Abstract: A method for execution by a computing device of a storage network includes obtaining storage performance information for a set of storage units of the storage network, where data segments are dispersed storage error encoded into pluralities of sets of encoded data slices in accordance with error encoding parameters that include a pillar width number and a decode threshold number, which is a number of encoded data slices the set of encode data slices is required to reconstruct a data segment of data segments. The method further includes determining, based on the storage performance information and the error encoding parameters, a performance threshold number for a write request to store a set of encoded data slices of the pluralities of sets of encoded data slices in the set of storage units, where the performance threshold number is greater than the decode threshold number and less than the pillar width number.

Abstract: A display control method includes: determining, by a computer, a link between an operation target object to be displayed on a display and a terminal that is to output the operation target object; and when detecting specific operations of outputting the operation target object from a plurality of terminals within a certain period of time after detecting a predetermined display operation for displaying the operation target object on the display, providing a guide giving a prompt to perform the specific operation again.

Abstract: A method of managing access to protected file content is disclosed. The method includes: receiving a request to open a first file stored on the computing device; determining that the first file is a protected file; in response to determining that the first file is a protected file: identifying a first application that is suitable for opening the first file; determining that the first application is an unsecured application; and in response to determining that the first application is an unsecured application, locking the first application to prevent unauthorized access of application data of the first application in a locked state.

Abstract: In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.

Abstract: Disclosed is a 5th generation (5G) or a pre-5G communication system provided to support a higher data transmission rate than that of post-4th generation (4G) communication systems, such as long term evolution (LTE). A method of operating a network node in a wireless communication system is provided. The method includes receiving, from a plurality of first network nodes, network data, generating first recommendation operation information for a second network node based on the network data, and transmitting, to the second network node, a first analysis result message including the first recommendation operation information.

Abstract: A processor of a remote crypto cluster (RCC) may receive a public key from a client device through at least one network. The processor of the RCC may obtain an encrypted specific key and a blinded project key from at least one data source through the at least one network. The processor of the RCC may derive a derived key in blind based on the encrypted specific key and the blinded project key. The processor of the RCC may send the derived key in blind to the client device.

Abstract: This disclosure is directed to embodiments of systems and methods for containerizing files and managing policy data applied to the resulting containers. In some of the disclosed embodiments, a computing system determines that a file stored in storage medium is to be included in a container to be sent to at least one computing component associated with a device including a user interface. The computing system determines that the file is of a particular type and also determines code that can be used to access files of the particular type. The computing system combines the file and the code into the container such that container is configured to be executed by the at least one computing component so as to cause content of the file to be presented by the user interface. The computing system then sends the container to the at least one computing component.

Abstract: An anomaly detection device for detecting anomaly in frames flowing through an in-vehicle network system includes: an obtainer that obtains one or more frames; a first holder holding a first rule defining a rule indicating that when a frame satisfies a first condition based on a source or a destination, the frame is to be transferred; a first frame controller that transfers the one or more frames in accordance with the first rule; a second holder holding a second rule defining a rule indicating that a frame satisfying a second condition is to be determined as being anomalous; and a second frame controller that performs, in accordance with the second rule, an anomaly detection process on each of the one or more frames transferred by the first frame controller. When an anomalous frame is detected, the second frame controller provides or stores a detection result.

Abstract: An abnormality detection apparatus for a mobility entity and for detecting an abnormality in a network system is provided. The network system includes a first network and a second network that use different communication protocols. A first communication circuit receives state information indicating a state of the mobility entity. The state information is acquired from the second network. A second communication circuit transmits and receives a first frame according to a communication protocol used in the first network. A memory stores an abnormality detection rule. A processor detects, based on the state information and the abnormality detection rule, whether a control command included in the first frame received by the second communication circuit is abnormal. In a case where the control command is abnormal, the processor prohibits the control command from being transmitted.

Abstract: Disclosed are various approaches for remotely deploying provisioned packages. An installer for an application is stored in a cache location of the client device. A hash of the installer is then written to a registry of the client device. The installer is then executed to install the application on the client device. Then, the client device is registered with a management service. Subsequently, a registration confirmation is received from the management service. The hash of the installer is then confirmed and the installed application is identified to the management service as a managed application installed on the client device.

Abstract: A computer server includes processor and memory hardware. The processor hardware executes instructions including parsing a hypertext transfer protocol (HTTP) request from a first user agent to identify a first data object matching a set of characteristics and generating a new data element based on the HTTP request. The instructions include, in response to the first data object being present: extracting a first set of serialized data elements and serializing them with the new data element to generate a second data object. The instructions include, in response to the first data object being absent and a user associated with the first user agent being identifiable: determining a second set of serialized data elements based on an identity of the user, and serializing them with the new data element to generate the second data object. The instructions include transmitting an HTTP response including the second data object.

Abstract: Systems and methods for selectively sharing of portion of unstructured data containers/documents based on security attributes or policies used to encrypt/decrypt data within the unstructured data containers using standard encryption schemes are provided herein. In some embodiments, a system includes a key generation authority to generate encryption keys based on a selected cryptographic security scheme and one or more security attributes or security policies; an encryption service to selectively encrypt one or more data subgroups using the one or more public keys and based on one or more security attributes or security policies assigned to the one or more data subgroups with the unstructured data containers; and a decryption service to decrypt the one or more data subgroups within unstructured data containers using the one or more secret keys and the one or more public keys.

Abstract: This disclosure relates to systems, methods, and computer-readable media for identifying an asset privacy management trigger on an end-user device related to a third-party application. In response to identifying the asset privacy management trigger, a privacy selection interface to enable a user to select a limited asset access option is displayed. In response to the limited asset access option being selected, an asset selection interface is displayed, where the asset selection interface is configured to define a sub-set of assets of the end-user device as authorized for the third-party application based on user selection. In response to a subsequent request to access assets of the end-user device by the third-party application, the third-party application is able to access only the defined sub-set of assets. For different third-party applications or scenarios, the asset privacy management triggers and asset sub-set definitions may vary.

Abstract: A computer system conditionally processes a template document to produce one or more finished documents. Annotations in the template document are identified, each annotation indicating an instruction name and a portion of the template document to which the annotation is applied. The template document is processed using one or more structured data feeds that indicate, for each annotation, instructions for transforming the portion of the template document associated with the annotation, wherein the instructions are indicated by the instruction name of the annotation. Finished documents are generated by executing the instructions to transform the template document into each finished document, wherein transforming includes: replacing data in the template document, adding data to the template document, and removing data from the template document.

Abstract: Systems and methods for securely storing data for efficient access by cloud-based computing instances is provided. In one or more examples, a computing hub can receive one or more access requests to data stored within a persistent data storage computing resources that in connected to the computing hub. The computing hub can be configured to determine if the access request is from an authorized computing resource, and can then generate one or more tokens that provide access to the computing resource. The one or more tokens can include information regarding the IP address of the requesting cloud-based computing resource, and each time that the cloud-based computing resource uses the token to request access to the stored data, the computing hub can check the IP address of the computing resource against the IP address indicated on the token to decide whether or not to grant access to the data.

Abstract: The systems and methods enforcing communications semantics on a private network, comprising: establishing a secure and encrypted private network with a whitelist of two or more profiles using alias and digital keys; associating each profile with equal access and control irrespective of its associated computing device capability; embedding communication information at source or destination in secure endpoint object; embedding communication information in transit in a secure conversation object wherein each conservation object has one or more message objects with one or more attributes comprising of source address, destination address, time sent, or time received; enforcing one or more of distribution parameters or life cycle parameters for the communication information.

Abstract: The disclosed computer-implemented method for providing web tracking transparency to protect user data privacy may include (i) receiving a browser request for target websites during a browsing session, (ii) identifying a tracking type for website trackers utilized by the target websites, the tracking type including a direct tracking type or a tracking sharing type, (iii) extracting an information category for the target websites, (iv) detecting text patterns shared between the target websites in a common information category, (v) determining information collected about a user by the website trackers by combining the tracking type for the website trackers, the information category for the target websites, and the detected text patterns, and (v) performing a security action that protects against unsolicited website tracking in future browsing sessions by providing the information collected by the website trackers to the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: One embodiment provides a computer implemented method of data compression including segmenting user data into data segments; deduplicating the data segments to form deduped data segments; compressing the deduped data segments into compression units using a hardware accelerator; packing the compression units into compression regions; and packing the compression regions into one or more containers.

Abstract: Methods and systems for safeguarding against malware such as ransomware are described. In part, the disclosure relates to systems and methods for restoring user data and other data encrypted by malware or otherwise rendered inaccessible thereby. In one embodiment, the disclosure relates to a method of safeguarding user data. The method includes monitoring a plurality of processes executing on a computing device; detecting when a first process of the plurality of processes attempts to modify one or more parameters of a user data file; determining if first process is a trusted process or an untrusted process using one or more heuristics; and if the first process is determined to be an untrusted process, create a backup version of the user data file, wherein the backup version of the user data file is created with regard to an unchanged version the user data file.

Abstract: An example of a non-transitory computer-readable medium storing machine-readable instructions. The instructions may cause a controller to receive an image and detect an object in the image. Based on a contextual setting of the electronic device, overlay data may be retrieved from a database or a remote electronic device to be visually associated with the object on a display.

Abstract: A method, system and computer-usable medium for routing data loss prevention (DLP) events across different network levels. A determination is made as to a number of DLP networks. The classification and data as to a DLP network is determined. Certain data is processed, including an entity risk level and certain data is held, such as certificates. The held data is processed by a computing platform. Processed entity risk levels are returned to the DLP networks. When all networks are processed, processed and held data are sent to the computing platform.

Abstract: The invention described herein is directed to a secure text messaging and object sharing mobile application that provides encryption, digital rights management (DRM) of the text and of the attachments, the capability of sending SMS, RCS, MIMS, IM or blockchain communications, the capability of attaching documents, photos and so forth, the capability of interfacing with a user's contacts application, and that operates in both Android and iOS environments. The secure text messaging and object sharing mobile application connects to DRM cloud service, and also connects to second secure text messaging and object sharing mobile app thru a P2P network that provides SMS, RCS, MMS, IM, and/or Blockchain communications. The invention also includes systems and methods related to the same.

Abstract: Provided are an Ethereum Virtual Machine-based transaction processing method and apparatus, a device, a program and a medium, which relate to the field of computer technologies and, in particular, to blockchain technologies. An implementation scheme includes: acquiring, by a virtual machine instance running in a blockchain node, a to-be-processed transaction request; generating, by the virtual machine instance, a data access request for target access data and transmitting the data access request to an interface module in a process of executing the to-be-processed transaction request; performing, by the interface module, instruction conversion according to the data access request to determine a blockchain access interface corresponding to a function of the data access request; and calling, by the interface module, the blockchain access interface for a data storage space of a blockchain to access the target access data and feeding back an access result to the virtual machine instance.

Abstract: A host delegates Just-In-Time (JIT) bytecode compilation to a serverless Web Assembly (WASM) runtime. The WASM runtime receives the bytecode, together with any additional arguments (e.g.: offsets of dependent functions, vtable metadata, virtual machine state). The host may include a parser to provide the additional arguments. In response to receiving the bytecode and arguments, the WASM runtime triggers a thread and loads appropriate WASM modules to compile the bytecode. The resulting assembly instructions are sent back to the host for execution in connection with the (frequently requested) method. Only the bytecode of frequently-accessed methods (as determined at the host) may be delegated for compilation. Delegation of bytecodes for compilation according to embodiments, may conserve a significant percentage of CPU cycles at the host, which can then be used for executing code instead.

Abstract: An information processing apparatus includes: an operation execution receiver that receives an execution of an operation of a device; and an operation prohibition canceler that, when in a state where the device is prohibited from performing the operation, cancels prohibition of the operation of the device upon the execution of the operation being received by the operation execution receiver.

Abstract: Systems and methods of memory operation that provide a hardware-based reset of an unresponsive memory device are disclosed. In one embodiment, an exemplary system may comprise a semiconductor memory device having a memory array, a controller that may include a firmware component for controlling memory operations, and a reset circuit including power-up circuitry and timeout circuitry. The reset circuit may be configured to detect when the memory device is in a non-responsive state and reset the memory device without using any internal controller components potentially impacted/affected by the non-responsive state.

Abstract: The present invention extends to methods, systems, and computer program products for identifying and consenting to permissions for workflow and code execution. Aspects of the invention can be used to automatically scan a workflow or code definition to identify (potentially all) the actions/triggers a workflow or program intends to perform on behalf of a user. The user is shown the actions/triggers the workflow or program intends to perform (e.g., at a user interface) before consent to perform the actions/triggers is granted. As such, a user is aware of intended actions/triggers of a workflow or program before granting consent. Further, since actions/triggers are identified from the workflow or code definition (and not formulated by an author), permission requests better align with permissions that workflow or program functionality actually uses during execution.

Abstract: An operation method with fingerprint recognition, an apparatus, and a mobile terminal relate to the field of communications technologies, where the method includes obtaining a fingerprint input by a user's finger at a preset position on a touchscreen of the mobile terminal, displaying at least one shortcut when the fingerprint matches a preset fingerprint and a duration of the finger at the preset position on the touchscreen exceeds a predetermined duration, detecting a sliding operation input by the finger using the preset position as a start position, determining a first shortcut from the at least one shortcut according to a direction of the sliding operation and running the first shortcut. Thereby reducing operation duration, and improving operation efficiency.

Abstract: A data storage device is disclosed comprising a non-volatile storage medium (NVSM), and a head configured to access the NVSM. During a first interval, the head is used to write first data to a first segment of the NVSM, and during a second interval, the head is used to read the first data from the first segment of the NVSM and erase at least part of the first data from the first segment of the NVSM.

Abstract: A system, method, and machine-readable storage medium for detecting an anomaly are provided. In some embodiments, the method includes computing an access rate of a set of entities for each user of a plurality of users. The access rate may refer to data operations for the set of entities stored by a storage system. The method also includes normalizing the access rates for a subset of the plurality of users, the subset belonging to a community. The method further includes determining whether a normalized access rate from among the access rates satisfies a threshold. The method also includes detecting an anomaly in response to a determination that the normalized access rate satisfies the threshold.

Abstract: In one aspect, a method for preventing attacks on a web application server by monitoring and validating the API calls executed by the dynamic language code of web application is provided. The method includes the step of scanning the computer system for web applications and the location of dynamic language code or script files used by the web applications. The method includes the step of parsing all script files to identify API calls, the location of API calls, and arguments used in the API calls and storing them as rules.

Abstract: A screen capture prevention method includes serving a single-color, DRM-protected video clip for display as a background for a document on a web browser. The document is processed to render its background color as transparent. Content of the document is viewable over the contrasting video clip background. When a screen capture event is detected, the video clip is changed to a same color as the content of the processed document, rendering the content indistinguishable from the background while the screen capture event is active.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: A handheld security system includes a set of handheld devices positioned at a group of access points to a secure area. The handheld device includes a set of input/output devices including a text and graphics display, a camera, a local security database and a set of security devices including an RFID reader, a bar code reader, a magnetic stripe card reader and a biometric scanner. The set of handheld devices are communicatively connected through wireless signaling and protocol to one another and to a server operating a global a global security database. The local security database is synchronized to the global security database. A location stack table is continuously updated with security events and monitored for violation of a set of anti-passback rules. An association table associates a set of assets and a set of personnel, allowing for visitor tracking and asset tracking on a schedule.

Abstract: A system described herein may provide a technique for providing extended container capabilities via helper functions that are executed by an entity with a higher privilege level than that of the containerized process. In order to limit the opportunity for malicious or otherwise unauthorized use of such extended container capabilities, such helper functions may limit enabled arguments and/or otherwise limit utilization of functionality associated with a higher privilege level.

Abstract: Method for controlling commands suitable to be processed by a peripheral (2) comprising the following steps implemented by a control circuit (6) connected to a communication bus (8), a command circuit (4) and the peripheral (3) also being connected to the communication bus (8): granting or refusing authorization to the command circuit (4) to transmit a command signal of the peripheral via the bus (8), detecting the possible transmission of the command signal for the peripheral by the command circuit via the bus (8), implementing protection measures (614) when the control circuit detects that the command signal has been transmitted as the control circuit has not granted authorization, or that the command signal has not been transmitted as the control circuit has granted authorization.

Abstract: Methods, apparatus, and processor-readable storage media for automatically syndicating licensed third-party content across enterprise webpages are provided herein. An example computer-implemented method includes generating, in connection with licensed third-party content, one or more licensed third-party content syndication files comprising a set of fields related to enterprise product information, licensed third-party content format information, license-related governance information, and enterprise webpage-based distribution information; processing at least a portion of the licensed third-party content using the one or more licensed third-party content syndication files; and automatically syndicating the at least a portion of the licensed third-party content, in accordance with the processing, across multiple user interfaces associated with one or more enterprise webpages, using at least one application programming interface.

Abstract: Techniques are described for managing licenses of Internet of Things devices. One embodiment includes receiving, at a network management system, a request to allocate a license to a first endpoint device. Real-time device metadata and state data for the first endpoint device are accessed. Embodiments select a license instance, from a plurality of license instances, to allocate to the first endpoint device, based at least in part on the real-time device metadata and state data for the first endpoint device. The selected license instance is assigned to the first endpoint device and at least an indication that a valid license has been assigned to the first endpoint device is transmitted to the first endpoint device.

Abstract: For example, a data set comprising a plurality of data fields, including at least one field containing personal information, can be received. Meta-information for the data set can be reviewed, which includes a categorization for the data set comprising a first parameter specifying field data type, and, for fields comprising personal information, a second parameter specifying personal data consent information. The data set may be converted into a columnar data storage format using the meta-information, and the at least one data field comprising personal information may be stored in at least one column marked as comprising personal information, and at least one personal information privacy control may be applied to the at least one marked column.

Abstract: When a third party wants to redeem a user's personally identifiable information (PII), the third party presents to the system a token representing the PII, which indicates a request for the PII. The system seeks consent from the user for sending the PII to the third party. If the user grants consent, then the system prepares the PII for the third party. In some embodiments, the third party can initiate a telephone call with a dispatch to receive the PII. In some embodiments, the third party can receive the PII directly from the system.

Abstract: A computer network data center includes a persistent storing device storing raw data from an external data source, a multi-core parallel modelling system coupled to the persistent storing device, and a gateway server coupled to the persistent storing device as a reverse firewall. In operation, the raw data in the persistent storing device is not erased, altered or destroyed. The multi-core parallel modelling system processes the raw data to provide anonymized information for an external user device. The gateway server has a communication channel for secure communication with external devices but prevents access to the raw data stored in the persistent storing device by the external devices.

Abstract: The present disclosure describes a security device including: a hardware-based data reading circuitry that acquires, through hardware-level interaction, security data source based on a software unreadable register; and a first security data generator that generates first security data based on the security data source. Furthermore, the present disclosure also describes a security device including: a second security data generator that generates second security data; and a hardware-based data writing circuitry that writes, through hardware-level interaction, the second security data into a software unreadable register.

Abstract: Methods and systems for selectively encrypting commit log entries in a distributed database system are described. One example method includes determining that a commit log for a particular server in the distributed database system is to be updated based on a data operation performed on a tablet managed by the server, the tablet including at least a portion of the data from a table in the distributed database system, and wherein the data from the table is stored in multiple tablets; determining that the tablet managed by the particular server is an encrypted tablet; in response to determining that the tablet is an encrypted tablet, generating an encrypted log entry representing the data operation performed on the tablet including an encrypted payload including information representing the data operation and an unencrypted header including information about the encrypted log entry; and updating the commit log to include the encrypted log entry.

Abstract: A method of allowing secured access for a web browser of a client computer device to local resources wherein a web server hosting a shipping application executes the shipping application in response to web page requests received from the web browser, the method comprising the steps of: requesting directly to a shipping server agent by the web browser a usage of a web service of the shipping server agent for accessing the local resources, requesting directly to the shipping application by the shipping server agent an authorization for the usage of a web service by the web browser, providing an authorization response from the shipping application directly to the shipping server agent regarding the usage of a web service by the web browser, and accessing local resources by the shipping server agent according to the requesting by the web browser.

Abstract: A data security method may include storing user data to a first device and storing metadata corresponding to the user data to a second device. The method may further include making a first determination that at least one device selected from the group of the first device and the second device is not in communication with a third device. The method may further include disabling utilization of the user data in response to the first determination.

Abstract: A method of controlling access to a digital asset by a user includes creating the digital asset, which includes a program file and a content file. The digital asset is associated with a primary key sequence and with a key-sequence document. The digital asset is stored at a distribution server. A user registration process, a user verification process, and an asset acquisition process are performed. The user registration process includes registering a storage device with the distribution server. The storage device includes a unique device identifier. The user is associated with the device identifier, with a secondary key sequence, and with a network interface. The network interface includes a unique interface identifier and has embedded therein an asset access application the secondary key sequence and a key sequence rule are provided to the user.

Abstract: An electronic device and an operation method thereof, according to various embodiments, may: receive first data and second data compressed in a designated compression scheme; decompress the received first data and the received second data on the basis of at least the designated compression scheme; decrypt the decompressed second data; detect success of the decryption; and reproduce the decompressed first data and the decrypted second data.

Abstract: A method for monitoring access to an electronically controllable device includes establishing communication between a mobile device and a control platform via a communication network. A booking, including first and second data, is created for a controllable device in the platform. The first data is access information and the second data is encrypted with an individual key which is assigned to an access control unit in the controllable device. The mobile device is wirelessly connected to the access unit and the second data, as well as a subset of the first data, is transmitted to the access unit which decrypts the second data and checks its signature. If the check is successful, a configuration of the access unit is adapted as a function of the decrypted data. Authorization for access to the controllable device by the mobile device is checked as a function of the decrypted data.

Abstract: An electronic device and an operation method thereof, according to various embodiments, may: receive first data and second data compressed in a designated compression scheme; decompress the received first data and the received second data on the basis of at least the designated compression scheme; decrypt the decompressed second data; detect success of the decryption; and reproduce the decompressed first data and the decrypted second data.

Abstract: Described herein is an application ownership enforcement system and method. Ownership identification information (e.g., name, email address, identifier) regarding portion(s) (e.g., a function, a subroutine, a module, an HTML page, a component, a form, and/or an element) of an application is received and stored in the application. In response to receipt of a request to compile the application, prior to compilation, the stored ownership identification information can be compared to stored information regarding current users (e.g., a list, a directory, a database). When it is determined that the stored ownership information is currently valid, the application can be permitted to be compiled. When it is determined that the stored ownership information is not currently valid, the application is not permitted to be compiled or a warning provided, and, information regarding the determination that the stored ownership information is not currently valid can be provided (e.g., via a graphical user interface).