Abstract: Apparatus and methods for generating secondary content scheduling and dynamic insertion for users of a managed content distribution network, such as a cable, satellite, of HFCu network. In one embodiment, the secondary content comprises advertising content which is directly related or tied to demographics, psychographics, and/or other metrics of applicability to one or more users of the content distribution network. Individual insertion opportunities are identified (either in advance or dynamically), and relevant or targeted secondary content is dynamically “switched in” for delivery to the one or more users via interaction between a local or client application (e.g., operative on the user's set top box or personal electronic device) and a switched digital video entity of the network, and subsequently switched out if no longer required, thereby conserving network bandwidth and/or other resources.

Abstract: Systems, computer program products, and methods are described herein for evaluating, validating, and implementing change requests to a system environment based on artificial intelligence input. The present invention may be configured to receive a change request including a change to be made to a configuration item of a system environment, determine, based on a change inference database, potential failure points associated with deploying the change request in the system environment, and determine, based on the potential failure points, a confidence score for the change. The present invention may be configured to determine whether the confidence score for the change satisfies a threshold limit for the configuration item and prevent the change request from being deployed in the system environment until the confidence score for the change satisfies the threshold limit for the configuration item.

Abstract: Methods and systems for authenticating operations of an aircraft are disclosed. In at least one embodiment, the method may include: receiving, by an aircraft data gateway, a request for an operation of an aircraft from an operations portal; performing a first digital authentication of the request using first digital authentication information; performing a second digital authentication of the request using second digital authentication information, the second digital authentication information being distinct from the first digital authentication information; and executing the operation of the aircraft upon validating the first digital authentication and the second digital authentication.

Abstract: Techniques are shown for key management using a traceable key blockchain. A first block corresponding to a cryptographic key is generated on the blockchain, and the first block is securely modified to include metadata describing a key source for the cryptographic key. A second block corresponding to a first key transaction with the cryptographic key is generated on the blockchain, the second block is linked to the first block, and the second block is securely modified to include metadata describing the first key transaction with the cryptographic key.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may receive a first signal associated with a downlink control channel, wherein the first signal uses a modulation signature that identifies a first security key associated with a reconfigurable intelligent surface (RIS), and wherein the first signal includes a second security key. The UE may receive a second signal associated with a downlink shared channel, wherein the second signal includes a third security key, and wherein the second signal is authenticated by the UE based at least in part on the first security key, the second security key, and the third security key. Numerous other aspects are described.

Abstract: Examples of the disclosure enable detecting an anomalous state in a machine. The method is performed by an anomaly detection server. The method includes receiving training analysis vectors associated with a monitored machine during a training period. The method also includes applying the training analysis vectors to a machine learning model to create a trained machine learning model configured to describe normal states in the monitored machine as indicated by training analysis vectors. The method further includes receiving monitoring analysis vectors associated with the monitored machine during a monitoring period. The method also includes applying the monitoring analysis vectors to the trained machine learning model to identify at least one discrepancy indicating an anomalous state in the monitored machine. The method further includes transmitting an alert indicating that an anomaly is detected in the monitored machine.

Abstract: A threat monitoring and vulnerability management system is disclosed. The system includes one or more sensors configured to scan a frequency spectrum of a project 25 (P25) network and to collect data on the P25network.

Abstract: In one aspect, a method carried out by a content-presentation device may include transmitting a consent-processing request, including an identifier string unique to the device, to a consent management platform disposed in a computing cloud. The string may be used to establish an interactive session for user selection of consent options associated with a consent package having consent features of a media distribution system that require user consent for activation on the device. The consent package may be one of multiple consent packages targeted for the device by the consent management platform. The interactive session may prompt for consent choices of consent options, each choice being acceptance or rejection of consent to activating features of the consent package. The consent choices may be provided to the consent management platform via the interactive session, and corresponding information may be stored in a device-based activation whitelist for each consent-to feature.

Abstract: Systems and methods related to a VPN controller are provided. In some embodiments, a first VPN controller is configured to establish a VPN tunnel with a client endpoint, wherein the VPN tunnel is established using an authentication process of the client endpoint, route a L2 request to a second VPN controller via an established communication tunnel between the first VPN controller and the second VPN controller by identifying a Generic Routing Encapsulation (GRE) header of the L2 request and based on the GRE header of the L2 request, directing the L2 request to a responsive L2 device accessible by the second VPN controller, receive an encapsulated L2 response from the second VPN controller identifying acceptance of the L2 request, and enable an electronic communication between the client endpoint and the responsive L2 device at least via the VPN tunnel between the client endpoint and the first VPN controller.

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

Abstract: Encryption of data occurs before it is written to the storage platform; decryption occurs after it is read from the storage platform on a computer separate from the storage platform. By encrypting data before it travels over a wide-area network to a storage platform (and by only decrypting that data once it has arrived at an enterprise from the storage platform), we address data security over the network. Application data is encrypted at the virtual disk level before it leaves a controller virtual machine, and is only decrypted at that controller virtual machine after being received from the storage platform. Encryption and decryption of data is compatible with other services of the storage system such as de-duplication. Any number of key management services can be used in a transparent manner.

Abstract: A system for facilitating a virtual screening is disclosed. The system identifies a user for participating in a virtual screening of media content. The system generates a unique link for the user to facilitate access to the media content. When the user interacts with the link, the system prompts the user to authenticate with the system and determines whether the authentication was successful. If authentication is successful, the link is associated with an identifier of the user and/or a user device. A request for a key for decrypting the media content and a request for a digitally signed file accessing the media content pursuant to parameters are made. If the digitally signed file is valid, the system applies a watermark to the media content to track the use of the media content and streams the media content to the user. Feedback on the media content is obtained from the user.

Abstract: A network packet analyzer according an embodiment includes a memory and one or more hardware processors. The memory stores a plurality of sets of training data in which semantics of one protocol field and one or more patterns indicating characteristics of variations of the parameters of the one protocol field are associated with each other. The hardware processors: captures a network packets and extracts a variable field whose parameter varies in time series; generates, based on the parameter varying in the time series in the variable field, one or more patterns indicating a characteristic of a variation of the parameter; and compares each of the one or more patterns with each of the one or more patterns of the training data and estimate the semantics of the variable field.

Abstract: Methods and systems of data tokenization are described herein to provide protection for sensitive data. A tokenization service controller may extract sensitive data by determining a schema, the schema identifying which fields contain sensitive data. A token may be generated corresponding to each instance of the extracted sensitive data. The tokenization service controller may then generate a tokenized data set comprising a plurality of tokenized records arranged according to the same format as the original records, wherein the tokenized records use the generated tokens in place of the corresponding sensitive data.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: Systems, methods, and related technologies for clustering are described. The method includes determining one or more access policies associated with each of one or more clusters of entities, wherein a cluster comprises one or more entities with similar behavior. The method further includes determining one or more anomalies based on the one or more clusters, wherein the one or more access policies control communications between entities of the one or more clusters based on the one or more anomalies. The method further includes storing data associated with at least one of the one or more clusters and the one or more anomalies.

Abstract: A computer-implemented method for team-sourced anomaly vetting via automatically-delegated role definition. The method may include automatically determining that an event of the computing system corresponding to activity of an end user is anomalous. Based on the anomalous event, a permission store of the computing system may automatically be edited to include an access restriction on the end user, and a notification may be automatically generated and transmitted to one or both of the end user and another end user. The notification may provide access to an executable statement including code configured to be executed to remove the access restriction. A call to the executable statement by the other end user may be automatically received. Further, the permission store may be automatically edited to remove the access restriction on the end user.

Abstract: A method, computer system, and a computer program product for personal data discovery is provided. The present invention may include determining at least one feature used to train a target machine learning (ML) model. The present invention may also include mapping the determined at least one feature to at least one location of a data store including at least one personal data associated with the determined at least one feature. The present invention may further include retrieving a data record of the at least one personal data associated with the mapped at least one feature from the at least one location of the data store. The present invention may also include determining that the target ML model includes a trace of the retrieved data record. The present invention may further include marking the target ML model as containing the at least one personal data.

Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting errors that can occur in third party content presentation and verifying that third party content provided by a content provider to a content platform is actually displayed and is visible to the user when the content platform is accessed on the client device. Methods can include receiving, from an application executing on a client device, a request to generate a digitally signed token that is used to validate whether a particular content item displayed at the particular portion of the display is a third party content item. A digital watermark embedded at the particular portion of the display can be extracted and decoded to obtain data for attributes that are descriptive of the particular content item. A digitally signed token can be generated using this data, and the token can then be provided to application.