Abstract: System and method for facilitating account access delegation are provided. Login credentials are authenticated for a first account of a first funding source of a first user. A request from the first user to delegate, to a second account of a second user, access to the first funding source is received. A redirected login request from a merchant web application is further received. The redirected login request corresponds to the second account. A determination is made, based on the received request, that the second account is permissioned to use the first funding source. In response to the determination, a login of the first user account is caused on the merchant web application. The logging in of the first user account on the merchant web application causes the first funding source to be applied to an electronic transaction performed on the merchant web application under control of the second user.

Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.

Abstract: A method for identity resolution and data enrichment is performed by at least one hardware processor and includes detecting at an account of a data provider, a shared data object that is shared by an account of a data consumer with the account of the data provider. An application executing at the account of the data consumer is enabled for an identity resolution process based on the detecting of the shared data object. A request for source data received from the application is detected at the account of the data provider. The source data is managed by the account of the data provider. The source data is communicated to the application executing at the account of the data consumer, based on a verification that the application is enabled for the identity resolution process. The identity resolution process is performed at the account of the data consumer using the source data.

Abstract: Systems and methods for digital property protection are disclosed. For example, indication may be received that an entity has applied for an insurance policy to insure against theft of digital property. The digital property may be registered and a valuation of the digital property may be generated. Due diligence processes may be performed, including assessment of physical and/or network security mechanisms to prevent theft of the digital property. A recommendation to issue the insurance policy may be generated and sent in examples where the due diligence processes return favorable results. Terms generation and/or identification may be performed, and claims processing based at least in part on loss matrixes may also be performed.

Abstract: Evaluating computers, devices, or endpoints on a network, such as a large network of computers in an enterprise environment. Detecting computers, devices, or endpoints that may present a security risk to the network or may be compromised in some way. Generating network traffic that, in some cases, should be ignored or should prompt specific, known responses. Detecting endpoint(s) that respond to such network traffic in an anomalous way, or otherwise attempt to perform certain operations based on such network traffic.

Abstract: A method, an electronic device, and a computer program product for storage management are provided. The method includes: acquiring a lock attribute record in a lock attribute record chain from a data protection network for backing up data, data protection servers of the data protection network reaching a consensus on the lock attribute record chain, the lock attribute record including a first attribute value of an attribute of a lock operation, the lock operation being used for preventing a backup of the data stored in a storage server from being tampered with; acquiring, based on the lock attribute record, a second attribute value of the attribute of the lock operation from the storage server; and generating, based on determining that the first attribute value does not match the second attribute value, an alarm indicating that the backup is tampered with. This solution can better prevent data from being tampered with.

Abstract: Methods, systems, and apparatus, including an apparatus for verifying the integrity of requests. In some aspects, a method includes receiving, from an application, a request including an attestation token of the application. The attestation token includes a set of data that includes at least a public key of the application and a token creation time that indicates a time at which the attestation token was created. The attestation also includes a signature of the set of data. The signature is generated using a private key that corresponds to the public key. The integrity of the request is verified using the attestation token. The verification includes determining that the integrity of the request is valid based on a determination that the token creation time is within a threshold duration of the time at which the request was received and a determination that the set of data has not been.

Abstract: Described herein are systems, methods, and non-transitory computer readable media for automating the transfer/syncing of datasets or other artifacts from one security domain (e.g., a low security side environment) to another security domain (e.g., a high security side environment) in a seamless manner that complies with requirements of a data transfer mechanism used to transfer data between the two security domains while ensuring data integrity and consistency between the two security domains.

Abstract: Systems and methods relate generally to associating confidential information with redactions are disclosed. In one such method, a login session is established with a programmed server. A document having the confidential information is uploaded to the programmed server. The confidential information in the document is detected by an artificial intelligence service. The confidential information is analyzed according to at least one rule by the artificial intelligence service. Suggestions for at least one redaction are generated by the artificial intelligence service. At least a portion of the confidential information is redacted responsive to the at least one redaction suggested by a redaction service. The document is stored in association with the at least one redaction though separate from the confidential information to provide at least one reversible redaction.

Abstract: A system includes a processor and memory storing instructions that cause the processor to receive, from a client device, inputs defining associations between one or more control objectives and one more policies, wherein the one or more control objectives define one or more functions to be performed to comply with the one or more policies. The processor may map the one or more policies associated with the one or more control objectives to an application environment and receive, from the client device or a different client device, a change set to an application in the application environment, wherein the change set comprises one or more modifications to the application. The processor may then determine whether the change set adheres to the one or more policies and restrict implementation of the change set in response to determining that the change set does not adhere to the one more policies.

Abstract: A method comparing, by a user device, an observed characteristic with a determined characteristic, the observed characteristic indicating a current feature included in a current communication associated with a current entity with which the user device is communicating and the determined characteristic indicating an authentic feature included in an authentic communication associated with an authentic entity with which the user device intends to communicate; selectively matching, by the user device based on a result of comparing the observed characteristic with the determined characteristic, current communication information associated with the current communication with authentic communication information associated with the authentic communication; and determining, by the user device based on a result of selectively matching the current communication information with the authentic communication information, that the current entity is the authentic entity or that the current entity is not the authentic entity.

Abstract: Systems and methods are provided for efficient post-processing of object-based snapshots of block-storage volumes, which post-processing may include garbage collection, validation, or resource usage auditing for the snapshots. An object-based snapshot can be logically represented by a set of objects stored on an object storage service, which objects collectively represent a copy of the data of a corresponding block-storage volume at a given point in time. Each snapshot can further be represented by a full manifest that includes a full listing the set of objects representing the block-storage volume, and a differential manifest that includes a listing of objects unique to the snapshot relative to a prior snapshot of the same volume. Full manifests enable each snapshot to remain independently represented, while differential manifests enable efficient post-processing by reducing the amount of data retrieved and processed to identify an aggregate of all objects referenced across a group of snapshots.

Abstract: Embodiments detect identity attacks by comparing usage of compromised passphrases or other weak credentials in failed sign-in attempts to access restriction conditions. A restriction threshold amount of weak credential failed sign-ins (WCFSI) or a WCFSI increase indicates an identity attack, such as a password spray attack. Going beyond the mere number of failed sign-ins by also considering credential strength allows embodiments to detect attacks sooner than other approaches. An embodiment may also initiate or impose defenses by locking accounts, blocking IP addresses, or requiring additional authentication before access to an account is allowed. Weak credentials may include short passwords, simple passwords, compromised passwords, or wrong usernames, for instance. Password strength testing may be used for attack detection in addition to preventive use on passwords proposed by authorized users. Familiar and unfamiliar traffic source locations may be tracked, as sets or individually.

Abstract: Systems, methods, and corresponding non-transitory computer readable media describe a proposed system adapted as a platform governing the loading of data in a multiparty secure computing environment. In the multiparty secure computing environment described herein, multiple parties are able to load their secure information into a data warehouse having specific secure processing adaptations that limit both access and interactions with data stored thereon.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: Techniques for training and using models to analyze multiple attributes of an authentication, and detect anomalous authentications that may include security threats. An authentication platform may use historical authentication data to train models to identify common attributes for authentications of users, and the training may be performed without the use of labels. For instance, models may be trained for each attribute of the historical authentications (e.g., geographic location, type of authentication method, type of device, time of day, etc.) to “learn” common behaviors of users across attributes of historical authentications. The models can then be applied to new authentications to determine, on an attribute-by-attribute level, whether or not new authentications are anomalous as compared to historical authentications by the user.

Abstract: A method for providing a subscription service in a terminal installed with an instant messaging application by interworking with an application server is provided. The method comprises displaying recommendation boards recommended by the application server or boards published in a subscription channel on an interface screen, receiving a request for subscribing to a specific channel that has published the recommendation board, from a user, and transmitting information on a channel for which a subscription is requested to the application server and requesting registering as a subscription channel. Each board displayed on the interface screen is a content distribution unit that is composed of a board title and a plurality of contents, and is exposed along with a name of a channel having published a corresponding board. The channel publishing each board is an account that has subscribed to a service providing the instant messaging application.

Abstract: A method according to one embodiment includes receiving audio input by a microphone of an access control device that controls access through a passageway, processing an audio signal associated with the audio input to identify and authenticate a user, determining a command corresponding with the audio signal in response to identification and authentication of the user, and performing at least one action that corresponds with the command.

Abstract: Selectively presenting information by generating a dictionary including information categorized as sensitive according to a participant's characteristic, generating a display matrix including display rules according to the participant's characteristics, detecting sensitive data in a presentation stream, determining display coordinates for the sensitive data, determining a presentation status for the sensitive data according to the participant's characteristics, the dictionary, the decision tree and the display matrix, and masking the presentation of the sensitive information according to the presentation status and the display coordinates.

Abstract: Methods and systems for managing and/or processing a blockchain to maintain data security for confidential and/or personal data are provided. According to certain aspects, the disclosed data security techniques may enable access sharing functionality utilizing the blockchain. For example, access sharing may be utilized to file documents, share policy information, and/or comply with an audit. The data security techniques disclosed herein also enable the use of smart contracts to transfer funds associated with payment obligations and/or other forms of blockchain based payments, comply with anti-money laundering requirements, report industry data, validate interest payments and/or maintain agent sales data. Data security may be achieved through the use of public key/private key encryption techniques.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for providing contextually relevant recommendations based on a context of the user. The context of the user may be determined according to a set of privacy settings of the user, where the set of privacy settings indicates contextual features for which values are permitted to be accessed by a recommendation system. The contextual features may include user-related features and/or tenant features pertaining to a tenant of a multi-tenant database.

Abstract: Aspects of the disclosure relate to an electronic document sharing and signing (DSS) ecosystem for electronic document authentication and authorization. The DSS ecosystem may preferably provide a communication platform between a first user information database associated with a first entity and a second user information database associated with a second entity. The DSS ecosystem may include a signer information database. The signer information database may be coupled to the first user information database and the second user information database. The signer information database may be configured to be readable by the first entity and writeable to by the first entity, and readable by the second entity but not writeable to by the second entity. The signer database may include a list of signatory names associated with the first entity, and a plurality of electronically signed documents. Each of the documents may include an electronic signature applied by a signatory whose name appears on the signatory list.

Abstract: A novel electronic device is provided. An electronic device capable of executing various types of processing by simple operation is provided. An electronic device with a high security level is provided. The electronic device includes a control portion, a detection portion, and a memory portion. The detection portion has a function of detecting touch operation and a function of obtaining fingerprint data on a touching finger. The memory portion has a function of retaining fingerprint data on a plurality of finger registered in advance.

Abstract: Method and systems for detecting and mitigating a malicious bot. Threat information is obtained, the threat information identifying one or more indicators of compromise (IOC) corresponding to suspected or known malicious network traffic. A control list (CL) corresponding to the threat information is generated, the CL describing rules for identifying network flows to be logged in a network log. The network log identifying the network flows is obtained and a suspect network flow identified by both the threat information and the network log is identified. An address corresponding to the suspect network flow is identified and the address is correlated with a user identifier. A notification is issued to a user associated with the user identifier, the notification indicating a suspected existence of a malicious bot.

Abstract: Some embodiments provide systems and methods that can alleviate the burdens on professional advisors of preparing snapshots and answering client questions, particularly questions that do not require professional judgment or strategy. Such embodiments can automate creation of snapshots of account data collected from multiple institutions, suggest questions that are relevant to a user's accounts, and provide programmatic responses to factual or definitional questions pertaining to those accounts.

Abstract: An exemplary system having a processor and a memory therein includes means for creating an isolation group, in which creating the isolation groups includes: defining isolation requirements, identifying a group of features utilizing call-out functions, and selecting from among the group of features utilizing call-out functions a group of features having the defined isolation requirements; deploying platform software integrating the isolation requirements, in which the platform software contains instructions to map the isolation requirements to a customer organization; creating the customer organization; creating a unique variant of the customer organization, in which creating the unique variant of the customer organization includes declaratively applying an isolation layer containing isolation requirements on top of a base layer for the customer organization; and deploying the unique variant of the customer organization onto the customer organization's computing infrastructure, in which the unique variant vali

Abstract: Methods and systems for malicious non-human user detection on computing devices are described. The method includes collecting, by a processing device, raw data corresponding to a user action, converting, by the processing device, the raw data to features, wherein the features represent characteristics of a human user or a malicious code acting as if it were the human user, and comparing, by the processing device, at least one of the features against a corresponding portion of a characteristic model to differentiate the human user from the malicious code acting as if it were the human user.

Abstract: The present disclosure generally relates to user interfaces that include application widgets. In some embodiments, a computer system displays a home screen, where displaying the home screen includes displaying a set of user interface elements based on whether an account that was used to set up the computer system is associated with a first type of content. In some embodiments, a computer system displays a user interface in response to detecting a request to change the orientation of the user interface. Displaying the user interface includes displaying an arrangement of application widgets and application icons, where a set of application widgets has a same spatial organization as in a previous arrangement.

Abstract: One example method includes performing a hash of data to generate a hash value, checking a binary trie to determine if the hash value has previously been entered into the binary trie, if the hash value has previously been entered in the binary trie, declaring the data as a duplicate of other data, and if the hash value has not been previously entered in the binary trie, updating the binary trie to include the hash value.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: Aspects of the disclosure relate to information masking. A computing platform may receive, from a user computing device, a request to access information that includes personal identifiable information (PII). The computing platform may retrieve source data comprising the PII and mask, within the source data and based on a data management policy, the PII. The computing platform may send the masked information in response to the request to access the information. The computing platform may receive a request to unmask the masked information and unmask the PII. The computing platform may log the request to unmask the masked information in an unmasking event log and send the unmasked PII in response to the request to unmask the masked information. The computing platform may apply a machine learning model to the unmasking event log to identify malicious events and trigger remediation actions based on identification of the malicious events.

Abstract: A method of transaction between a first cryptocurrency transacted based on a first blockchain and a second cryptocurrency transacted based on a second blockchain includes obtaining first transaction information with respect to a first transaction in which a first user transmits the first cryptocurrency to a second user, and second transaction information with respect to a second transaction accompanying the first transaction and in which the first user receives the second cryptocurrency from the second user; if the first transaction information satisfies terms of agreement between the first user and the second user, adding, to the first transaction information, first condition information depending on validity of the second transaction information and activating the first transaction of the first cryptocurrency; and digitally signing the first transaction information to which the first condition information is added, to prove the terms of agreement, and transmitting the first transaction information to a node

Abstract: Technology for setting a first password based on a password precursor or setting a second password (in a multi-factor authentication system). The password precursor (for example, a number or alphanumeric string) can be converted to the first password by a set of operation(s). Similarly, the first password can be converted into a second password by a set of operations. The set of operations may include mathematical operations and/or alphanumeric string operations.

Abstract: A method for generating a trustworthiness score for an automation call is disclosed. An automation database may return trust information for multiple trust indicators. A current score may also be determined. The trust information provides insight into the trustworthiness of the automation call. When an error is encountered with the call or in a user interface, the trust system may intervene based on the user sentiment. The intervention may be automatic, and computer or human based.

Abstract: A creation device includes processing circuitry configured to collect pieces of information about IoT (Internet of Things) apparatuses connected to IoT gateways, and white lists stored in the IoT gateways, the white lists specifying content of communication allowed for each of the IoT apparatuses, calculate a feature value showing communication features of IoT apparatuses for each of the IoT gateways, and degrees of similarity in the feature value among the IoT gateways, based on the collected pieces of information about the IoT apparatuses, and extract, if any of the calculated similarity degrees is equal to or above a predetermined threshold, pieces of white list information about IoT apparatuses to mutually complement white lists stored in IoT gateways, from pieces of white list information about IoT apparatuses included in the white lists.

Abstract: Systems, devices, and methods related to generating instructive actions based on categorization of input data are described. In an example, a method can include receiving, from an edge device and at a processing resource of a device, a plurality of input data associated with a plurality of sources communicatively coupled to the edge device and categorizing each piece of the plurality of input data as private or public based on an associated one of the plurality of sources. The categorizing can include writing each piece of data with metadata that indicates that it is private or public and/or selecting a first data path indicated as private or a second data path indicated as public. The method can include writing each piece of the plurality of input data categorized as private to a dedicated buffer or a dedicated address space of a memory resource.

Abstract: A user of a client device accesses a service provided by a server computer. The server computer gathers data about the user. The data gathered may be kept private by the server computer, shared only with other computers and users owned by the same entity, shared with selected third parties, or made public. The server computer provides a privacy policy document that describes how the data gathered is used. A privacy server analyzes the privacy policy document and, based on the analysis, generates a privacy score. The privacy score or an informational message selected based on the privacy score are provided to the client device. In response, the client device presents the privacy score or the informational message to the user. In this way, the user is informed of privacy risks that result from accessing the server computer.

Abstract: The present disclosure discloses methods and systems for transferring rights, to release a secure print job from one user to another user. The rights to release the secure print job can be transferred based on a request from a primary user i.e., the user who submits the secure print job or based on a request from a secondary user i.e., the user who wants to release the secure print job on behalf of the primary user. Based on the request from any user, a multi-function device transfers rights to release the secure print job from the primary user to the secondary user. Here, transferring rights includes changing ownership of the secure print job from the primary user to the secondary user. Upon successful changing the ownership, the secondary user releases the secure print job originally submitted by the primary user.

Abstract: Example systems and methods for biometric authentication that can bridge fuzzy extractors with deep learning and achieve the goals of preserving privacy and providing recoverability from zero are disclosed. Embeddings comprising a face or speaker embedding in a non-Hamming distance space can be processed to create a personal reliable bit map and a reliable locality-sensitive hash (LSH) for mapping the non-Hamming distance space to a Hamming distance space. A fuzzy extractor can be applied to create metadata that can be stored on a computing device. A secret can be recovered from the metadata and can be used for identification.

Abstract: A system and method for dynamic tabs-based selection role-based print management web portal determines a role assigned to a logged in user. A user is provided with selectable tabs based on their determined role. Users with rolls allowing access to customer information can select customers for management of customer information or management of customer devices. Tabs are generated based on selected customer properties. Users with administrative roles are enabled to further configure, adjust and troubleshoot devices. Users with an end user role are limited to device tasks and management of their own information. Super users are unrestricted and have access to all functions of all users. Thus, functionality is added based on a user's role in a non-redundant manner.

Abstract: Computerized systems and methods are provided for managing future radiology orders for multiple facilities. The systems and methods can include detecting a location identifier for each future radiology order, and in response to detecting the location identifier, determining a specific radiology facility for that location identifier. The respective future radiology orders can then be provided to the intended radiology facility.

Abstract: A policy-controlled authorization system including a local application on a client device, a policy component including a plurality of policies, and a mid-link server, coupled to the client device is provided. A request for access to a service using a token is provided by the local application. A correlator correlates the token with the plurality of tokens for identifying a policy from the plurality of policies associated with the token. A token inspector authorizes the token for accessing the service based on the correlation. Based on the authorization, either the token is authorized for access to the service via the remote application, or the token is blocked when unauthorized to prevent access to the service. Confidence scores are assigned to each token based on their categories, compliance with the policies, and a threat level. The confidence scores indicate need to re-authorize the tokens and/or disable them temporarily.

Abstract: A method for authentication data transmission and a system thereof are provided. The method is operated in a computer system that is connected to a biometric device, and a secure channel is established there-between according to a security protocol. The computer system can receive encrypted biometric feature data from the biometric device based on a request. In a secure environment built in the computer system, the biometric feature data is decrypted and biometric features can be extracted. A comparison result is generated after comparing the biometric features with feature data in a database. The comparison result can be transmitted to the biometric device. The comparison result is then encrypted in the biometric device according to the security protocol. The biometric device can therefore transmit the encrypted comparison result to the computer system via the secure channel.

Abstract: The invention relates to a portable, autonomous and secure micro-server (10) for collaboration between different users, comprising: a central processor (11); a random-access memory (12); a storage space (13) for computer files; an operating system (32) configured to be able to control said central processor (11), said random-access memory (12) and said storage space (13), characterized in that it further comprises: a first controller for wireless access to said micro-server, called the sharing network controller (14); a second controller for wireless access to said micro-server, called the configuration network controller (15); a management module (16) for managing packets from an IP network layer, said management module being embedded in said operating system (32) and configured to enable the use of a network service that enables files to be supplied from the storage space to a network service hosted by a device (21, 22) of a user connected to said micro-server via said sharing controller (15); a data encryp

Abstract: A request for access to a user's account is made to an authenticator. The authenticator sends a request for access to the user associated with the user's account. In response to user authorization, the authenticator sends an access link to a service engineer. The service engineer access the link to access the user's account with limited and restricted access. When a remote service session associated with the activated access link is terminated, the authenticator sends a termination of session notice to the user.

Abstract: A method of providing user access history for a collaborative document includes receiving, by a server, a first request for the collaborative document from a client device of a user of a plurality of users that have permission to access the collaborative document; providing the collaborative document to the client device for presentation to the user in a user interface on the client device; determining whether a collaborator type of the user matches a predefined collaborator type; responsive to determining that the collaborator type of the user matches the predefined collaborator type: creating a first user access history for the collaborative document based on accesses of the collaborative document by one or more of the plurality of users, and providing the first user access history for the collaborative document to the client device for display within a consolidated view of the user interface presenting the collaborative document.

Abstract: Provided is a system and method for enabling of access to a computer resource by a computer system comprising: providing to a user an interface configured to receive a request for access to a computer resource; determining if the user is permitted to access the computer resource based on a user profile; providing a user verification interface configured to receive user identity verification information; determining if the user identity verification information is valid in response to a reply to the request for user identify verification information; and in response to determining that the user is permitted access to the computer resource and that the user verification information is valid: updating a security policy to reflect that the user is permitted to access the computer resource, and providing access to the computer resource for a limited time duration.

Abstract: An integrated circuit includes, in part, a key management unit configured to generate a seeding key during a start-up phase, an encryption module configured to encrypt data using the seeding key and deliver the encrypted data to a second integrated circuit, and an encoder configured to encode the seeding key and deliver the encoded seeding key to the second IC. The second integrated circuit includes, in part, a decoder configured to decode the seeding key. Each of the integrated circuits further includes, in part, a linear-feedback shift register that receives the same clock signals and loads the seeding key.

Abstract: Methods and systems of managing or reconciling location-based transactions are disclosed. At least a location attribute related to a virtual coupon is derived from a digital representation of a real-world scene captured at least in part by a mobile device. At least one virtual coupon is generated based on at least the location attribute, wherein the virtual coupon is related to a purchasable item associated with the real-world scene. A reconciliation matrix related to the purchasable item based on at least the location attribute is identified. A transaction for the purchasable item is reconciled among at least one vendor account and at least one consumer account according to the at least one virtual coupon and the at least one reconciliation matrix.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.