A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment. A method, system and apparatus include/are configured for maintaining a secure vault, accessing building block modules and implementing an orchestrator. The vault stores code. The building block modules are formed using the code stored in the secure vault. The orchestrator controls access to the building block modules.

In one example, a home network associated with a user equipment obtains an authentication request to authenticate the user equipment to a serving network. The home network generates an authentication vector of a mobile security protocol. The authentication vector includes an indication that the user equipment is to be authenticated using a multi-factor authentication process. The home network provides the authentication vector to the serving network to prompt a response from the user equipment that is in accordance with the multi-factor authentication process. The home network authenticates the user equipment to the serving network based on the response.

The instant disclosure is directed to an attack/unwanted activity detecting firewall for use in protecting authentication-based network resources. The instant system is adapted for installation inline or in sniffer mode. In various embodiments, defined rules are applied to network traffic to determine whether certain types of attacks are occurring on the network resources. If one such attack is detected, the system provides for several potential responses, including for example disconnecting the attacking remote machine, requiring the user at that machine to re-authenticate, and/or requiring a second factor of authentication from the user at that machine. In some example embodiments, regardless of any activity required of a user at the remote machine suspected of malicious behavior, the disclosed system generates an alarm or other alert for presentation as appropriate, such as via a graphical user interface or a third-party system using an API.

The systems and methods described herein can include a digital assistant application that receives sensor signals from sensors installed in a vehicle and determines an entry event into the vehicle. The digital assistant application can receive, responsive to the entry event into the vehicle, a plurality authentication input signals from a plurality of sensors associated with the vehicle. The digital assistant application can determine a plurality of authentication states based on the plurality of authentication input signals and a plurality of authentication credentials. The digital assistant application can identify an access permission level of a plurality of access permission levels based at least in part on the plurality of identifies authentication states. The digital assistant application can identify, responsive to the access permission level, a subset of a set of functionalities available via the vehicle, and provide vehicular access to the subset of functionalities.

Systems and methods for securing digital content using hidden folders are disclosed. In one embodiment, a method comprises displaying an application, the application including a user interface for displaying digital content items and receiving input events; monitoring keystrokes entered by a user of the client device while the application is displayed; generating a candidate passcode based on the keystrokes; determining that the candidate passcode is a valid passcode has been entered when the candidate passcode is equal to a known passcode; transmitting a request for one or more hidden items from a server device, the request including the valid passcode; receiving the one or more hidden items; and updating the user interface to display the one or more hidden items.

Embodiments disclosed herein generally related to a system and method for assessing a fraud risk. In one embodiment, a method for assessing a fraud risk is disclosed herein. A web browser extension executing on the computing device identifies an account associated with the computing device. The web browser extension detects that the computing device navigated to a web page hosted by a third party server. The web browser extension determines that the third party server prompted the computing device to opt into two-factor authentication functionality. The web browser extension determines that the computing device did not opt into the two-factor authentication functionality. The web browser extension prompts, via an application programming interface (API), an organization computing system to update a fraud metric associated with the account.

When a system tries to access a network (e.g., another system, an application, data, or the like) at least two-factor authentication may be used to validate the system. At least one authentication factor may include utilizing authentication credentials of the entity or system accessing the network. At least a second authentication factor may include using an environment hash of the system, which is a representation of the configuration (e.g., hardware, software, or the like) on the system trying to access the network. The environment hash may be compared to hash requirements (e.g., authorized environment hashes, unauthorized environment hashes, or the like) to aid in the validation. The system may only access the network when both the authentication credentials and the environment hashes meet requirements.

Techniques are provided for access control of protected data using storage system-based multi-factor authentication. One method comprises obtaining, in a storage system, an input/output request for data; determining, by the storage system, whether a multi-factor authentication is required for the requested data; initiating, by the storage system, a multi-factor authentication of a user associated with the input/output request, in response to a result of the determining, to obtain a verification result; and processing, in the storage system, the input/output request for the data based at least in part on the verification result. The data may be marked as protected data using a manual process and/or an automated process that processes one or more smart tags associated with the data. The marking of the data as protected data may comprise marking a partition comprising the data, marking a protected folder comprising the data, and/or marking a protected file comprising the data.

Embodiments herein include, for example, a method, comprising: generating a shared symmetric key to begin a communication session among a group of users by a first user; distributing, by the first user, the generated shared symmetric key to each user in the group of users; communicating within the communication session among a group of users, where each user encrypts a message to the group of users to be distributed through the communication session using the generated shared symmetric key, and each user decrypts a message received from the communication session using the generated shared symmetric key.

Systems and methods to enable on-the-fly modification of running processes on a webserver more quickly and efficiently are discussed herein. A code vault is used to store binaries for use in production code running on a server, which are downloaded and implemented in the running process when authorized by developers. The process retrieves the binaries from the code vault to deploy the modifications to a specified audience without having to re-instantiate or run a parallel process with the new binaries. Binaries for different audiences or subsequent experiments may be downloaded onto the same machine, but remain isolated. Control of the deployments may require multi-factor or multi-user authentication and are logged for change control.