Systems, devices and methods directed to operation of a point of sale (PoS) device during network connectivity to a cloud server, as well as during network outages and/or interruptions. The POS device can process transactions in a seamless manner even during network outages and/or interruptions. A POS application that runs on a POS device in an “online” mode can automatically detect an interruption in network connectivity, and switch to an “offline” mode. In the offline mode, the POS device can continue to process transactions and/or conduct other activities.

Disclosed herein are system, method, and device embodiments for time-based trust token (TBTT) depreciation. In an example embodiment, a service provider system (e.g., a service provider and API service) may receive a connection request including a demographic attribute associated with a first client account from a partner device, match the demographic attribute to client information associated with the first client account, send the partner device a connection request identifier and a URL including a depreciating token, and authenticate a second client account via a login page associated with the URL. Further, the service provider system may receive a verification request including the connection request identifier and the depreciating token, determine a security context of the depreciating token based on a depreciation function and the verification request, and determine, based on the security context, whether to create a connection between the second client account and partner device within the service provider system.

Cryptographically identifying a device to a service includes: providing the cloud service with a cryptographically signed token, the token being embedded in the device when the device was manufactured, the token including first information and second information. The cloud service verifies the token using a public key associated with the second information and determines a user using the first information. The device receives, from the cloud service, provisioning information customized for the user and including a client certificate for communicating with the cloud service.

Secure electronic devices and methods are disclosed. A method may include: using a transceiver, a computer program capturing a current connectivity fingerprint comprising at least one current wireless network or device in a current environment for an electronic device; the computer program retrieving a home connectivity fingerprint for a home environment comprising at least one home wireless network or device that fingerprint was captured when the electronic device was in a home environment; the computer program comparing the current connectivity fingerprint to the home connectivity fingerprint; and the computer program storing the current connectivity fingerprint in response to a threshold number of the current wireless networks or devices in the current connectivity fingerprint are not present of the home connectivity fingerprint.

The system and method may look for bots using statistics. At a high level, bots communicate back and forth to a command and control computer. The communications are at somewhat random times by design to not be obvious. Using expected probability of a normal distribution rather than simply analyzing time of communications may result in better bot recognition.

The present disclosure relates to security risk warning system that a recipient may acknowledge and act accordingly. Security insights may be provided explicitly in a security insight panel that may clearly identify vulnerabilities specific to a particular authenticable communication. This may limit risk that a recipient would ignore or not understand the risk. Security insights may be provided for a combination of indicated source, recipients, and content, such as links, text, attachments, and images. Security insights may be provided on site, such as on or proximate to the reviewed portions of the authenticable communication.

A risk management system deploys an anomaly detection method for a target data instance without explicitly storing data processing architectures in memory. The anomaly detection method determines whether the target data instance is an anomaly with respect to a reference set of data instances. In one embodiment, the anomaly detection method mimics traversal through one or more trees in an isolation forest without explicitly constructing or storing the trees of the isolation forest in memory. This allows the risk management system to avoid unnecessary storage and retrieval of parts of each tree that would not be traversed if the tree were constructed. Moreover, the anomaly detection method allows anomaly detection to be efficiently performed within memory-constrained systems.

The present disclosure provides systems and methods for authenticating photographic data. In one embodiment, a method comprises providing an image authentication application for use on a client device, the application configured to control image capture and transmission; receiving an image data file from the application at the authentication server comprising a photographic image captured by the application and metadata associated therewith; applying a watermark to the photographic image to create a watermarked image; applying date and time information to the tagged image; applying location information to the tagged image; creating a web address associated with the image data file; uploading the photographic image, the tagged image, or both to the web address; and transmitting an authenticated image file to the client device, the authenticated image file comprising one or more of: the watermarked image, the photographic image, the date and time information, geographic information, and the web address.

Methods, systems, apparatuses, and computer-readable storage mediums described herein are configured to detect anomalous behavior with respect to control plane operations (e.g., resource management operations, resource configuration operations, resource access enablement operations, etc.). For example, a log that specifies an access enablement operation performed with respect to an entity is received. An anomaly score is generated indicating a probability whether the access enablement operation is indicative of anomalous behavior via an anomaly prediction model. A determination is made as to whether anomalous behavior has occurred with respect to the entity based at least on the anomaly score. Based on a determination that the anomalous behavior has occurred, a mitigation action may be performed that mitigates the anomalous behavior.

This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (WAN). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (INE). A second device may be positioned in a plain-text portion of a second enclave behind a second INE. The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate. The first computing device may receive a data packet from the second computing device. The first computing device may then determine contents of a header of the data packet. The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN.