Abstract: Techniques are disclosed for context-aware obfuscation and unobfuscation of sensitive content in the display of the sensitive content. An example methodology implementing the techniques includes receiving content for display, the content including metadata indicative of a location of at least one item of sensitive content within the received content, and determining at least one contextual factor. The method also includes, responsive to a determination to obfuscate the item of sensitive content based on the at least one contextual factor, displaying the item of sensitive content in obfuscated form. The method may also include, responsive to a determination to not obfuscate the item of sensitive content based on at least one contextual factor, displaying a non-obfuscated version of the item of sensitive content.

Abstract: In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.

Abstract: Systems and methods for reconstructing a trajectory from anonymized data are provided. In some aspects, a method includes receiving anonymized data corresponding to a trajectory of a user or object, and assembling, based on the anonymized data, a state-space model. The method also includes executing a prediction algorithm, based on the state-space model, to generate predicted data from the anonymized data, and reconstructing the trajectory of the user or object using the predicted data. The method further includes generating a report indicative of the trajectory.

Abstract: A method of adaptively updating an enrollment database is disclosed. The method may include extracting a first feature vector from an input image, the input image including a face of a user, determining whether to enroll the input image in the enrollment database based on the first feature vector, second feature vectors of enrollment images and a representative vector, the second feature vectors of the enrollment images being enrolled in the enrollment database, and the representative vector representing the second feature vectors, and enrolling the input image in the enrollment database based on a result of the determining.

Abstract: Methods, computer-readable media, software, systems and apparatuses may retrieve, via a computing device and over a network, information related to one or more characteristics of a particular application or service deployed in a computing environment. The particular application or service may be associated with a class of applications or services based on the information. A type of personal data collected may be determined for each application or service in the associated class. For the particular application or service, a risk metric indicative of a type of personal data collected by the particular application or service in relation to the type of personal data collected by other applications or services in the associated class may be determined. An additional application or service with a lower risk than the particular application or service may be recommended.

Abstract: A method includes encrypting a first message that contains a first public key of a first peer, by using a second public key of a second peer; and decrypting a second message sent from the second peer by using a first private key paired with the first public key. The second message includes a write command and is encrypted at the second peer by using the first public key, and contains an encrypted data encrypted by the second peer using the second public key and hashed by using a secret key of the first peer. The first public key, the second public key, the first private key and the secret key are physically unclonable function (PUF)-based keys.

Abstract: An information processing apparatus is provided. The apparatus comprises a verification unit configured to verify an application program; and a control unit configured to, in a case where the verification by the verification unit fails, determine whether or not to restore the application program based on a type of the application program, restore the application program in a case where the control unit determined that the application program is to be restored, not permit execution of the application program in a case where the control unit determined that the application program is not to be restored, and permit execution of an application program successfully verified by the verification unit or the restored application program.

Abstract: An electronic resource tracking and storage computer system is provided that communicates with a distributed blockchain computing system that includes multiple computing nodes. The system includes a storage system, a transceiver, and a processing system. The storage system includes an resource repository and transaction repository that stores submitted blockchain transactions. A new resource issuance request is received, and a new resource is added to the resource repository in response. A new blockchain transaction is generated and published to the blockchain. In correspondence with publishing to the blockchain, the transaction storage is updated with information that makes up the blockchain transaction and some information that was not included as part of the blockchain transaction. The transaction storage is updated when the blockchain is determined to have validated the previously submitted blockchain transaction.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting modified media are disclosed. In one aspect, a method includes the actions of receiving an item of media content. The actions further include providing the item as an input to a model that is configured to determine whether the item likely includes audio of a user's voice that was not spoken by the user or likely includes video of the user that depicts actions of the user that were not performed by the user. The actions further include receiving, from the model, data indicating whether the item likely includes audio of the user's voice that was not spoken by the user or includes video of the user that depicts actions of the user that were not performed by the user. The actions further include determining whether the item likely includes deepfake content.

Abstract: In an approach to predicting software security exploits by monitoring software events, sets of design events are received from a compliance monitor, where the sets of design events are captured by the compliance monitor during execution of a software application. A pattern of the sets of design events performed by the software application is detected, where the pattern is a specific sequence of the sets of design events. The pattern of the sets of design events performed by the software application is compared to a database of learned patterns using a deep learning model. A security exploit is predicted based on the comparison of the pattern of the sets of design events performed by the software application to the learned patterns.

Abstract: A method and a system for providing security information about an application container for an Industrial Edge device, wherein the application container displays an application, runtime libraries and parts of an execution environment, where first information is obtained from the application or source code, second information is obtained from the application program or source code of the application, where confidentiality classes and processing classes are ascertained, and where the security information is formed by linking arising confidentiality classes to arising processing classes and the security information is associated with the application container such that specific and reliable security information about the application container or applications is generated and the security information is provided to a user or an installation system via association of the security information with the application container or the application to make information about the specific security problems or properties ava

Abstract: Functional data for use in one or more digital transactions are secured by using an encapsulated security token (EST). In certain embodiments, the EST is created by encapsulating digital data including the functional data using at least two cryptographic systems of two parties. The encapsulation and subsequent de-encapsulation can utilize cryptographic systems of the parties that involve a private key for signing and decryption and a public key for encryption and signature verification. If constructed carefully over a series of rigorous events, the resulting EST can be practically impossible to counterfeit. In addition, a propagation of rights can be tracked for auditing and rights can be easily terminated or modified.

Abstract: A self-correcting memory system comprising an integrated circuit including memory and memory content authentication functionality, which is operative to compare content to be authenticated to a standard and to output “authentic” if the content to be authenticated equals the standard and “non-authentic” otherwise; and error correction functionality which is operative to apply at least one possible correction to at least one erroneous word entity in said memory, yielding a possibly correct word entity, call said authentication for application to the possibly correct word entity, and if the authentication's output is “authentic”, to replace said erroneous word entity in said memory, with said possibly correct word entity thereby to yield error correction at a level of confidence derived from the level of confidence associated with the authentication.

Abstract: Systems and methods include training a machine learning model with data for identifying features in monitored traffic in a network; analyzing the trained machine learning model to identify information overhead therein, wherein the information overhead is utilized in part for the training; removing the information overhead in the machine learning model; and providing the machine learning model for runtime use for identifying the features in the monitored traffic, with the removed information overhead from the machine learning model.

Abstract: Some embodiments are directed to a compiling device (100) configured for selecting of protective transformations to improve security of a computer program. The compiling device is configured to assign protective transformations to parts of the data flow graph, and obtain a compilation of the computer program representation from at least the data flow graph and the assigned protective transformations which satisfy the security and/or the performance target.

Abstract: A method and device for protecting a flow-conducting device of an installation against cavitation initiated by cyber attacks. At least one signal relating to an operating state of the installation is evaluated by an evaluation unit in order to detect a cyber attack by comparison with at least one reference value. If the evaluation unit detects a willfully brought-about irregular operating mode of the installation based on the evaluation, the unit passes on signals to components of the installation to bring about an installation operating mode which is in compliance with regulations and during which generation of cavitation is avoided, and produces a state in which the flow-conducting device is protected against the current cyber attack and/or against future cyber attacks.

Abstract: The present technology pertains to responding to a kernel level file event for a content item and presenting a file event window associated with the content item. A client device can detect the kernel level file event for the content item. This can be accomplished using a kernel extension on a client device that is networked with a content management system. The client device can then retrieve data associated with the content item, including an instruction for the content item. The client device can then perform the instruction. This instruction can be to retrieve collaboration data from the content management system and present the collaboration data in a file event window.

Abstract: Generally discussed herein are devices, systems, and methods for secure container operation. A behavior profile of normal container operation can be generated, such as by using crowd sourced data. A container monitor can provide container actions of an application in a deployed container. The container action can be compared to a behavior profile that indicates normal behavior of the container. A communication can in response to the container actions being inconsistent with the normal behavior of the behavior profile. The container can be halted to stop the abnormal behavior.

Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.

Abstract: An ultrasonic transceiver system includes a transmitter block, a receiver block, a state machine, a computer unit. The transmitter block contains circuitry configured to drive an ultrasound transducer. The receiver block contains circuitry configured to receive signals from the ultrasound transducer and convert the signals into digital data. The state machine is coupled to the transmitter and receiver blocks and contains circuitry configured to act as a controller for those blocks. The computing unit is coupled to the transmitter block, the receiver block, and the state machine and is configured to drive the transmitter block and process data received from the receiver block by executing instructions of a program. The program memory is coupled to the computing unit and is configured to store the program. The computing unit is configured to be reprogrammed with one or more additional programs stored in the program memory.