Abstract: The present invention relates to a method and system for monitoring webpages for detecting malicious contents. According to a preferred embodiment the method comprises A) providing a plurality of URLs provided by a subscriber, employing a crawler to visit a URL webpage of said plurality of URLs; B) retrieving an object from said URL webpage by said crawler; C) analyzing said object retrieved by said crawler from said URL webpage, and determining whether said object retrieved is malicious or not; and D) alerting the subscriber, when said retrieved object is deemed malicious. According to one embodiment, the method further comprises E) employing a crawler to visit a URL webpage of a following URL of the plurality of URLs, when the determination of step C) is deemed not malicious; and F) returning to step B).

Abstract: A method at a first domain for obtaining at least one insight from a second domain, the method including registering an application with an anchor in the first domain; providing, from the anchor to the application, a first message signed by the anchor; sending, from the first domain to a network domain, the signed message; receiving, from the network domain, at least one signed token, each of the at least one signed token being for a synthetic sensor on the second domain, where the synthetic sensor provides an insight; sending a request message to the second domain, the request message requesting the insight and including the at least one token; and receiving the insight from a synthetic sensor associated with the at least one token.

Abstract: The disclosed technology addresses the need in the art for a service that can ingest a social network export and restore the integrity of threads within the social network export. The present technology can unite images in the social network export with the caption from the initial post, and with any comments within the thread. Likewise, images in the social network export can be enhanced to include metadata that reflects when the image was posted and any other contextual information that the social network provides in export file.

Abstract: Systems and methods for artificial intelligence systems for identity management systems are disclosed. Embodiments may perform outlier detection and risk assessment based on identity management data, including one or more property graphs or peer groups determined from those property graphs, to determine identity management artifacts with ‘abnormal’ patterns when compared to other related identity management artifacts.

Abstract: A method and system are provided to integrate IoTs and related components, users and applications into an ecosystem, and then on a per-component basis to provide real-time security solutions. Ecosystem security provides isolation, communications and security for technologies that fulfill a specific function or set of functions and their related and supporting platform elements.

Abstract: The present disclosure relates to a chip booting control method, a chip, a display panel, and an electronic apparatus. The method is applied to a control circuit of a chip, and the chip further includes a buffer. The method includes: reading first booting information from the buffer in response to a chip triggering non-power-down reset, the first booting information being used to boot the chip; determining whether the first booting information satisfies a first preset condition; and booting the chip according to the first booting information in response to the first booting information satisfying the first preset condition.

Abstract: Arrangements for dynamic enterprise center access control are provided. In some examples, a user device may be detected and current location and/or user data associated with the detected device may be requested. Upon receiving the location data, a current geographic location of the user device may be determined and an enterprise center at or near the geographic location may be identified. Received user data may be analyzed to identify a user and retrieve access preferences associated with the user. Based on the access preferences, a command to lock or unlock a door (e.g., permit or disable access) to an area within the enterprise center, the enterprise center in general, or the like, may be generated and transmitted to a computing device for execution. Accordingly, the system may activate desired locking configurations based on user preferences. Upon detecting that the user is no longer at the enterprise center, a command to return to default settings may be generated, transmitted and executed.

Abstract: Method of mutual authentication of a controllable electronic device (DE) and of its user (USER) able to control it so that it procures him a service (DS), the device (DE) containing sensitive or confidential data (DA) and being arranged so as to—in an operational phase (OP) including a preliminary step of authentication of the user (UAP)—, execute an operation (SO) so as to procure the service (DS), including, furthermore, a prior phase of authentication of the device (SDAP), in which the authenticity of the device (DE) is verified, so that if on completion of the prior phase of authentication of the device (SDAP), the device (DE) is confirmed to be authentic, the user (USER) can execute the operational phase (OP), whilst if the device (DE) is not confirmed to be authentic, the user (USER) can prevent the execution of the operational phase (OP).

Abstract: Apparatus, systems, and methods are disclosed that operate to receiving an authentication request at a server associated with an authenticating entity from a requesting party responsive to a request being provided to the requesting party by a client terminal associated with an unauthenticated individual purporting to be an individual account owner previously authenticated with the authenticating entity. A token, from the client terminal associated with the unauthenticated individual is received, and the token includes information associated with the unauthenticated individual and a user permission authorizing the authenticating entity to share a selected portion of the information with a plurality of selected requesting parties. The server associated with the authenticating entity authenticates the unauthenticated individual as the individual account owner based on, inter alia, matching the token to a pre-registered identity uniquely associated with the individual account owner.

Abstract: An example network manager receives, from a conductor switch of a switch stack, an active configuration. The network manager determines, based on the active configuration, switch model types for a plurality of switches of the switch stack. The network manager determines, based on the switch model types and the active configuration, a number of ports of the plurality of switches of the switch stack and a current configuration of each port of each switch of the switch stack. The network manager updates a device configuration element of a network management user interface to display the current configuration of each port of each switch of the switch stack in a manner that indicates that the switch stack is a single logical switch.

Abstract: Aspects described herein may relate to techniques for detecting login activity to a financial account during a knowledge-based authentication process. The login activity may be related to access to an online interface for the financial account. The detection of login activity during the authentication process my indicate that the integrity of the authentication process is compromised as login access may provide an individual with transaction data that may be used to answer transaction-based authentication questions. As a result of detecting login activity, an alternative authentication process may be initiated or an authentication request related to the financial account may be denied.

Abstract: Systems and methods for enforcing media access control (MAC) learning limits (MLLs) on multi-homed access ports comprise configuring MLL violation actions to be performed by a virtual extensible local area network (VxLAN) tunnel endpoint (VTEP). The VTEP is multi-homed to VTEPs and comprises an Ethernet segment (ES) access port. A BGP EVPN or similar protocol may be used to communicate MLL information across VTEPs participating in the multi-homed ES to keep MACs and MLL violation actions consistent. The violation actions may comprise initiating a shutdown message to shut down an ES. Once an MLL violation associated with a MAC that has been received at the VTEP is detected, the VTEP may enforce the MLL by performing one or more of the configured MLL violation actions and propagate the same to other VTEPs.

Abstract: Techniques are described herein for performing authentication, and also “eager” or “lazy” fetch of data, for restricted webpages based on the restricted webpages being associated with an authentication tier in an AASD registry. Inclusion of a restricted webpage in the AASD registry enables AASD-based authentication for the webpage. According to embodiments, information for a restricted webpage included in the AASD registry includes one or more of the following for the webpage: an identifier, an authentication level, allowed fields, eager fetch fields, one or more sources for one or more fields, etc. When information for a webpage is included in the AASD registry, that information is used to perform eager fetch for one or more fields of the webpage that are not associated with authentication requirements indicated in the AASD registry information, or whose authentication requirements are already fulfilled by the requesting client.

Abstract: Aspects of the disclosure relate to computing hardware and software for uniform security access. A computing platform may receive, from a 5G device, a request to access a collaborative experience service. The computing platform may identify whether the 5G device is authenticated. Based on identifying that the 5G device is authenticated, the computing platform may grant the 5G device access to an API that may be used to access the collaborative experience service. The computing platform may identify that attributes of the 5G device comply with a stored security policy, and grant access to the collaborative experience service in response. The computing platform may receive user interaction information from the 5G device, and may input the user interaction information into an anomaly detection model. Based on identifying that the interactions do not comprise an anomaly for the user, the computing platform may maintain the access to the collaborative experience service.

Abstract: A method for granting guest access to a control device includes detecting, by a monitoring control unit, a new connection of a guest device to a network, transmitting, by the monitoring control unit and to an authorized device, a request to grant access to the guest device to control a monitoring system, in response to the request, receiving, by the monitoring control unit, approval to grant access to the guest device to control the monitoring system, and in response to the approval, transmitting, by the monitoring control unit and to the guest device, (i) data that allows the guest device to access a web service and (ii) a temporary authentication token.

Abstract: A server system receives a group operation request transmitted by a client. The group operation request is generated by the client in response to a trigger operation of a target group chat function, and includes a target identity and a target group chat function identifier. The server system determines a target group chat function use permission corresponding to the target identity. In accordance with a determination, based on the target group chat function use permission and the target group chat function identifier, that a user corresponding to the target identity has a permission to use the target group chat function, the server system transmits group operation result information to the client.

Abstract: A system for authorizing secured access using cryptographic hash value validations is provided. In particular, the system may receive requests from users and/or computing systems to obtain secured access a particular resource or to execute a certain process. In response, the system may require that the user and/or computing system complete additional required steps (e.g., a computation) before being granted access to the resources or processes. In this way, the system may prevent unauthorized or unintended access to the system's resources or processes.

Abstract: Systems, apparatuses, and methods are described for preauthorizing a batch of access rights licenses, e.g., Digital Rights Management (DRM) licenses, and storing them at a location. The preauthorization may be based on predicting a batch of content items to be viewed. The location may be a content server or a user device. After receiving a request from the user device to play back a content item of the batch of predicted content items, the DRM license may be provided from the storage location instead of performing an authorization operation to obtain one from a DRM server. Providing the DRM license from the storage location may take less time than performing the authorization operation to obtain the DRM license from the DRM server.

Abstract: Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.

Abstract: The present disclosure is directed to systems and methods for securely managing and administering an encryption/decryption key using distributed ledger technology (DLT). In some examples, a client may possess a data attribute (or a dataset of data attributes). The client may receive tokenization parameters to apply to the data attribute to encrypt the data attribute. After tokenizing the data attribute, the client may then request the creation of an encryption key to be applied to the token. A third-party key management system (KMS) may create an encryption key and a salt. The salt may be applied to the token, and the salted token may then be encrypted. Additionally, a decryption key may be created and stored securely at the third-party KMS. The client may transmit the encrypted token to a third-party consolidation platform, wherein the consolidation platform requests access to the decryption key to unveil the underlying token.

Abstract: Embodiments disclosed are directed to a computing system that performs steps to perform enhanced device fingerprinting using user contacts data. The computing system receives, from an application, a first plurality of device attributes identifying a client device on which the application is being used. The first plurality of device attributes includes first device identification data and first user contacts data. Subsequently, when a user is attempting to perform a transaction using the application on the client device, the computing system receives, from the application, a second plurality of device attributes identifying the client device on which the application is being used. The second plurality of device attributes includes second device identification data and second user contacts data. The computing system compares the second plurality of device attributes to the first plurality of device attributes to determine whether the user is authorized to perform the transaction.

Abstract: A key management method and a related device are provided. The method includes: receiving key generation request information; generating attribute access policy information on the basis of the key generation request information, the attribute access policy information being an attribute set for encrypting a data key; encrypting the data key on the basis of the attribute set for encrypting the data key; receiving key acquisition request information; on the basis of the attribute set for encrypting the data key, verifying whether attribute information of the key acquisition request information is included in the attribute set for encrypting the data key; and in response to the attribute information of the key acquisition request information being included in the attribute set for encrypting the data key, acquiring a destination data key on the basis of the attribute information of the key acquisition request information.

Abstract: A first user device may receive, from a second user device, a request to communicatively couple to the first user device, and may establish a communication session with the second user device after receiving the request. The first user device may identify, after establishing the communication session, an inappropriate activity of the second user device relating to the communication session, and perform a set of actions based on identifying the inappropriate activity. The set of actions may include causing the communication session to be restricted, and providing, to a trust platform, a score for the second user device. The score may permit the trust platform to derive a composite score, indicative of a level of trustworthiness of the second user device, that enables other user devices, associated with the trust platform, to determine whether to grant access requests submitted by the second user device.

Abstract: After a host client establishes a multimedia stream with a guest client, host data is received from a host application. A state machine is updated using the host data. The host application executes on the host client. Guest data is received from a guest application. The state machine is updated using the guest data. The guest application executes on the guest client. Transaction data is propagated between the host application and the guest application. The transaction data is presented with the multimedia stream. The transaction data includes the host data and the guest data. Provider data is generated responsive to updating the state machine with the host data and the guest data. The provider data is sent to the guest client. The provider data is presented with the multimedia stream by the guest application on the guest client.

Abstract: A device configured to receive an access request for a website from an augmented reality device. The device is further configured to determine a user associated with the augmented reality device is authorized to access the website based on user credentials and to identify a user profile for the user associated with the user credentials. The device is further configured to identify information for flagged web pages that are associated with the website within the user profile and to generate a virtual environment with virtual objects that represent the flagged web pages. The device is further configured to provide access to the virtual environment for the augmented reality device.

Abstract: Embodiments are provided for a dropsite. In some embodiments, information is received on a creation location and a date and time of creation of a content item, and a determination is made if (i) the date and time of creation is within a predefined span of time, and (ii) the creation location is within a predefined geographical area to permit association of the content item with a shared folder whose inclusion criteria match said date and time and geographic location.

Abstract: In some examples, a computing device may implement a method that includes receiving microservice profile information at a microservice profiler, performing lexical analysis of the microservice profile information (where the lexical analysis produces tokenized information), generating microservice modification information by performing machine learning analysis of one or more inputs (where the one or more inputs comprise the tokenized information), and outputting the microservice modification information from the microservice profiler. The microservice profile information describes one or more characteristics of a microservice. The lexical analysis is performed by a lexical analysis engine of the microservice profiler, and the machine learning analysis is performed by a machine learning system of the microservice profiler.

Abstract: Disclosed herein are system, method, and computer program product embodiments for categorizing customer complaints on social media using a model trained on customer voice calls or chats with agents. Additionally, users interested in monitoring regulatory compliance issues based on customer complaints can receive notifications regarding complaints that are linked to regulatory topic areas, without the need to manually scan vast numbers of social media postings.

Abstract: A system and method for connecting a processing device to a functional device connected to or in a base unit of a communications network, the base unit having a transmitter and the processing device having a memory, a display and an operating system. A first peripheral device is adapted to be coupled to the processing device via a generic communications protocol, the first peripheral device having a receiver and at least one fixed or configurable endpoint of the functional device exposed on the first peripheral device. The base unit and the first peripheral device is adapted to transmit and receive data respectively over the communications network from the functional device to the processing device via the at least one fixed or configurable endpoint using the generic communications protocol for communication between the processing device and the first peripheral device.

Abstract: Embodiments of the invention are directed to an automated account restoration system. In some embodiments, the system determines a state of an account based on a likelihood that the account has been compromised. If the account is determined to be in a low-risk state, then upon an successful login to that account, a verification cookie may be generated which is unique to a user device used to access the account. If the account is determined to be in a high-risk state, then system may prevent access to the account except by user devices that include a valid verification cookie.

Abstract: A method of coordinating engagement with a laundry appliance may include receiving one or more table conditions from an owner account for a notification table. The method may also include receiving a communication request from a remote user device of a guest user and recording a guest account to the notification table based on the received communication request. The method may still further include receiving a status signal from the laundry appliance and transmitting a notice signal to the guest account based on the status signal and the one or more table conditions.

Abstract: A dual-mode mobile device and a method for coordinating calls for the dual-mode mobile device over a first and second connection within a controlled environment is disclosed. The method includes communications between a monitoring server and the dual-mode mobile device over the first connection while the dual-mode mobile device conducts the call over the second connection. The monitoring server transmits control messages to the dual-mode mobile device to control operations of the dual-mode mobile device and establishment of the call and also monitors operations of the dual-mode mobile device as well as the communications transmitted and received by the dual-mode mobile device during the call.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable passive scanning of a network. Through the disclosed techniques, methods and/or apparatuses, endpoint passive scanners are deployed at endpoints of the network to provide more comprehensive view of assets and asset information of the network. Also, this can enable better correlation of network data to location, and also enable improved vulnerability analysis for endpoint products.

Abstract: The present disclosure provides methods and devices for key management. In one example, a method of key management comprises: obtaining, at a user device, a number of users in a group of users and a minimum number of users for restoring a transaction key; randomly generating the transaction key; splitting the transaction key into a plurality of sub-keys, the number of sub-keys being the same as the number of users; and sending the plurality of sub-keys to a management device, each of the plurality of sub-keys being encrypted with a public key of a user corresponding to a sub-key.

Abstract: There are provided systems and methods for a computational platform using machine learning for integration data sharing platforms. A user may engage in a transaction with another user, such as a purchase of goods, services, or other items from a merchant. A service provider may provide a data feed to the user via integrated computational platforms that allows the user to post data including information regarding the processed transaction. The post may include a share code that links back to the user and their corresponding transaction. Thereafter, the post may be viewed by other users and the share code may be used by the other users in order to perform similar transaction processing, where these later transactions are linked back to the original user. Tracking of these later transactions may be done through application extensions that allow the computational platforms to track user data over different online interactions.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to provide authenticated and authorized communication, node protection, and prevention of a compromised node from contaminating other nodes.

Abstract: Various embodiments relate to a method performed by a first wireless device for announcing operating capabilities to a second wireless device, wherein the first wireless device and second wireless device support a first protocol and a second protocol, including: announcing by the first device original capabilities to the second device; receiving an announcement of capabilities from the second device; receiving frames from the second device in PHY Protocol Data Units (PPDUs) following the first protocol and the second protocol; announcing by the first device a change in its capabilities to the second device; and receiving frames from the second device in PPDUs transmitted using the changed capabilities following the first protocol and the second protocol, wherein the change in the capabilities includes a change in a one of a puncture parameter, bandwidth parameter, mode and coding scheme (MCS) parameter, and a number of simultaneous streams (Nss) parameter.

Abstract: An instruction output device facilitates coping with risks on security by including a first acquisition unit for acquiring, in response to input of risk information indicating contents of a risk related to security of an information processing terminal, one or more instructions corresponding to the risk information; a second acquisition unit for acquiring, for each of the instructions acquired by the first acquisition unit, a message indicating contents of the instruction corresponding to a security-related skill level of a user of the information processing terminal; and an output unit for outputting the message acquired by the second acquisition unit to the user.

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

Abstract: A data analytics system to authenticate and authorize access to multiple sources of data for access to the multiple data sources for one or more requesting devices. The system may duplicate and/or access rule sets included in the metadata of the corresponding data source and read identifiers of authorized users maintained by each of the multiple data sources. The access rule sets and authenticated identifiers may be synchronized or otherwise correlated to requesting device identifiers maintained by the data analytics system such that, as requests to access data obtained from one or more of the multiple data sources are received, the system may control access to or otherwise manage the requesting devices interactions with the data from the multiple data systems, reducing the authorization and authentication actions needed to be taken or executed by the requesting devices and the data sources.

Abstract: A computer system controls access to network devices. One or more user interface elements associated with one or more network devices that are within a view of a user are displayed to the user via an augmented reality display. Input from the user is received comprising instructions to execute a command at a network device of the one or more network devices. The user is determined, according to a security policy, to be authorized to execute the command at the network device. In response to determining that the user is authorized to execute the command, the command is executed at the network device. Embodiments of the present invention further include a method and program product for controlling access to network devices in substantially the same manner described above.

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier.

Abstract: A consent system enables a consumer to save consent choices so that the publisher can retrieve the consumer consent choices when the consumer visits the publisher site, without requiring the consumer to make additional selections corresponding to consent choices. The consumer can save consent choices as a consent system first party cookie or in an account at the consent system. The consumer can save consent choices when visiting a publisher site or by accessing the consent system. The publisher can retrieve the consumer consent choices from the consent system first party cookie or from the account at the consent system. Multiple publishers can retrieve the consumer consent choices saved in an account with the consent system, enabling “cross-platform consent.

Abstract: A wireless key device including a wireless transceiver and antenna configured to communicate with an access terminal, and a processor configured to execute instructions to implement a method of managing digital credentials for a wireless key device. The method includes authenticating the key device with a server, retrieving a plurality of digital credentials from a server, the plurality of digital credentials associated with a plurality of access terminals within a selected geographic proximity to the key device, polling an access terminal of the plurality of access terminals via the wireless transceiver and antenna for an access terminal identification which uniquely identifies the access terminal, identifying a digital credential of the plurality of digital credentials associated with the access terminal based on the access terminal identification, and transmitting the selected digital credential to the access terminal.

Abstract: A method by a security analysis server to generate a traffic monitoring rule. The method includes receiving, from a database agent because of a current configuration of the database agent, counts of an amount of traffic sent over a first set of one or more of the database connections being monitored by the database agent and generating a traffic monitoring rule that indicates database connections for which the database agent is to send counts of an amount of traffic, rather than all the traffic, sent over those database connections to the security analysis server because those database connections have been determined by the security analysis server to be of an application database connection type based on an analysis by the security analysis server of the counts. The method further includes applying the traffic monitoring rule by sending instructions to the database agent to alter the current configuration.

Abstract: Systems and methods are described for pre-authentication access request screening. A server computer may receive a request for access to a resource comprising access data. The server computer may transmit, to an authentication computer, an authentication request message comprising at least a subset of the access data and receive an authentication response message comprising authentication data. The server computer may determine an access score based on the authentication data. Alternatively, the server computer may determine the access score based on the access data without using/receiving authorization data. The server computer may generate an access indicator based on the access score. The server computer may prepare and transmit an authorization request message comprising the access indicator to an authorization computer. The authorization computer may approve or decline the access to the resource based on the access indicator.

Abstract: Various approaches for securing networks against access from off network devices. In some cases, embodiments discussed relate to systems and methods for identifying potential threats included in a remote network by a network access device prior to requesting access to a known secure network via the remote network.

Abstract: Provided is a device unit, including a module, which can configure the device unit with an operating state from among different operating states during the start-up process and/or during ongoing operation of the device unit, wherein a first protected operating state of the different operating states is designed to allow the execution of at least one operating process which can be predefined and to optionally protect the operating process by means of defined cryptographic means, wherein at least one second operating state of the different operating states is designed to deactivate the first protected operating state and to allow at least one other changeable operating process and to optionally protect the operating process by means of specifiable cryptographic means.

Abstract: Systems and methods of improving AI governance are disclosed. One or more sub-contexts associated with a plurality of users are generated from one or more data sources. The one or more sub-contexts represent one or more changes in data that are relevant to assessing one or more risks associated with the plurality of users. One or more sub-contexts are provided as training data to a plurality of models. Each of the models is associated with a confidence score. A probabilistic assessment of the one or more risks associated with the plurality of users is generated based on an application of the plurality of models to additional data pertaining to the plurality of users received in real time. The probabilistic assessment is presented in a dashboard user interface, the dashboard user interface having user interface elements configured to provide insight into how the probabilistic assessment was generated.

Abstract: A method, apparatus, and server for generating a user score based on social networking information is provided. In the disclosed method, by processing circuitry of an information processing apparatus, default annotation information of a plurality of sampled users, an ith user score and an ith relative user score for each of the sampled users are obtained. A user score model is trained according to the ith user score of the respective sampled user, the ith relative user score of the respective sampled user, and the default annotation information of the respective sampled user. An (i+1)th user score of the respective sampled user is subsequently calculated and a trained user score model, for each of the sampled users, is obtained when the (i+1)th user score for the respective sampled user satisfies a training termination condition, The method provides a solution to evaluate the user score for a use when personal information of the user is missing or incorrect.