Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a query provided by a user and comprising one or more terms. Obtaining context data based on at least a portion of a first resource displayed to the user at a time that the query is received. Obtaining a revised query that is based on the query and the context data. Receiving a plurality of search results responsive to the revised query. Automatically, selecting a search result that represents a second resource from the plurality of search results, and providing the second resource for display to the user.

Abstract: Techniques are provided for client-side encryption and/or processing of telemetry data. An illustrative method comprises providing, by a telemetry server, a query request to a telemetry client, wherein the provided query request comprises a query and an encrypted payload over which the query operates; obtaining a query result from the telemetry client, wherein the telemetry client (a) decrypts the encrypted payload using at least one decryption key, (b) processes the query request using the decrypted payload, and (c) provides the query result to the telemetry server; and aggregating the query results obtained from one or more of the telemetry clients. The telemetry client can (i) validate the decrypted payload using a signature within the decrypted payload, and/or (ii) evaluate a query type of the query to determine whether the telemetry client opted in to the query type being executed.

Abstract: Distributed firewalls reside at different points across a network. Each distributed firewall can include one or more rules that govern traffic over and/or access to the network. The rules can be discovered, converted into a standardized format, and indexed at a centralized rule database. The rules or data of the rules can be verified. The rules can be certified at the centralized database. The certification process can be based on a direction of traffic to which the rule governs. The certification process may have different levels based on the direction of traffic.

Abstract: Described herein are technologies relating to generating search results responsive to receipt of a query. More specifically, the query is mapped to a topic in response to receipt of a query, and social media accounts that have been labeled as being knowledgeable on the topic are identified. Messages in a message feed of the social media account that are germane to the topic are retrieved, and documents referenced (linked) in the retrieved messages are identified. These documents are positioned in a ranked list based upon the documents being referenced in the messages.

Abstract: An application (or process) may have an amount of steady state work to perform per unit time, as well as one or more mechanisms for doing a lower quality job of that work in the event the application falls behind. Approaches presented herein can utilize a clock monitor that enables the application to determine whether a clock loss was encountered that was due to an external source, and is of an amount of time that may be naturally recoverable by the application. If so, the application can enter into a mode of operation wherein the activation of one or more recovery mechanisms is postponed for a period of time to provide the application time to recover. If, after the period of such mode operation, the application has not recovered from the real time clock loss, then the recovery mechanism(s) can be activated as appropriate.

Abstract: A social network system that includes tools and technologies to keep the identities of the users of the system anonymous is provided. The system requires that some users use usernames that are not associated in any way with their legal names. In addition, other identifying content such as photographs are disallowed in certain circumstances. The system includes the tools to review and remove disallowed content from being published on the social network. The system also provides tools for its users to express themselves while engaging in creative endeavors such as creating artwork, creating music, creating videos, singing, journaling and creative writing, acting, inventing, interviewing, and hosting and other endeavors. In this way, the system provides a social platform that promotes creativity, unity, inclusion, self-growth, support, and healing.

Abstract: There is provided a speech control system including: a microphone configured to acquire speech; a speaker configured to output speech; an image processing unit; and a controller configured to control settings of the image processing unit. The controller is configured to: specify one or more setting items represented by an input speech of a user acquired by the microphone that are to be set for the image processing unit, and depending on whether or not the specified one or more setting items satisfy a reading condition, cause the speaker to output a first response speech that reads the one or more setting items, or a second response speech that does not read at least one out of the one or more setting items.

Abstract: In disclosed techniques, a computing system causes presentation of a user interface having an input field operable to receive, from a user, a search query for a database. The computing system may classify the search query by: determining whether the search query includes terms that are within a specified vocabulary indicative of a natural language query and determining whether the search query includes terms that identify an object defined in a schema of the database. In response to classifying the search query as a natural language query, the computing system returns query results determined by identifying values in the database corresponding to the object defined in the schema. In response to classifying the search query as a keyword query, the computing system returns query results determined by comparing terms of the search query to values within records in the database.

Abstract: A system and method for the secure management of digital contracts utilizes technology from the following fields: digital timestamping, encryption, distributed storage, and distributed payment systems. The existing state-of-the-art contract management systems require counter-parties to give a substantial level of trust to third parties to perform functions such as storage and verification. This system and method reduces the amount of trust that the counterparties need to give to a single third party. The system and method may be used for the secure construction and management of digital contract data and metadata.

Abstract: A method for the cryptographically protected unidirectional data transmission of payload data, wherein one or more data packets includes the payload data are transmitted on an end-to-end data transmission link from a first communication unit in a first network via a one-way communication unit, which is arranged between the first network and a second network, to a second communication unit in the second network, is provided.

Abstract: The disclosed embodiments disclose techniques for managing a distributed cache in a cloud-based distributed computing environment (CBDCE). During operation, an instance of a data processing layer service (DPL) receives a data request from a client that specifies an address and an operation for a target data block. The DPL instance uses these to determine a first cache instance of the distributed cache that is assigned to cache a metadata entry that links the address with a data block fingerprint for the target data block. The DPL instance then uses the data block fingerprint and the cache mapping to determine a second cache instance that is assigned to store the target data block, and then accesses the second cache instance to complete the operation for the target data block.

Abstract: An Artificial Intelligence AI-based cyber threat analyst protects a system from cyber threats. A cyber threat analyst module uses i) one or more AI models, ii) a set of scripts, and iii) any combination of both, to form and investigate hypotheses on what are a possible set of cyber threats that include abnormal behavior and/or a suspicious activity. An analyzer module uses one or more data analysis processes including i) an agent analyzer data analysis process; ii) an Ngram data analysis process; iii) an exfiltration data analysis process; and iv) a network scan data analysis process; in order to obtain any of the abnormal behavior and the suspicious activity to start the investigation on the possible set of cyber threats hypotheses, as well as, to obtain the collection of system data points to either support or refute the possible cyber threat hypotheses.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for persisting state of a streaming application are disclosed. In one aspect, a method includes the actions of receiving data indicating interaction with third-party content that is displayed with first-party content at a client device. The interaction with the third-party content initiates an application request for a streaming version of an application (“streaming application”). The actions further include generating a representation of the streaming application in response to the interaction with the third-party content at the client device. The actions further include receiving data indicating a user interaction with the representation of the streaming application at the client device. The actions further include generating and storing data indicating a first state of the streaming application at a first time based on the user interaction with the representation of the streaming application.

Abstract: Systems and methods are described herein for providing proxy mechanisms for DNS services, such as resolving DNS requests. In some embodiments, the systems and methods establish a Proxy DNS module at a DNS resolver of an internet service provider, and access, with the proxy DNS module, DNS queries destined for a public name server. The name server may be accessible by the DNS resolver via a publically-accessible network. Further, the systems and methods may route the accessed DNS queries to a private name server associated with the proxy DNS module and accessible via a private communications channel, and receive, from the private name server and via the private communications channel, IP addresses associated with the DNS queries.

Abstract: A computer-implemented method for storing blocks of a file in a heterogeneous environment. The method may comprise receiving a command header for an operation associated with a file from a first data node, matching the enhanced metadata with capabilities of a second data node, and generating a block layout map for the file based at least in part on the enhanced metadata and the capabilities of the second data node. The command header may include enhanced metadata associated with a file, and the enhanced metadata may comprise a type of workload that generated the file and a data access pattern.

Abstract: A method includes obtaining information identifying transactions from multiple sources. The transactions relate to multiple functional domains of a supply chain associated with an industrial process. The method also includes storing the information in a data store according to a unified model. The method further includes providing a common user interface for different functional users. The common user interface is configured to display multiple visualizations and reports associated with the transactions. The method also includes obtaining, according to a user input at the common user interface, one or more metrics and one or more analytics from the data store. The one or more metrics and the one or more analytics are associated with the obtained information. The method also includes configuring the common user interface to display, according to the user input, at least one visualization or report involving the one or more metrics and the one or more analytics.

Abstract: In particular embodiments, a Cross-Border Visualization Generation System is configured to: (1) identify one or more data assets associated with a particular entity; (2) analyze the one or more data assets to identify one or more data elements stored in the identified one or more data assets; (3) define a plurality of physical locations and identify, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations; (4) analyze the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; (5) determine one or more regulations that relate to the one or more data transfers; and (6) generate a visual representation of the one or more data transfers based at least in part on the one or more regulations.

Abstract: Disclosed is a method, a device, and/or a system of controlling permissible actions a computing device can perform on a data resource based on a use policy evaluating an authorized context of the device. In one embodiment, a request is received from a device to use a protected resource stored in a non-hierarchical data structure. A use policy defining an authorized context for which the device can use the protected resource based on contextual value(s) is extracted from a data node. A use transaction is initiated that gathers the contextual values to determine whether the use request satisfies the authorized context. A set of use terms is generated and returned to the device. The protected resource is then streamed to the device, where the device includes a process to enforce ephemerality of the protected resource by maintaining the protected resource in association with the set of use terms.

Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may support the creation, association, searching, or visualization of any relevant context to identity management assets for a variety of purposes, including the creation of nested identity management artifacts in a search index and search syntaxes for querying such nested artifacts.

Abstract: A server and a control method thereof are disclosed. The control method of a server includes receiving knowledge information from a first electronic device, storing the received knowledge information in a personal knowledge database corresponding to a user using the first electronic device, transmitting a response to an inquiry to obtain the knowledge information to at least one second electronic device based on the knowledge information stored in the personal knowledge database, based on the inquiry being received from the at least one second electronic device, receiving feedback information to the response from the at least one second electronic device, and storing the knowledge information in a global knowledge database based on the feedback information. At least a part of a method of allowing a server to provide a response to a user inquiry may use an artificial intelligence model learned according to at least one of machine learning, neural networks, or deep learning algorithms.

Abstract: Provided are a method and device for transmitting control information, and a computer storage medium. The method includes: configuring the control information; and sending the control information, where the control information includes at least one of: configuration information of a PUCCH resource for CQI feedback, resource allocation information for indicating time domain resource allocation, or indication information for indicating whether to send in a data region DCI related to the CQI feedback.

Abstract: A request processor includes a request handler and a traffic controller. The request handler is configured to communicate requests received from a source application to corresponding service providers over a network. Each of the requests defines a target action to be performed by the corresponding service provider on a target application. The traffic controller is configured to generate a user interface and perform one of a plurality of traffic control actions on each of the requests based on a user control input through the user interface. The plurality of traffic control actions includes allowing communication of a request to the corresponding service provider by the request handler, holding a communication of a request to the corresponding service provider, and turning back a request to the source application for manual fulfillment.

Abstract: A mechanism for provisioning a composite web application using secure parameter transfer is disclosed. The composite web application includes a component that resides on a virtual machine (VM). A request is received from the component for a configuration parameter that is to enable periodic reconfiguration of the VM. An access condition is identified for accessing the configuration parameter and responsive to determining the access condition is satisfied, the requested configuration parameter is provided to the component. The VM is reconfigured using the requested configuration parameter.

Abstract: Methods, and systems for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include: receiving a request to take an action with respect to a vault of multiple different vaults in a cryptoasset custodial system, and each of the multiple different vaults has an associated policy map that defines vault control rules; authenticating, by a hardware security module, a policy map for the vault on which the action is requested based on a cryptographic key controlled by the hardware security module; checking the action against the policy map for the vault when the policy map for the vault is authenticated based on the cryptographic key controlled by the hardware security module; and effecting the action when the action is confirmed to be in accordance with the policy map for the vault.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface; and instructions encoded within the memory to instruct the processor to: receive a uniform resource locator (URL) for analysis, the URL to access a web page via a remote server; via the network interface, retrieve from the remote server a copy of the web page; render the web page in a headless browser to provide a computer-accessible visual output; perform visual analysis of the visual output via a digital eye; compare the visual analysis to a plurality of known phishing target websites; and if the comparison identifies the web page as visually similar to a known phishing target website, detect the web page as a phishing web page.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: [Object] The present technology relates to a reception apparatus, a reception method, a transmission apparatus, and a transmission method capable of limiting use of broadcast resources by a predetermined application. [Solving Means] There is provided a reception apparatus including: a control information obtaining unit that obtains first control information for controlling an operation of a first application, the first application being capable of requesting use of a broadcast resource transmitted via a digital broadcasting signal; and an application controller that controls, when the first application requests use of the broadcast resource, the use of the broadcast resource by the first application on the basis of the first control information.

Abstract: A method, computer program product, and system are disclosed. The method includes receiving a first communication at a computer system, performing a search operation, sending a second communication, receiving a third communication, and storing the at least the portion of item information in a transaction storage construct. The computer system can cause presentation of a search field in a user interface displayed by a remote computer system. The first communication is received as a result of an event in the search field. Further, a search result (a result of the performing the search operation) is communicated to the remote computer system and comprises item information corresponding to an item. The second communication can cause presentation of the search results in the user interface. The third communication represents a selection of the item in the user interface, and comprises at least a portion of the item information.

Abstract: Embodiments for describing an impact of a change in source code on a trace are presented. One embodiment comprises determining whether or not a change in source code between a first version and a second version of the source code affects a trace output of the source code. Responsive to determining that the change in the source code affects the trace output, metadata descriptive of the change in the source code is generated.

Abstract: Collecting user information according to providing a virtual desktop infrastructure (VDI) service is disclosed. A user information collection system includes a service provisioning manager configured to manage provisioning of a VDI service provided from a VDI service provider, a charging manager configured to manage charging information according to a use of the VDI service, a policy manager configured to manage a policy for the VDI service, a user manager configured to manage information of the user, a VDI service lifecycle manager configured to manage a lifecycle of the VDI service, and a multi-tenant connection manager configured to manage connection infrastructure information between the VDI service provider and a cloud environment (or external software).

Abstract: Disclosed herein provides enhancements for operating a data access system for large data processing environments. In one implementation, a method provides for receiving a data query from at least one of the multiple application services and identifying metadata that defines policies for deploying the queried data. The method further provides retrieving the queried data from at least one of the multiple storage services, generating a data configuration containing the retrieved data based on standardized parameters and the policies defined by the metadata, and deploying the data configuration to the at least one of the multiple application services.

Abstract: One method includes receiving aggregated free-form query information comprising a first section and a second section for requesting data pertaining to a computing system and converting the first section and the second section of the aggregated free-form query information into an original query portion and a contingency query portion for accessing at least one data set. The method further includes accessing, using the original query portion, the at least one data set to obtain result information pertaining to an initial element included in the computing system. The method also includes accessing, using the contingency query portion and the result information returned in response to the original query portion, the at least one data set to obtain information for at least one descendant element or ancestor element related to the initial element included in the result information.

Abstract: A method for phishing detection using certificates associated with uniform resource locators (URLs) is discussed. The method includes accessing certificate portions of a certificate associated with a suspect URL, the certificate accessed at a database that includes certificates obtained by monitoring certificate logs. The method includes accessing a URL score for the suspect URL. The method includes assigning a certificate rule score based on partial certificate scores of certificate portions, the certificate rule score indicating a phishing potential for the certificate, each of the partial certificate scores indicating a likelihood of phishing of each portion based on certificate rules. The method includes using a machine learning model based on the URL score and the certificate to determine a uniqueness certificate score. The method also includes determining a phishing certificate score based on the certificate rule score and the uniqueness certificate score for the certificate.

Abstract: In accordance with the present approach, a license analysis system may receive user activity data for a software program from an enterprise or client, including a client-specific association between license types and user assignments. The user assignments may include roles, profiles, and/or authorization objects assigned to each user within the software program. The license analysis system may analyze the user activity data to generate one or more 1:m relationships of each license type to a number of user assignments within the enterprise. The license analysis system may then compare the 1:m relationships to the user activity data to identify an acceptable license type assignment for each user that provides appropriate software authorizations according to their historic software usage.

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes receiving, by a cross-account, a grant to access a share object comprising a secure view and usage functionality associated with a secure user-defined function (UDF) to underlying data. The method includes accessing, by the cross-account, the share object using the grant. The method includes sending a request to a share component to cause the share component to implement the secure view and the usage functionality associated with the secure UDF. The method includes sending a query to the share component to cause the share component to implement the secure UDF.

Abstract: A method, apparatus, system, and computer program product for domain-authenticated control of platform resources. Resources under the control of the platform are managed in accordance with access control rules that are centrally managed by a directory service. Security policies are uniformly applied by requiring authorization of the user's access to platform resources including hard drives, flash memory, sensors, network controllers and power state controllers.

Abstract: A system and method to filter potentially unwanted traffic from trackers, third-party cookies, malicious websites or other sources and present the aggregated results of said filtering to the VPN user. One of the embodiments enables a VPN user to opt-in or opt-out from the filtering activities while being able to access the aggregated information about filtering. In another embodiment, the user can choose to customize the filtering parameters to add or remove specific targets from the filtering policies.

Abstract: Disclosed herein are systems and methods for selective scanning of external partitions. In an embodiment, a database platform receives a query directed at least in part to an external table stored on an external data storage platform. The external table is partitioned into partitions corresponding to storage locations in the external data storage platform. The database platform prunes, using external-table metadata that is stored by the database platform and that maps the partitions of the external table to the storage locations in the external data storage platform, those partitions that do not potentially contain data that satisfies the query. The database platform identifies data that satisfies the query by scanning any one or more of the partitions of the external table that were not pruned, and responds to the query at least in part with the identified data that satisfies the query.

Abstract: Systems and methods are disclosed for managing personalized dining checks created by individualized ordering enabled by associating mobile devices of patrons and waiters with table indicia.

Abstract: Systems and methods include a computer-implemented method for using variant profiles, including the following. A composite profile for a user is generated by a variant profile system. The composite profile defines resource authorizations for the user. At least one sub-profile is generated for the user. Each sub-profile includes at least one role-based authorization for a user role, and each role-based authorization is extended to users having a composite profile that includes the sub-profile. A set of variant fields for each sub-profile is received from an administrator. The set of variant fields identifies user-specific fields to which the user has access under the user role. The at least one sub-profile is linked to the composite profile of the user. A user buffer defining authorizations for the user is updated using the composite profile of the user, causing the authorizations to become active.

Abstract: A computer-implemented system and method for contextual advertising and merchandizing based on user configurable preferences is disclosed. The system in an example embodiment includes an advertising (ad) preferences service to obtain user preference information related to advertising, enable user configuration of the user preference information related to advertising, and modify the presentation of advertising to the user based upon the user configured preference information.

Abstract: Some embodiments include a method of providing security and privacy for a message sender. The method can include a messaging application determining that a messaging interface of the computing device is active and is revealing or about to reveal the electronic message. The messaging application can identify a recipient account of a messaging server system that is associated with the electronic message according to the electronic message or the messaging server system. The messaging application can then monitor a data feed from a sensor of the computing device to detect a biometric pattern that matches against a biometric profile model associated with the recipient account utilizing a biometric recognition process. In response to determining that the detected biometric pattern does not match the biometric profile model associated with the recipient account, the messaging application can activate a privacy shield to prevent content of the electronic message from being revealed.

Abstract: This disclosure describes techniques for monitoring, scheduling, and performance management for computing environments, such as virtualization infrastructures deployed within data centers. In one example, a method includes obtaining, by a policy controller, a first profile for an element of a virtualization infrastructure, the first profile comprising a first ruleset having one or more alarms; obtaining, by the policy controller, a second profile for a group of one or more elements including the element, the second profile comprising a second ruleset having one or more alarms; modifying, by the policy controller based at least on the element being a member of the group, the first profile to generate a modified first profile comprising the first ruleset and the second ruleset; and outputting, by the policy controller to a computing device, the modified first profile.

Abstract: Enforcement of policies for tabular data access as a collection of columns over a plurality of different information assets is provided. In an enforcement knowledge graph, information asset-assigned terms are found that correspond to information assets in a virtual information asset that references a set of tabular data. Transitive closures of the information asset-assigned terms are found in a business glossary to form a table of business glossary terms. Term intersection is determined between a hash table of any column-assigned terms and the table of business glossary terms. The information assets are assigned to the virtual information asset when the term intersection is not empty. A set of policy rules associated with the set of tabular data and a context of a user making a data access request to the set of tabular data is applied to the virtual information asset to determine an access enforcement decision.

Abstract: Disclosed embodiments include techniques for automatically provisioning dynamic privileged access resources. Aspects may involve receiving a notification that an identity is seeking to participate in a privileged session with an access-restricted network resource, and automatically provisioning, in response to the notification, a privileged access resource for use by the identity in participating in the privileged session with the access-restricted network resource. Further, aspects may include determining that the privileged session with the access-restricted network resource has ended, and automatically deprovisioning, based on the determination, the privileged access resource.

Abstract: Systems and methods for managing membership in a private data exchange are provided herein. In one embodiment, the method includes generating, by a first member of a data exchange a listing. The listing comprises a reference to shared data within a database controlled by the first member. The method further includes providing a second member of the data exchange with a set of rights with respect to listing. The method further includes limiting, by a processing device, access for the second member to a portion of the shared data that is less than all of the database referenced by the listing based on the set of rights of the second member with respect to the listing.

Abstract: A system, method and computer-readable medium for providing comprehensive security to business systems by distributing the security for accessing the business systems across databases at a plurality of locations. The distributed security simplifies security maintenance and is used to control all aspects of a business. The generation of bills, pings converter boxes, schedules pay per view, etc. are handled by the distributed security.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for persisting state of a streaming application are disclosed. In one aspect, a method includes the actions of receiving data indicating interaction with third-party content that is displayed with first-party content at a client device. The interaction with the third-party content initiates an application request for a streaming version of an application (“streaming application”). The actions further include generating a representation of the streaming application in response to the interaction with the third-party content at the client device. The actions further include receiving data indicating a user interaction with the representation of the streaming application at the client device. The actions further include generating and storing data indicating a first state of the streaming application at a first time based on the user interaction with the representation of the streaming application.

Abstract: Various examples are directed to systems and methods for serving content to a user. A content server may receive content from a submitting user. The content server may extract a first name entity from the content. The content server may generate configuration data for the content, where the configuration data comprises an association between the first name entity and at least one requesting user role that is to receive the first name entity in obfuscated form. The content server may receive a request for the content from a first requesting user having a first requesting user role and determine, using the configuration data, that the first requesting user is to receive the first name entity in obfuscated form. The content server may replace an instance of the first name entity at the content with a first obfuscated name entity to generate first obfuscated content and serve the first obfuscated content to the requesting user.

Abstract: Example techniques detect incidents based on events from or at monitored computing devices. A control unit can detect events of various types within a time interval and aggregate the detected events into an incident. The control unit can detect patterns within the events based at least in part on predetermined criterion. In examples, the control unit can determine pattern scores for the patterns based on the probability of occurrence for the patterns and determine a composite score based on the pattern scores. The control unit can determine that an incident indicating malicious activity has been detected based in part determining that the composite score is above a predetermined threshold score. In some examples, the control unit can classify and rank the incidents. The control unit can determine if an incident indicates malicious activity including malware or targeted attack.