In response to a request for launching an application within an operating system of a data processing system, one or more extended entitlements are extracted from the application, where the one or more extended entitlements specify one or more resources the application is entitled to access. One or more security profile extensions corresponding to the one or more extended entitlements are dynamically generated. A security profile specifically for the application is created based on the one or more security profile extensions and a base security profile that has been previously compiled, where the base security profile specifies a list of a plurality of base resources. The application is then launched in a sandboxed operating environment that is configured based on the security profile specifically generated for the application.

The present invention puts forward a personal electronic access permission (Figure B, 31) that can both check on the customer's identity (Figure A, step 2) and right to access an event/venue in one scanning event, and address the unwanted secondary market, still enabling a customer (Figure D, 5) to sell back an electronic access permission to the system (Figure D, I) in case the customer is not able to attend the event.

A computer-based method includes monitoring user activities at an endpoint device on a computer network, determining if one of the user activities at the endpoint device presents a potential threat to network security, creating an alert of the potential threat, and providing, with the alert, a redacted version of a screenshot from the endpoint device. One or more open windows that appeared on the screen of the endpoint device are obscured or removed in the redacted version of the screenshot of the endpoint device.

An eUICC card comprising an initial runtime environment, subscriber profiles, associated adapters, and an adaptive routine configured to apply these adapters. An adapter enables the initial runtime environment to be adapted to the specificities of the corresponding profile when the latter is enabled. To enable dynamic adaptation of the runtime environment to the profiles used, the eUICC card further comprises inverse adapters associated with the profiles. The inverse adapter of the active profile makes it possible to restore the initial runtime environment upon disabling or deleting this profile. The adaptation can consist of modifying a Java class of the Java Card runtime environment of the eUICC, to the specificities of a profile.

Systems and methods are disclosed which use a block chain (“blockchain”) to enable the establishment of file dates and the absence of tampering, even for documents held in secrecy and those stored in uncontrolled environments, but which does not require trusting a timestamping authority or document archival service. In an exemplary operation, an internet browser retrieves a website document, hashes at least a portion of the website document to produce a first hash value, retrieves blockchain registration data for the website document; compares the first hash value with a second hash value found in a blockchain; and responsive to the first and second hash values matching, displays a verification indication. Some embodiments may be used as parental controls for internet browsers.

The techniques disclosed herein enable systems to train machine learning models using benign augmentation to enabled resistance various data poisoning attacks. This is achieved by first training a machine learning model using an initial dataset that is trustworthy and originates from a known source. The initial dataset is then modified to include known attack triggers such as syntactic paraphrasing to generate an augmented dataset. The augmented dataset is then used to train a robust machine learning model based using the initially trained machine learning model. The resultant robust machine learning model is then enabled to detect and resist attacks captured by the augmented dataset. The robust machine learning model can be retrained using an untrusted dataset that includes various compromised inputs in conjunction with the augmented dataset. Retraining results in an updated robust machine learning model that can learn and resist various data poisoning attacks on the fly.

A method includes: receiving, by a computer, a user input corresponding to selection of a link associated with an address; determining, by the computer, that the address would not fit in an address bar of a browser displayed on a screen of the computer; and based on the determination that the address would not fit in the address bar of the browser, displaying, by the computer, in the address bar of the browser, a first element of the address and at least part of a second element of the address, including displaying a first portion of the second element of the address and an ellipsis indication representing a second portion of the second element of the address. The display of the first element of the address is visually distinguished from the display of the first portion of the second element of the address.

The present invention puts forward a personal electronic access permission (Figure B, 31) that can both check on the customer's identity (Figure A, step 2) and right to access an event/venue in one scanning event, and address the unwanted secondary market, still enabling a customer (Figure D, 5) to sell back an electronic access permission to the system (Figure D, I) in case the customer is not able to attend the event.

In an example, there is disclosed a computing apparatus, including: a network interface; one or more logic elements providing a security orchestration server engine operable for: receiving contextual data from a client via a network interface; providing the contextual data to a security orchestration state machine, the security orchestration state machine operable for deriving a policy decision from the contextual data; and receiving the policy decision from the policy orchestration state machine. There is also disclosed one or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions for providing a security orchestration engine, and a method of providing a security orchestration engine.

The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determined that the data that needs to be protected is modified, virtual machine introspection is triggered. The present invention avoids a performance loss and a security problem that are brought about by regularly starting a virtual machine introspection system to perform a security check, and therefore, the present invention is more applicable.