Abstract: A healthcare data system. The system comprises a data protection entity configured to: sign at least a portion of a routing header of a data packet with a private key held by the data protection entity, the data packet including a payload and a routing header, the payload including healthcare data and the routing header indicating an intended consumer of the data packet; and transmit the data packet on towards the intended consumer. The healthcare data system further comprises one or more data receivers, each configured to: receive the data packet; and verify the signed routing header.

Abstract: A method and system for defending AI agents against prompt injection attacks is provided. The method and system include: monitoring, in real-time, a plurality of prompts and a plurality of action sequences for a plurality of AI agents, wherein an action sequence is a series of actions intended to be performed by the AI agent based on at least a corresponding prompt; and for each AI agent, computing a semantic distance metric between each prompt and each action sequence, comparing the computed semantic distance metric to a learned baseline semantic distance computed for the AI agent; and causing an execution of a mitigation action when the computed semantic distance metric deviates from the baseline semantic distance.

Abstract: The present invention concerns the verification and authentication of independent digital wallets and, particularly, the linking of regulated and unregulated digital wallets on a public blockchain. An unregulated trading system has a public certificate module arranged selectively to write NFTs into specific unregulated accounts. A public ledger database of the blockchain system stores unregulated accounts which each contain: (i) a document type identifier having a related minted unique non-transferable NFT linked to an externally generated certificate hash and where each non-transferable NFT is obtained via writing of a smart contract and each non-transferable NFT is a permanent record for a description of the document type; and (ii) a link to a private wallet of a regulated account of a regulated trading platform. The link relates directly to the minted non-transferable NFT issued from the certificate module.

Abstract: Systems and methods for quick start-up of playback in accordance with embodiments of the invention are disclosed. Media content may be encoded in a plurality of alternative streams and a quick start-up stream. The quick start-up stream may include media content that is encoded at a lower quality that the alternative streams and may be encrypted with a different, less secure encryption process than that of the alternative streams. During a start-up of playback, the playback device streams the media content from a quick start-up stream until a metric, such as a decryption key for the alternative streams is met. The device then streams the media content from the alternative streams in response to the metric being met.

Abstract: A method for implementing a fast UBDM transform includes receiving a first, input vector via a processor, and partitioning the first vector to produce a magnitude vector and a sign vector. A second vector, including a modified magnitude vector and a modified sign vector, is generated by: applying a permutation to the magnitude vector to produce the modified magnitude vector, converting the sign vector, based on an algorithm, into an intermediate sign vector, and applying nonlinear layers to the intermediate sign vector. Each nonlinear layer includes a permutation, an S-box transformation, a diffusive linear operation and/or an Xor operation. Multiple linear layers are applied to the second vector to produce a third vector, the third vector being a transformed version of the first vector. A first signal representing the third vector is sent to at least one transmitter for transmission of a second signal representing the transformed data vector.

Abstract: A storage network operates by: obtaining audit records, wherein each of the audit records indicates: a timestamp for a corresponding message, at least one event type code selected from a plurality of event type codes for a corresponding audit event of the corresponding message, and an identifier for a corresponding system entity associated with at least one event corresponding to the at least one event code; aggregating a number of audit records over a period of time; generating an audit file to include the number of audit records and integrity information; and facilitating storage of the audit file by utilizing a name of the audit file.

Abstract: A set of one or more permissions associated with an identity is determined. One or more risk metrics and corresponding usage associated with the one or more permissions associated with the identity are determined. Access associated with at least one permission from the set of one or more permissions associated with the identity is modified based on the one or more determined risk metrics and corresponding usage associated with the one or more permissions associated with the identity.

Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. A security appliance is set as the default gateway for intra-LAN communication. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined.

Abstract: A method and computer system for submitting and receiving data relating to a first digital content element. A search query comprising at least a portion of a first digital content element is derived at a first entity, the search query being based on a first number of possible search results in a set of search results. The search query is transmitted to a second entity which comprises a content database, the content database comprising a plurality of digital content elements. A set of search results is obtained based on the search query, the set of search results comprising any digital content elements of the content database matching the search query. The search results may be transmitted to the first entity and Matched with the first digital content element or it may be transmitted to a third entity which may be a law enforcement organisation.

Abstract: Examples of analytics systems may include a cloud based no-touch auto-update mechanism that may have access to ransomware signatures. For example, the service may pull ransomware signatures from a centralized public datastore through APIs and update the ransomware signatures on file servers subscribed to the analytics system.

Abstract: An electronic device comprises: a first processor operating in a general non-secure environment; a second processor operating in a secure environment; a first memory allocated to the general non-secure environment; a second memory allocated to the secure environment; and a third memory shared in the general non-secure environment and the secure environment, wherein the second processor is configured to: encrypt at least a portion of secure data to generate an encrypted portion, the secure data generated by a trusted application executed in the secure environment, store the encrypted portion in the third memory, and store first information used to encrypt the at least a portion of the secure data and second information generated while encrypting the at least the portion of the secure data in the second memory, and wherein the first processor is configured to, store the encrypted portion stored in the third memory in the first memory.

Abstract: The disclosure provides a configuration method, data integration method, apparatus, device and storage medium of data integration strategy. The method includes obtaining a data structure of a data source based on an access credential of the data source; and configuring a data structure of an external object for the data structure of the data source, wherein there is a mapping relationship between the data structure of the external object and the data structure of the data source.

Abstract: A device may receive, from an organization user, a request for support associated with a cloud computing environment utilized by the organization user, and may provide the request for support to a support user. The device may receive, from the support user, credentials of the support user and a login request to access the cloud computing environment, and may determine whether the credentials of the support user satisfy a domain check, a virtual private network (VPN) check, a role check, and a secure group check. The device may selectively deny the login request based on the credentials failing to satisfy one or more of the domain check, the VPN check, the role check, or the secure group check, or may approve the login request based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check.

Abstract: An interface circuit is coupled to first and second peripheral circuits. A register of the interface circuit stores a state parameter. The interface circuit is configured to: receive a write or read access request originating from a processor and directed towards a destination address in the first peripheral circuit; and generate a write and/or read operation at the first and/or the second peripheral circuit, the operation and its destination being selected according to the state value and the destination address.

Abstract: Examples described herein are generally directed towards generating, allocating, and assigning consistent file server user identifiers (IDs) (also described herein as a global identifier (GID)) domains subscribed to by file server(s) within a distributed file server environment. In operation, a virtualized file server of a distributed file server system may scan for and identify a trusted domain subscribed to by the virtualized file server. The virtualized file server may allocate to the trusted domain a range of file server user IDs. The virtualized file server may store a mapping between local user security identifiers (SIDs) in the trusted domain and a respective file server user IDs within the allocated range. The virtualized file server may provide the mapping to a replication target, such as during a replication, migration, and/or a disaster recovery event.

Abstract: An AI system and a method to prevent capture of an AI module in an AI system are disclosed. The AI system includes at least: an input interface to receive input data from at least one user; a blocker module to detect validity to the received input data and to generate output data corresponding to invalid data being received as input data using a class swapping technique; a data set module to store valid input data sets; an AI module to process the input data and generate output data corresponding to the input data; a blocker notification module to transmit a notification to the owner of the AI system on detecting an invalid input data and an output interface to send the generated output data to the at least one user.

Abstract: Systems and methods are provided for use in providing remote access across multiple regions. One example method includes receiving a remote access request from a user terminal associated with a remote user, where the request is specific to a first data center of a network, and opening, by a front-end firewall, a first IP security (IPSec) tunnel with the user terminal. The method also includes forwarding, by the front-end firewall, the request to a distribution firewall and routing, by the distribution firewall, the request to a back-end firewall, which is specific to the first data center. The method then further includes opening, by the back-end firewall, a second IPSec tunnel with the network and forwarding the request, through the second IPSec tunnel, to the network to thereby support communication between the user terminal and the network, via the first and second IPSec tunnels.

Abstract: An access control system for electric vehicle charging is provided that includes an access device, a secure reservation interface, a reservation server and a smartphone application installed on the smartphone. The access device includes a short-range wireless communication module connected to a processor having control of an electric vehicle charger. The secure reservation interface receives a reservation request for a reservation at a given destination. The reservation server receives the reservation request for the destination, issues a reservation certificate, and transmits the reservation certificate from the reservation server to a smartphone. The smartphone application has access to a short range wireless communication setting corresponding to the access device. The access device receives the reservation certificate from the smartphone application based on use by the smartphone application of the short-range wireless communication setting.

Abstract: Case management systems and techniques are disclosed. In various embodiments, a definition is received that associates a descendant case role alias with a first case node at a first hierarchical level of a hierarchical data model, the definition further associating a permission with the descendant case role alias and referencing a referenced case role associated with a second case node at a second hierarchical level of the hierarchical data model. The definition is used to extend the permission to a user assigned to the referenced case role with respect to a case instance comprising the hierarchical data model.

Abstract: Examples described herein are generally directed towards generating, allocating, and assigning consistent file server user identifiers (IDs) (also described herein as a global identifier (GID)) domains subscribed to by file server(s) within a distributed file server environment. In operation, a virtualized file server of a distributed file server system may scan for and identify a trusted domain subscribed to by the virtualized file server. The virtualized file server may allocate to the trusted domain a range of file server user IDs. The virtualized file server may store a mapping between local user security identifiers (SIDs) in the trusted domain and a respective file server user IDs within the allocated range. The virtualized file server may provide the mapping to a replication target, such as during a replication, migration, and/or a disaster recovery event.