A method for verifying a proximity of a user device to a beacon, including broadcasting a frame comprising an encrypted payload, receiving the frame, extracting information from the frame, and verifying the proximity of the user device to the beacon based on the extracted information.

Anomaly and causation detection in computing environments are disclosed. An example method includes receiving an input stream of data instances for a time series, each of the data instances being time stamped and including at least one principle value and a set of categorical attributes; generating anomaly scores for each of the data instances over continuous time intervals; detecting a change in the anomaly scores over the continuous time intervals for the data instances; and identifying which of the set of categorical attributes of the data instances caused the change in the anomaly scores using a counterfactual analysis. The counterfactual analysis may comprise removing a portion of the data instances; regenerating the anomaly scores for each of the remaining data instances over the continuous time intervals; and if the anomaly scores are improved, identifying the portion as a cause of anomalous activity. Recommendations to remediate the cause may be generated.

A system and method for resuming a remote desktop for a networked client device. An access control system accepts login data from a user input to a networked client device, and/or user activity data collected by an agent running on the desktop. The networked client device may include a client application. A data center allows access to an activated desktop to the networked client device. The access control system suspends the desktop when the user is inactive in operating the client device. The access control system resumes the desktop on the networked client device in relation to a predicted start time. The predicted start time is based on login data from past logins by the user on networked client devices.

Systems and methods are provided for recording and validating modifications to a secured container. Modifications to the secured container by trusted parties are logged. The log may be maintained in a secured memory of an IHS (Information Handling System) and may be periodically validated. Each logged modification specifies a timestamp of the modification and the digital watermark assigned to the trusted party making the modification. Upon completing modifications, the secured container is sealed by imprinting the first digital watermark and the first timestamp at locations in the secured container specified by a watermarking algorithm assigned to the trusted party making the modification. Additional modifications may be serially watermarked on the secured container according the watermarking algorithm of the trusted party making each modification. The secured container is unsealed by re-applying each of the watermarking algorithms in reverse order. The integrity of the secured container, and each modification, is thus validated.

Methods and systems for providing fast random access and/or inspection of records within an encrypted communication session are presented. The encrypted communication session may include encrypted records that were encrypted using rotating encryption keys. A key index is generated for the encrypted communication session. The key index includes the encryption keys used during the encrypted communication session and timestamps associated with the encryption keys. To access a particular record within the encrypted communication session, a particular encryption key is selected from the encryption keys stored in the key index. The particular record is decrypted using the selected encryption key.

A system for tracking electronic communications of a subscriber includes a gateway configured to track a communication between a mobile device and a subscriber mobile device that has a subscriber software module associated with a subscriber business number. The gateway is configured to send the communication to an Enterprise Information Archiving system. The gateway also is configured to: (i) if the communication is sent from the subscriber software module intended for the mobile device, send the communication to the mobile device via at least one of an SMS, MMS, and voice communication capability of the mobile device; and (ii) if the communication is sent from the mobile device to the subscriber business number via at least one of an SMS, MMS, and voice communication capability of the mobile device, send the communication to the subscriber software module associated with the subscriber business number.

For a plurality of hosts, observe first time-varying characteristics including network throughput, central processing unit (CPU) usage, and/or memory usage; second time-varying characteristics including software configuration; and time-invariant characteristics including hardware configuration, at a plurality of timestamps. Construct a restricted HMM configured to predict actual host states, wherein the first time-varying characteristics include observed variables. The current observed variables depend on current values of the hidden variables and prior timestamp distribution of the observed variables. The former in turn depend on prior timestamp values of the hidden variables, the time-invariant characteristics of the hosts. and current timestamp values of the second time-varying characteristics. Estimate parameters of the restricted HMM; run the restricted HMM with the estimated parameters for each of the hosts; analyze the results to identify at least one of the hosts which has a potential cybersecurity issue; and take at least one remedial action.

Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.

The specification discloses a blockchain-based advertisement monitoring method and apparatus, and an electronic device. The method may include: obtaining blockchain verification information of a target advertisement from a blockchain, the blockchain verification information comprising identification information of a playing device of the target advertisement, a first signature associated with a screenshot image of the target advertisement, and a second signature associated with the identification information of the playing device; decrypting the first signature and the second signature based on a public key of the playing device to obtain a to-be-verified screenshot information and a to-be-verified identification information, respectively; verifying the to-be-verified identification information against the identification information of the playing device; and after the to-be-verified identification information is verified: obtaining an advertisement resource corresponding to the identification information of the playing device; and verifying the to-be-verified screenshot information against the obtained advertisement resource.

Aspects of the subject disclosure may include, for example, obtaining a content item, receiving a first token that comprises an identification of a date and a time when a first portion of the content item is obtained, a location where the first portion of the content item is obtained, or a combination thereof, and transmitting the content item and the first token to a database. Other embodiments are disclosed.