayed with attributes relating to the service being indicated as changeable or unchangeable in accordance with the third message.

Abstract: Location-based, context-aware challenge-response authentication may be provided. First, a challenge may be provided to a user. The challenge may be based on a context corresponding to the user. The context corresponding to the user may comprise a location of a device associated with the user within an environment. Next, in response to providing the challenge, a response to the challenge may be received from the user. Then, in response to receiving the response to the challenge, it may be determined that the response is a correct answer to the challenge. In response to determining the response is the correct answer, a privilege may be provided to the user.

Abstract: The present technology provides a system and method for automating on-boarding and management of IoT devices on data network. The disclosed technology further provides an interactive representation of various performance attribute with automatically generated actionable alert based on operator defined rules and performance-specific threshold values. Furthermore, disclosed technology provides for single-click activation of suggested actions at scale directed at once to all device units within one or more device groups reported in critical state. In this way the proposed technology enables rapid restoration of a network state. Offending device(s) may then be easily identified, from device units within the device category isolated in a resolution space, and managed according to one or more device-specific actionable alerts automatically generated on the offending device.

Abstract: A device and method for handling an anomaly in a communication network of a motor vehicle includes at least one detector analyzing a data stream in the communication network, recognizing at least one anomaly using a rule-based anomaly recognition method if at least one parameter for a data packet of the data stream deviates from a target value, and sending information about the at least one recognized anomaly via the communication network.

Abstract: Disclosed is a method of authorizing a user for accessing a server and/or for receiving of an on-line service and the steps of: capturing biometric data of the user using the sensor on a ME; forming from the biometric data a biometric template on the IDS and storing the biometric template on the MED; and via the IDS allowing access to a server by the user providing to the IDS, via the MED, matching biometric data and a biometric template. On the MED, a local check can be made for a match between biometric data of the user that are captured using the sensor on the MED and biometric data read out of the memory.

Abstract: A method for controlling access to preliminarily identified computer resources is disclosed. The access is controlled so as to prevent the circumventing, by malicious applications, of barriers set up to prevent them from communicating when they are executed on one or more processors of an electronic device The method is implemented by an electronic device having access to the resources to be controlled. The method includes: receiving a request, coming from a program, for access to a current resource; obtaining at least one access parameter for access to the current resource within a resource-characterizing data structure; and modulating access to the current resource as a function of the at least one access parameter.

Abstract: Techniques are disclosed for securing data-at-rest at an internet-of-things (IoT) site with an unreliable or intermittent connectivity to the key manager operating at a corporate data center. The IoT site deploys one or more IoT devices/endpoints that generate IoT data according to the requirements of the site. The IoT data generated by these devices is collected/aggregated by one or more gateway devices. The gateways encrypt their data-at-rest gathered from the IoT devices using cryptographic keys. In the absence of a reliable connection to a backend corporate key manager, the design employs LAN key managers deployed locally at the IoT site. The gateways obtain keys from the LAN key managers to encrypt the IoT data before storing it in their local storage. The LAN key managers may periodically download keys from the corporate key manager or generate their own keys and then later synchronize with the corporate key manager.

Abstract: Methods and systems are disclosed for isolation of collaboration software on a host computer system. A networked computer system may include a network, a first host computer system, a border firewall and/or a web proxy. The host computer system may be configured to run a collaboration software application or process that enables interaction with one or more other host computer systems. The collaboration software application or process may be run within an untrusted memory space. The collaboration software application or process may enable interaction between a second host computer system and the untrusted memory space such that the second host computer system may access meeting data within a sandboxed computing environment operating within the untrusted memory space.

Abstract: A flexible hybrid firewall architecture is disclosed. A system implementing such an architecture includes an access control register, a memory having at least a region to which access is controllable by the access control register, the access control register including first field that contains a privilege identifier (ID) and a plurality of additional fields, each additional field containing control bits corresponding to a respective one of a plurality of permission levels, and control circuitry that, in response to receiving a transaction containing a transaction privilege ID, a security indicator, and a privilege indicator, controls access to the region when the transaction privilege ID matches the privilege ID contained in the first field by using the control bits of a field of the additional fields that corresponds to a security level indicated by the security indicator and a privilege level indicated by the privilege indicator of the transaction.

Abstract: In one embodiment, a method comprises determining, by a link layer switch within a distributed link layer switched data network, a trust metric for a media access control (MAC) address used by a network device on a link layer connection provided by the link layer switch; receiving, by the link layer switch, a query originated by a second link layer switch in the distributed link layer switched data network, the query specifying the MAC address and a corresponding specified trust metric; and responding to the query, by the link layer switch, based on determining whether the specified trust metric indicates a higher trust level than the corresponding trust metric for the MAC address used by the network device on the link layer connection.

Abstract: Technologies are described herein for enabling the automated testing of remote control units by providing a suitable test station. The test station includes features that allow it to interact with the remote control units inputs, such as buttons and microphone, and outputs, such as IR and RF remote control codes, status LEDs, and audio output. The test station may be controlled by a controller that executes test scripts or other routines that exercise the functionality of the remote control unit as desired.

Abstract: Systems and methods are provided to implement moving target defense techniques for transportation systems. The moving target defense techniques can randomly change the IP addresses of the nodes associated with both the vehicles and the corresponding control centers. The nodes for the vehicles and the control centers can be “mobile” nodes that use a “care-of” IP address for communications. The care-of address used by the nodes can be updated through a binding update process. During the binding update process, the one node sends the binding update notice (with a new care-of address) to the care-of address of the other node while maintaining its prior care-of address. The node that receives the binding update notice can send a binding acknowledgement back to the node that sent the binding update. Once the binding acknowledgement is received, the prior care-of address can be removed by the node that sent the binding update.

Abstract: A technique includes holding a bus interface of a removable device that is inserted into a connector of a computer system in a state to prevent the device from communicating with a communication link. The communication link is coupled to the connector and is associated with operating system access to the device. The method includes a baseboard management controller communicating with the device using a channel other than the communication link while the bus interface of the device is held in the state; the baseboard management controller performing a security operation corresponding to the device based on the communication with the device using the channel; and the baseboard management controller releasing the bus interface of the device from the state to allow the device to communicate with the communication link in response to the baseboard management controller completing the security operation.

Abstract: Systems and methods of manipulating and transforming data and sharing ideas include a map comprised of one or more diocards. Each diocard represents an individual idea and has the same group of functions including a distinctions function, a systems function, a relationships function, and a perspectives function. The distinctions function enables definition of the individual idea by attributes the individual idea is comprised of and by non-attributes the individual idea is not comprised of. The systems function enables definition of the individual idea as part of a whole or a whole that can be broken into parts. The relationships function enables definition of the individual idea as having a relationship with one or more different ideas and that this relationship may include action and reaction-like properties. The perspectives function enables definition of the individual idea as a point having a view with respect to one or more different ideas.

Abstract: A method of initializing, provisioning, and managing a cable modem and a customer premise equipment device includes sending a customized configuration file to the cable modem. The configuration file contains service provisioning information and further includes information indicative of a network address type for the customer premise equipment device. A message is passed from the cable modem to the customer premise equipment device indicative of the network address type. The customer premise equipment device is provided with a network address in accordance with the network address type indicated in the message. In this way, the customer premise equipment device knows what kind of address to obtain, and excessive transactions are avoided.

Abstract: The present disclosure provides techniques for data transmission. According to one technique, a request from a data sender for sending data to a data receiver is received, wherein the request comprises a content indicating a verification code. Then, a first solution to the verification code based on the request can be obtained. The verification code can be sent to the data receiver. A second solution to the verification code can be received from the data receiver, wherein the second solution is generated by the data receiver. Transmission of the data from the data sender to the data receiver can be enabled in response to the first solution consistent with the second solution.

Abstract: A communication device (UE) conducting wired and/or wireless communications may issue service requests using zero-round-trip-time (zero-RTT) connectivity. The UE may obtain, prior to initiating an application, an address corresponding to a service and a security credential for use in accessing the service. The UE may receive, after initiating the application, an instruction to issue a service request, and generate the service request that may include a service identifier corresponding to the service, the address corresponding to the service, and the security credential for use in accessing the service. The UE may then transmit the service request to an edge server associated with the service. The edge server may route the service according to the service identifier. Multiple data centers/servers may advertise their services to the edge server associated with the service, facilitating fast routing of the service request by the edge server associated with the service.

Abstract: A preboot module of BIOS may be configured to create a partition mapping table for namespace identifiers of sub-partitions of a boot partition, determine a configuration policy for the information handling system, store the configuration policy in a partition of non-volatile memory, launch execution of an embedded operating system kernel, and communicate the partition mapping table to the embedded operating system kernel based on the configuration policy, such that the embedded operating system kernel is enabled to load the configuration policy from the non-volatile memory and load and execute one or more applications based on the partition mapping table and the configuration policy.

Abstract: A trusted component is suggested to be added to off the shelf computing systems such as PCs or smartphone providing secure functions for access management and credential protection—safe authentication, maintaining session integrity and validation of content modification. An additional advantage of the solution that it detects malware/hacking attempts on first try allowing of taking action while oblivious to the malware/hacker to avoid retaliation.

Abstract: Methods and systems are described herein for improvements to authenticate users, particularly authenticating a user based on data known to the user. For example, methods and systems allow for users to be securely authenticated based on data known to the users over remote communication networks without storing the data known to the users. Specifically, methods and systems authenticate users by requiring users to select images that are known to the users. For example, the methods and systems may generate synthetic images based on the user's own images and require the user to select the synthetic image, from a set of a set of images, that is known to the user to authenticate the user. Moreover, the methods and systems alleviate storage and privacy concerns by not storing the data known to the users.

Abstract: A method for authenticating a user includes connecting to a server from a user device, loading from the server to the user device data including executable data, detecting by the user device, while executing the executable data, whether an identifier relating to a short range communication device exists in a vicinity of the user device, sending from the user device to the server a user identifier accompanied with the detected short range communication device identifier, verifying by the server for the identified user whether a detected short range communication device identifier matches a predetermined part of a reference short range communication device identifier. Access is granted from the server only if the detected short range communication device identifier matches the predetermined part of the reference short range communication device identifier.

Abstract: Methods, systems, devices, and tangible non-transitory computer readable media for checking computing device inactivity are provided. The disclosed technology can access, based on a device policy, organizational data associated with activity of a user's computing device. Based on the device policy and the organizational data, a valid inactivity time period including continuous organization approved time periods of valid inactivity beginning at a most recent time the computing device was active and ending a predetermined amount of time after the most recent time can be determined. Based on the device policy and the organizational data, a determination of whether inactivity criteria associated with inactivity of the computing device are satisfied is made. Satisfying the inactivity criteria can include the computing device being inactive after the valid inactivity time period. Furthermore, indications associated with the computing device's inactivity can be generated if the inactivity criteria are satisfied.

Abstract: Disclosed embodiments relate to iteratively developing least-privilege profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity; evaluating each permission within the set of permission vectors, the evaluation being based on at least: whether each permission within the set of permission vectors provides sufficient authorization privileges for the network entity to perform an action, and a number of permissions in the set of permission vectors; selecting a group of the set of permission vectors; creating a new set of permission vectors for the network entity; iterating the evaluation for the new set of permission vectors; determining, following at least one instance of the iteration, whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.

Abstract: A method of facilitating zero sign-on access to media services depending on trust credentials. The trust credentials may be cookies, certificates, and other data sets operable to be stored on a device used to access the media services such that information included therein may be used to control the zero sign-on capabilities of the user device.

Abstract: An exemplary geolocation authentication system receives user input representative of customized authentication settings that designate a location corroboration factor from a plurality of location corroboration factors that correspond to independent ways of determining geolocations of mobile devices. The system receives, from a mobile device located at a true geolocation, a reported geolocation of the mobile device. Then, in response to the receiving of the reported geolocation, the system accesses a datapoint that characterizes a correlation between the reported geolocation of the mobile device and the true geolocation of the mobile device. The datapoint characterizes the correlation based on the location corroboration factor designated by the customized authentication settings. The system further determines, based on the datapoint, a custom confidence metric representative of a likelihood that the reported geolocation is the true geolocation. Corresponding methods and systems are also disclosed.

Abstract: Systems, methods, and instrumentalities are disclosed for providing configurable and customizable internet isolation and security schemes for a mobile device. A mobile device (e.g., a cell phone, smart phone, tablet, Internet of Things (IoT) device, etc.) may include a processor and a memory. The mobile device may be configured to implement a workspace and an isolated computing environment. The workspace may enable operation of a set of applications (e.g., trusted applications) via a memory space (e.g., a trusted memory space). The isolated computing environment may enable operation of a set of one or more applications (e.g., untrusted applications) via a memory space (e.g., an untrusted memory space). The untrusted applications may include, for example, one or more of an Internet browser, an email application, a document editing application, or a social media application. The untrusted applications may communicate with one or more untrusted network destinations via a network.

Abstract: A method and system for authenticating a first device is disclosed. The method includes the steps of: measuring a first response bit string of a physical unclonable function of the first device with respect to a challenge bit string, the physical unclonable function being provided by one of the processor of the first device and a further physical component of the first device; deriving a shared secret bit string from a uniformly distributed random vector; encoding a helper bit string by multiplying a uniformly distributed random matrix with the uniformly distributed random vector and adding the first response bit string to a result of the multiplication; and transmitting the helper bit string to a second device that is remote from the first device.

Abstract: A method for execution by a computing device includes determining a set of actor parties required to authorize a change of protection status of a stored resource from a protected status to an unprotected status. A minimum quorum is determined for each of the set of actor parties. A plurality of authorizations to change the protection status of the resource to the unprotected status are received from a plurality of requestors via the network. A plurality of subsets of the plurality of requestors corresponding to the set of actor parties are identified. The protection status of the resource is set to the unprotected status in response to determining, for every one of the set of actor parties, that a number of requestors in a corresponding one of the plurality of subsets is greater than or equal to the minimum quorum for the one of the set of actor parties.

Abstract: A method for execution by a computing device includes determining a set of actor parties required to authorize a change of protection status of a stored resource from a protected status to an unprotected status. A minimum quorum is determined for each of the set of actor parties. A plurality of authorizations to change the protection status of the resource to the unprotected status are received from a plurality of requestors via the network. A plurality of subsets of the plurality of requestors corresponding to the set of actor parties are identified. The protection status of the resource is set to the unprotected status in response to determining, for every one of the set of actor parties, that a number of requestors in a corresponding one of the plurality of subsets is greater than or equal to the minimum quorum for the one of the set of actor parties.

Abstract: Users of organizations use many different third-party applications. The organizations use the services of a server to manage and interact with the third-party applications. In particular, the server provides a user lifecycle API that defines a set of user lifecycle events corresponding to changes of the users with respect to their organizations and/or the third-party applications that they use within the organizations. The server further has access to lifecycle code modules corresponding to the different third-party applications and defining how those third-party applications will respond to the user lifecycle events. When a user lifecycle event occurs for a particular user of a particular organization, the server determines the third-party applications to which the organization has given the user access uses the appropriate functionality of the lifecycle code modules of the corresponding third-party applications to implement the appropriate user changes for those applications.

Abstract: According to various aspects, systems and methods are provided for improving a computer system's resistance to tampering. A PUF may be one component of a system. Other components of the system may not have the same level of protection against tampering as the PUF. According to one aspect, tamper protection provided by the PUF may be extended to one or more other components of the system, thus creating a network of tamper-resistant components. The system may include a tamper detection circuit that receives signals from the component(s). The tamper detection circuit generates an output signal based on the received signals that indicates whether any of the components has been tampered with. The PUF may be configured to use the output signal to generate secret information. If the output signal indicates that one of the components has been tampered with, the PUF may prevent generation of the correct secret information.

Abstract: Techniques for providing status information of a defined location are described. Data indicative of signal strength associated with radio frequency (RF) signals received by one or more devices communicating via a wireless communications protocol is accessed. A baseline signal strength profile based on the data is determined. The data indicative of signal strength associated with RF signals received by the one or more devices is monitored. Based on a comparison of the monitored data to the baseline signal strength profile, a presence of at least one person in a vicinity of the one or more devices is determined. At least one action based on the determined presence is initiated.

Abstract: Aspects of the disclosure relate to controlling access to secure information resources using rotational datasets and dynamically configurable data containers. A computing platform may receive, from a requesting system, a data access request. After authenticating the requesting system, the computing platform may load, using a first data container, first source data from a data track. The computing platform may send the first source data to a second data container. Then, the computing platform may load, using the second data container, second source data from the data track and may produce a first combined dataset. The computing platform may send the first combined dataset to a third data container. Subsequently, the computing platform may load, using the third data container, third source data from the data track and may produce a second combined dataset. Thereafter, the computing platform may send, to the requesting system, the second combined dataset.