Abstract: Embodiments of the invention are directed to a system, method, or computer program product for cross-channel network security with tiered adaptive mitigation operations. In this regard, the invention is structured for dynamic detection of security events associated with network devices and resources, and triggering real-time mitigation operations across a plurality of resource channels. The invention provides a novel method for employing activity data to construct and implement mitigation actions for de-escalating authorization tiers that are adapted to the specific attributes of the activity data, in order to prevent security exposure associated with the activity. Another aspect of the invention is directed to determining whether to continue the tiered adaptive mitigation actions and/or trigger a security proceed signal.

Abstract: A computer implemented method for providing a communication path is provided. The method includes to determine, with a receiving device, a shared secret based on a receiving device private key and an electronic device public key communicated to the receiving device over a network, and determine, with the electronic device, the shared secret based on an electronic device private key and a receiving device public key communicated to the electronic device over the network. The method also includes to determine, with the receiving device, an identifier of the receiving device based on the shared secret, and determine, with the electronic device, a time-based one-time password (TOTP) based on the shared secret. The method also includes to obtain a token based on the TOTP, communicate the token from the electronic device to the receiving device based on the identifier, and provide a communication path between the receiving device and electronic device based on the token.

Abstract: A control device having a surface that is hidden after installation of the control device. The control device includes an optical code disposed on the surface. The optical code encodes a device identifier of the control device and a secret code. The control device includes a wireless transceiver configured to communicate with a user device during a provisioning sequence of events that is initiated based on the user device scanning the optical code to obtain the device identifier and the secret code.

Abstract: A method is disclosed for conducting a transaction between a computing device and an access device. A server computer may be utilized to facilitate data exchanges between the computing device and the access device. These data exchanges may utilize high-frequency sound signals. The server computer may encrypt at least some portion of data that is then transmitted to the access device via the computing device. The server computer may verify data received from the access device prior to generating and transmitting an authorization request message for the transaction.

Abstract: According to some embodiments, a method includes receiving, from a graphical user interface, an indication that a user has purchased licenses associated with a CNF. The method further includes sending, to a second computing system of a CNF, first instructions regarding the licenses purchased by the user. The method further includes receiving an indication that the user wishes to deploy a particular router in the CNF with a particular data connection and retrieving, from the second computing system of the CNF, a list of licenses previously purchased by the user. The method further includes automatically determining, from the list of licenses, appropriate licenses for the particular router that the user wishes to deploy in the CNF. The method further includes sending second instructions that are operable to deploy the particular router in the CNF with the particular data connection and apply the determined licenses to the deployed particular router.

Abstract: An off-road mobile work machine data capture system includes a robustly-identifiable sensor module having a task sensor that provides a task sensor signal indicative of a task. The system also includes a processor coupled to the robustly-identifiable sensor module that is configured to issue a challenge to the robustly-identifiable sensor module and compare a response from the robustly-identifiable sensor module to an expected response to authenticate the robustly-identifiable sensor module. The processor is further configured to generate an indication of authentication failure if the response from the robustly-identifiable sensor module does not match the expected response.

Abstract: Novel tools and techniques are provided for implementing customer resource telemetry and use as a service. In various embodiments, a computing system might receive, from a user, a request to access at least one network-accessible resource associated with a customer of a service provider, the user being unassociated and unrelated with the customer; might identify at least one of a user identification, a company, or a class of user associated with the user; might determine whether at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource, based on the identification. If so, the computing system might provide the user with access to the at least one network-accessible resource associated with the customer. If not, the computing system might deny, to the user, access to the at least one network-accessible resource associated with the customer.

Abstract: Systems and associated methods are described for providing content recommendations. The system selects, using a multi-armed bandit solution model, a first plurality of content categories based on a reward score of each content category. The categories are displayed. When a user selects an item from the displayed categories, the system finds all categories that include the selected item, but rewards only the category with the highest score. The system selects, using the multi-armed bandit solution model, the second plurality of content categories based on the updated reward score of each content category. The categories are then displayed. The system may also repeat the steps to refine the multi-armed bandit solution model.

Abstract: A method of and server for ranking documents in response to a query are provided. The method includes determining a target resource hosting a document, and generating a first and a second randomly-selected value for the document. During a first time interval, the method includes acquiring a query and generating a first ranked list of documents to the query based on the first randomly-selected value. The first ranked list includes the document at a promoted-rank position. During the second time interval, the method includes acquiring a query and generating a second ranked list of documents to the query based on the second randomly-selected value. The second ranked list includes the document at a demoted-rank position. The promoted-rank position in the first ranked list is above the demoted-rank position in the second ranked list for increasing a gap in user traffic to the document between the first and second time intervals.

Abstract: The present disclosure provides systems and methods for automatically detecting third-party re-identification of anonymized computing devices.

Abstract: Provided is a method, system, and computer program product for storing images across multiple distributed computing systems according to image sensitivity. The method comprises identifying an image and analyzing the image to identify sensitive information in the image. The method further comprises splitting the image into a sensitive portion and a non-sensitive portion. The method further comprises storing the sensitive portion of the image in a first distributed computing system and storing the non-sensitive portion of the image in a second distributed computing system.

Abstract: An electronic device is disclosed. An electronic device comprises: a first memory in which an operating system and an application program executed on the operating system are stored; a second memory; a processor for loading at least some codes among codes corresponding to an application program from the first memory to the second memory, and when access information of the codes loaded in the second memory is received from a kernel of an operating system, accessing an area in which the loaded codes are stored, on the basis of the received information and executing the application program; and a snoop for monitoring access to an area in which a preset code, the access of which has been limited, from among codes loaded in the second memory is stored.

Abstract: Systems and methods that allow examination of response data collected from content providers and provide for classification and routing according to the classification. The process of classification employs an unsupervised, or partially unsupervised, Machine Learning classifier model for identifying data collection responses that contains no data, mangled data, or a block, for assigning a classification correspondingly and for feeding the classification decision back to a data collection platform.

Abstract: A machine learning system includes encoder and decoder networks. The machine learning system is configured to obtain input data, which includes sensor data and a radius of an p norm ball of admissible perturbations. Input bounding data is generated based on the input data. First bounding data and second bounding data are generated by respectively propagating the input bounding data on first and second outputs of the encoder network. Third bounding data is generated in association with a latent variable based on the first bounding data and the second bounding data. Fourth bounding data is generated by propagating the third bounding data on an output of the decoder network. A robustness certificate is established with respect to the input data by generating a lower bound of an evidence lower bound based on the first, second, third, and fourth bounding data.

Abstract: A data structure for a decentralized ledger interchange object includes: a first data field containing an identifier for an item; a set of second data fields linked to the first data field, each second field containing one of a set of time periods; a set of third data fields, each third data field linked to a corresponding second data field, each third data fields containing a requested quantity of the item for a corresponding time period; and a set of fourth data fields, each fourth data field linked to the corresponding second data field, each fourth data field containing a committed quantity of the item for the corresponding time period. The decentralized ledger interchange object can used in a computer system, a computerized method for time-based manufacturing, a computerized method for time-based pricing and other systems, devices and methods.

Abstract: Systems and methods are described for seamlessly connecting devices based on relationships between the users of the respective devices. A media guidance application may determine that a first user has entered an environment (e.g., his/her mother's home) and may determine a frequency with which the first user enters the environment (e.g., daily). In response to determining that the first user visits frequently, the media guidance application may identify a second device in the environment (e.g., a smart TV) that a second user (e.g., the first user's mother) is authorized to grant access rights for. The media guidance application may determine a likelihood that the second user will grant the access rights for the second device to the first user, based on interaction data between the first user and the second user. In response to determining a high likelihood, the media guidance application may transmit the access rights.

Abstract: A method for setting a display panel dynamically and an electronic device are provided. In a booting stage of the electronic device, a display driver is executed, wherein a motherboard of the electronic device includes at least one specified pin, a storage device and a processor. A predetermined pin value is set in the at least one specified pin and read from the at least one specified pin of the motherboard through the display driver. A database is queried through the display driver and includes multiple reference pin values corresponding to multiple sets of parameter values. The set of parameter values corresponding to the predetermined pin value is obtained according to the reference pin values; and the display panel is initialized through the display driver using the set of parameter values corresponding to the predetermined pin value.

Abstract: The present disclosure provides systems and methods for parameterized application installation. A client device may provide authentication credentials of a user to an authentication server, which may store an association between the user and a content item linking to an application and identifying a parameter for use by the application. The client device may download and install the application via an application server or application store. Once installed, the application may re-provide the authentication credentials to the authentication server, which may retrieve the association, and provide the parameter for use by the application. Thus, the application server or application store may continue to discard referrer information or parameters for the application, but the application may still receive and utilize the parameters without further user intervention.

Abstract: A web browser may output a form comprising a payment field. A URL may be received from a communications interface of a contactless card, the URL comprising encrypted data generated by the contactless card based on a private key stored in a memory of the contactless card. An application may transmit the encrypted data to an authentication server, which may decrypt the encrypted data based on the private key. The application may receive, from a virtual account number server, a virtual account number. The application may receive an expiration date and a CVV. The application may copy the virtual account number to a clipboard of an OS. The OS may paste the virtual account number from the clipboard to the payment field of the form in the web browser. The OS may output a notification comprising the expiration date and the CVV associated with the virtual account number.

Abstract: A method for use by a system computer for granting access to a network resource includes receiving, in a first session, a first request for accessing the network resource, the first request including authorization information of a user of an access computer, initiating, while in the first session and using the first authorization information, a first authorization process with one or more authorization computers, and determining a failure relating to the first authorization process initiated with the one or more authorization computers. The method further includes, upon determining the failure, sending a second request indicating a temporary access token is to be delivered to the access computer in response to an access computer executing a session refresh for initiating a second session.

Abstract: An authentication system includes an authentication module and a user history database storing order information that includes, for each of multiple logins of the first user to a web property, at least one of: an indication of an order of hypertext transfer protocol (HTTP) headers that were previously received at the authentication module during the login, and an indication of an order of navigator object properties that were previously returned to the authentication module during the login. The authentication module is configured to: receive, from a web browser of a first entity attempting to log in to the web property, credentials of the first user; determine order information of the first entity's web browser; perform a comparison operation based on the order information of the first user and that of the first entity, and determine whether to allow the first entity to log in based on the comparison operation.

Abstract: An information processing apparatus includes: a processor configured to: when existence of predetermined information is detected, inquire a user whether to display contents of the information before the contents of the information are displayed as an augmented-reality image in front of a user's field of view; and control the displaying of the contents of the information by the augmented-reality image according to a user's instruction in response to the inquiry.

Abstract: Mechanisms for enhancing multiplayer games are provided.

Abstract: Novel tools and techniques are provided for implementing customer resource telemetry and use as a service. In various embodiments, a computing system might receive, from a user, a request to access at least one network-accessible resource associated with a customer of a service provider, the user being unassociated and unrelated with the customer; might identify at least one of a user identification, a company, or a class of user associated with the user; might determine whether at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource, based on the identification. If so, the computing system might provide the user with access to the at least one network-accessible resource associated with the customer. If not, the computing system might deny, to the user, access to the at least one network-accessible resource associated with the customer.

Abstract: An enhanced authentication system is described. One embodiment of the invention is directed to a method comprising: receiving, by a token service computer and from an initiating computer, a first authentication request message including verification method data and a token; transmitting, by the token service computer, a second authentication request message comprising the token and the verification method data to an access control server; receiving, by the token service computer from the access control server, an authentication response message comprising the token and a user authentication verification value; and transmitting, by the token service computer to the initiating computer, the authentication response message comprising the token, the user authentication verification value, and a token authentication verification value.

Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.

Abstract: Methods and systems are disclosed herein for a media guidance application that provides content recommendations based on recent activity. For example, the media guidance application determines that the user has stopped using the first device and is using the second device. In response, the media guidance application retrieves, from memory, a length of time that the user has consumed media on the first device. The media guidance application then determines the time interval when the user was consuming media on the first device. Next, media content is determined that the user consumed on the first device during the time interval. The media guidance application then determines a characteristic of the consumed media content and recommends media content on a second device based on the characteristic.

Abstract: The present application discloses a method for data aggregation, the method includes: acquiring original data to be aggregated and dividing the original data into at least one first data set; determining whether each of the at least one first data set has a corresponding historical aggregation record; when there is at least one second data set with a historical aggregation record in the at least one first data set, acquiring a historical aggregation result corresponding to each second data set to obtain at least one first aggregation result; performing aggregation on each third data set without a historical aggregation record to obtain at least one second aggregation result; and determining a third aggregation result of the original data according to the at least one first aggregation result and the at least one second aggregation result, and determining a data tag of the original data according to the third aggregation result.

Abstract: A system for simulating a dataset based on sample statistics, and generating pipeline instructions for a database using the simulated dataset, is disclosed. The system may be a cloud-based platform. The system can provide improved performance and security while designing and deploying Extract-Transform-Load (ETL) database pipelines to manage on-premises data. The system receives, from a remote client, sample statistics characterizing a distribution of data corresponding to a column of a database table. The system can generate, based on the received sample statistics, a simulated dataset representing the column of the database table. The simulated dataset may be generated using pseudo-random data values from a distribution with statistics matching the sample statistics. The system can build a simulated database relation based at least in part on the simulated dataset. The system can generate and deploy pipeline instructions using the simulated database relation.

Abstract: Provided is a platform user management method using a badge system performed by a computing device. The method comprises granting a badge generation permission to a first user account, generating a first badge according to a request for using the badge generation permission of the first user account, granting the first badge to the second user account and activating a first permission to a second user account when the first badge is equipped to the second user account.

Abstract: An information processing system includes: one or more internal devices that are connected to an internal network, the internal network being connected to an external network through a firewall; and an intermediation device that can communicate with the internal network and the external network; each of the internal devices including: a storage unit that stores one or more documents and metadata of each of the documents; and a request acceptance unit that accepts, from a user, a request for processing by an external server on the external network as to one of the documents stored in the storage unit, and transmits the accepted request to the intermediation device; the intermediation device including: a request transmission unit as defined herein.

Abstract: Methods and systems for removing sensitive information from a digital image. An instruction to share a digital image is received. It is then determined that the digital image contains a depiction of a corporate display medium that is classified as sensitive based on a policy and, based on the determination that the digital image contains the depiction of the corporate display medium that is classified as sensitive based on the policy, the digital image is processed to modify the depiction. The digital image is shared.

Abstract: Disclosed are a storage system, and a method and an apparatus for allocating storage resources. In the storage system, a target management node allocates a target storage node to a monitoring device according to a first storage request; the target storage node allocates a target storage volume to the monitoring device according to a second storage request, allocates a target block group from the target storage volume to the monitoring device, acquires monitoring data in the form of a data stream from the monitoring device, and stores the monitoring data in the target block group. The storage system may select a management node from a management cluster to allocate a storage node to a monitoring device, and the storage node may allocate a storage position to the monitoring device. The storage position that is allocated to monitoring data can be determined by the management node and the storage node hierarchically.

Abstract: The described features generally relate to receiving one or more positioning signals at a satellite terminal during installation of the satellite terminal at a customer premises, and providing position-based access to a satellite communications system based on a satellite terminal installation position determined from the received positioning signals. The determined installation position of the satellite terminal may then be employed for various network access techniques, such as providing access to the satellite communications system, providing position-based content, or restricting content via the satellite communications system based on the determined installation position.

Abstract: Generally described, one or more aspects of the present application relate to a public snapshot service for creating and managing block-level snapshots on a cloud provider network. Storage locations for each block that comprise the snapshot can be enumerated on a snapshot manifest. Identification of storage location for a requested snapshot block can be improved using a manifest index.

Abstract: Methods, media, and systems for a changing a private channel in a channel-based communication system from an “invited-members” mode to a “whitelisted groups” mode. When in a whitelisted-groups mode, the channel administrator can whitelist one or more groups for channel membership. The whitelisted groups may be external groups managed by an identity provider. Based on the whitelisted groups, users cannot be added to the private channel without being a member of one of the whitelisted groups. Users are also automatically removed from the channel if they are no longer in one of the whitelisted groups for any reason.

Abstract: The invention relates to a method for managing the reputation level of a first communication device (100), said reputation level (103) being stored into a first secure enclave (102) embedded in said first communication device (100). The method comprises the steps of: receiving from the first communication device (100) by a second communication device (110) an information message; verifying that the information message is consistent with data obtained from a sensor embedded in the second communication device (110); generating a feedback message by the second communication device (110) to be transmitted to the first communication device (100) indicating if the information message is consistent for the secure enclave (102) of the first communication device (100) to update its reputation level.

Abstract: Embodiments of the present disclosure provide methods and systems that configured to, generally, and in no particular order, perform one or more of the following functions: distinguish and identify secured assets that are permitted to an end-point to employ within a shared computing environment; monitor the end-point for certain triggering events, such as data creation, reception, manipulation, storage, or extraction associated with a secured asset; upon detection of a triggering event, monitor at least one unsecured container in order to determine if at least a portion of the secured asset has been otherwise transferred to an unsecured container; and encrypt the unsecured container in order to secure the otherwise unsecured asset.

Abstract: The disclosed computer-implemented method for managing a need-to-know domain name system may include (i) intercepting, by an agent of the computing device, network traffic received on the computing device, (ii) generating, by the agent, a one-time password based on a unique identifier of the agent of the computing device, (iii) wrapping, by the agent, the network traffic with the one-time password, and (iv) pushing, by the agent, the wrapped network traffic to a cloud server using a local domain name system (DNS) of the agent of the computing device, wherein the local DNS comprises a private domain name unpublished in a global DNS. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Respective memory devices are assigned to respective processor devices in a disaggregated computing system, the disaggregated computing system having at least a pool of the memory devices and a pool of the processor devices. An iterative learning algorithm is used to define data boundaries of a dataset for performing an analytic function on the dataset simultaneous to a primary compute task, unrelated to the analytic function, being performed on the dataset in the pool of memory devices using memory bandwidth not currently committed to the primary compute task, thereby efficiently employing the unused memory bandwidth to prevent underutilization of the pool of memory devices.

Abstract: An approach is provided for providing digital rights management within a connected service and content ecosystem. The approach involves receiving a request for content for use at at least one device, wherein the request originates from at least one companion device. The approach also involves causing at least in part, a packaging of the content according to at least one digital rights management format based, at least in part, on identification information associated with at least one of: the at least one device; the at least one companion device; at least one user associated with the at least one device, the at least one companion device, or a combination thereof; and the content. The approach further involves causing, at least in part, a transmission of the packaged content, at least one link to the packaged content, or a combination thereof to the at least one device, the at least one companion device, or a combination thereof.

Abstract: A star topology network comprises a user device, a central gateway, and one or more sensor nodes added to the existing network. A communication between the user device and the central gateway is secured either based on public-key cryptography, symmetric-key cryptography, or by the use of a secure channel such as a wired communication. A request from the user device to the central gateway can be transmitted over the internet.

Abstract: Embodiments provide a computer implemented method of enforcing password uniqueness for different user accounts of a particular user. The method includes: receiving a first new password from a first user account of the particular user, wherein the first user account is associated with a first system/object referenced by a first Password Relationship Object (PRO); evaluating a uniqueness policy to determine whether password uniqueness is required by one or more other PROs, wherein each system/object referenced by the one or more other PROs has a different user account of the particular user; if the password uniqueness is required by the one or more other PROs, evaluating a matching policy to determine whether the first new password matches any password of each different user account associated with one or more systems/objects referenced by the one or more other PROs; if there is a match, enforcing an enforcement policy.

Abstract: Methods for providing provable access to a distributed ledger with a tokenized instruction set are disclosed. A method may include accessing a distributed ledger including an instruction set, tokenizing the instruction set, interpreting an instruction set access request, and in response to the instruction set access request, providing a provable access to the instruction set.

Abstract: The present invention relates to a method and a system for authentication of a user for granting access to a service, the method comprising: receiving, by a vehicle control unit comprised in a vehicle, an authentication token based on a request for authentication for access to the service, the vehicle being in communicative connection with a remote server. A token sequence is sent by flashing with a light-emitting device comprised in the vehicle, the token sequence is based on the authentication token. The token sequence is received by a light detecting device. The token is compared by the server with the authentication token. When the token sequence is determined to match the authentication token, access is granted to the service. The invention also relates to a vehicle implementing the method.

Abstract: Secure cloud-based storage system management that includes: establishing, within a cloud-based services provider and based on one or more user credentials, a cloud-based user session to execute one or more commands on a remote storage system that includes physical storage devices; determining one or more data storage operations corresponding to the physical storage devices to implement the one or more commands on the storage system; and extending, based on using an access token based on the one or more user credentials to securely issue the one or more data storage operations to the remote storage system, the cloud-based user session to the remote storage system.

Abstract: In one embodiment, a method performed by a system that includes at least one processor, the method comprising: obtaining subscriber data of a plurality of subscribers, wherein said subscriber data comprises at least one of: consumption data relating to subscribed content consumption by said plurality of subscribers, or network data relating to data transmittal via one or more computer networks by the plurality of subscribers; detecting anomalous data by comparing subscriber data of different subscribers in the plurality of subscribers; identifying one or more suspected subscribers out of the plurality of subscribers as being suspected of unauthorized subscribed content distribution, the one of more suspected subscribers being associated with the anomalous data; and providing a respective identity for the one or more suspected subscribers.

Abstract: A server device includes: a request receiving section configured to receive a request to obtain a content from a user; a request retaining section configured to retain the request to obtain the content in association with an account of the user; a sign-in managing section configured to permit the user to sign in from a terminal device by using the account of the user; and a transmission control section configured to give an instruction to transmit the content requested to be obtained to the terminal device. The transmission control section decides to transmit the content to the terminal device in a case where the signed-in user satisfies a predetermined condition in relation to the terminal device.

Abstract: Aspects of the disclosure relate to controlling access to secure information resources using rotational datasets and dynamically configurable data containers. A computing platform may receive, from a first reader-writer system, a first data access request. Based on receiving the first data access request, the computing platform may authenticate the first reader-writer system using a first data container object. After authenticating the first reader-writer system, the computing platform may rotate a first data track comprising a plurality of datasets to align a first dataset of the plurality of datasets with the first data container object. After rotating the first data track, the computing platform may retrieve first information from the first dataset using the first data container object. Subsequently, the computing platform may send, to the first reader-writer system, the first information retrieved from the first dataset using the first data container object.

Abstract: Managing content delivery and content usage for client devices can include receiving, using computer hardware, HyperText Markup Language (HTML) code from a content server, wherein the HTML code is sent in response to a request originating from a client device, sending to an HTML licensing server, using the computer hardware, a query specifying the content server and a list including an HTML construct detected in the HTML code, receiving from the HTML licensing server, using the computer hardware, HTML license information specifying a validity status for the HTML construct on the list and a period of time for which the validity status is active, and determining, using the computer hardware, that the HTML code is invalid based on a current time, the validity status of the HTML construct, and the period of time.