Abstract: The disclosure provides for authentication and/or authorization via persistable identity tokens, so an original identity provider (e.g., a user) does not need to be present upon initiating execution of a task. Examples include requesting a persistable token in exchange for a first live token. Based at least on the request for the persistable token complying with a first set of policies, receiving the persistable token. Based at least on a trigger event, requesting a second live token in exchange for the persistable token. Based at least on the request for the persistable token complying with a second set of policies, receiving the second live token. Based at least on receiving the second live token, initiating execution of a task using the second live token for authentication or authorization, wherein the execution of the task is contingent upon the authentication or authorization.

Abstract: System and method for managing security-relevant information in a computer network uses a security information plane (SIP) manager to which different types of security-relevant data are uploaded from components in the computer network and from which networkwide aggregated security information produced from the security-relevant data is download to a global security controller. The downloaded networkwide aggregated security information is used by the global security controller to control security applications running in the computer network.

Abstract: The present disclosure provides for system resource management in self-healing networks by grouping End Point Groups (EPGs) into a plurality of policy groups based on shared security policies; identifying a first policy group with a highest resource demand; assigning a first security policy corresponding to the first policy group to a first switch of a plurality of switches; identifying a second plurality of EPGs from the remaining EPGs that were not included in the first policy group; grouping the second plurality of EPGs into a second plurality of policy groups based on shared security policies; identifying a second policy group with a highest resource demand of the second plurality of policy groups; and assigning a second security policy corresponding to the second policy group to a second switch of the plurality of switches.

Abstract: Systems, methods, and computer-readable media for policy splitting in multi-cloud fabrics. In some examples, a method can include discovering a path from a first endpoint in a first cloud to a second endpoint in a second cloud; determining runtime policy table capacities associated with nodes in the path; determining policy distribution and enforcement for traffic from the first endpoint to the second endpoint based on the runtime policy table capacities; based on the policy distribution and enforcement, installing a set of policies for traffic from the first endpoint to the second endpoint across a set of nodes in the path; and applying the set of policies to traffic from the first endpoint in the first cloud to the second endpoint in the second cloud.

Abstract: The herein disclosed technology provides methods and systems for intelligently predicting viewer sentiments invoked by a collection of digital content (e.g., a web-based digital channel) based on an assessment of channel metadata, such as channel metadata defining an association between the channel and one or more other channels; channel history data for the channel; and demographic information about the channel.

Abstract: The communication system includes a communication unit that receives a conversation of a user, an accumulation unit that accumulates a conversation frame that describes a structure of a conversation generated on a basis of the conversation of the user collected via the communication unit, and a control unit. The control unit obtains a feeling parameter related to a feeling of the user who sends the conversation in units of collected conversation, extracts the conversation frame from the conversation on a basis of the feeling parameter, and accumulates the conversation frame in the accumulation unit.

Abstract: In one embodiment, a processing device receives a request to claim ownership of a first hosted media item on a first media sharing platform, wherein the request is received from a rights holder that holds one or more rights to a claimed media item that is incorporated into the first hosted media item. The processing device adds an indicator of the ownership of the rights holder to a first entry for the first hosted media item in a data store. The processing device determines that a second hosted media item having a threshold similarity to the first hosted media item is hosted by a second media sharing platform. The processing device automatically adds an indicator of the ownership of the rights holder to a second entry for the second hosted media item without receiving a separate request to claim ownership of the second hosted media item.

Abstract: A method includes obtaining vulnerability scan results for a first subset of assets of an enterprise system and populating an observation data structure, based on the obtained vulnerability scan results, indicating which vulnerabilities are observed on respective ones of the assets. The method also includes determining a set of recommendations for missing entries of the observation data structure for a second subset of the assets of the enterprise system utilizing at least one recommender system that comprises at least one similarity function for determining similarity between a first and second sets of vulnerabilities observed on ones of the first and second subsets of the assets. The method further includes predicting vulnerabilities affecting the second subset of assets utilizing a machine learning model and the determined set of recommendations, and applying remediation actions for remediating the predicted vulnerabilities affecting the second subset of the assets.

Abstract: An application-centric authorization model utilizes locally-evaluated rules derived from non-local policies and provided to the application via an authorization object, preferably in the subject's session context. Preferably, the approach does not involve a runtime determination regarding the policy or policies; rather, one or more existing policies are merely used to derive authorization rules associated with a subject, and which are then evaluated and enforced at runtime in a computationally-efficient manner within the local runtime context of the application or service.

Abstract: A communication network, comprising a video server, adapted to generate a multicast video signal, and a first router is provided. The communication network is operated by a first communication provider. The first router is adapted to receive the multicast video signal, generate a plurality of unicast video signals from the multicast video signal, and provide each of the plurality of unicast video signals to one of a plurality of user devices, connected to a first further communication network, through at least a first further router, which is part of the first further communication network. The first further communication network is operated by a second communication provider.

Abstract: Provided is a notification control apparatus that includes a receiving unit that receives detected information detected by a detection apparatus connected to a home network and priority information associated with the detected information from the detection apparatus via the home network. The notification control apparatus further includes a notification control unit that controls notification to a user by using a method based on the priority information.

Abstract: Methods and systems for identifying altered content are described herein. The system generates a fingerprint for an unverified content item and locates a plurality of content items that match the fingerprint. The system then compares corresponding frames between the unverified content item and each content item of the plurality of content items. The system identifies, based on the comparing, an altered frame in the unverified content item that does not match a corresponding frame in two or more of the plurality of content items. The system also determines that one or more frames of the unverified content item that follow the altered frame match corresponding frames in the two or more of the plurality of content items. The system then generates for display an indication that the unverified content item contains one or more altered frames.

Abstract: Techniques for described for generating session-related timeout parameters that are user-specific in value. A user-specific timeout parameter offers several advantages over a static timeout parameter, including minimized the risk of session hijacking, fewer stale sessions to manage, and timeout parameters that more closely match the user's actual behavior. A value for a timeout parameter can therefore depend on information stored for a specific user. The stored information can indicate user behavior observed over a period of time encompassing multiple sessions and/or multiple accesses to the same or different resources. In certain embodiments, a value for a timeout parameter is determined by a prediction engine implemented using a machine learning (ML) model. The ML model may determine the timeout parameter based on information obtained records associated with the user for whom the timeout parameter value is being determined, as well as information from records associated with other users.

Abstract: According to one embodiment, in response to a request received at a host agent of a server from a user device of a user over a network to process user data, a system transmits a token representing the request to an executor pool having a pool of a number of executors. The system receives by the host agent executable image(s) of an executor from the executor pool, where the executor pool allocated the executor from the pool of executors in response to successfully verifying the token. The system launches a restricted operating environment within the server, including providing the executable image(s) of the executor and the user data to the restricted operating environment. The system executes the executable image(s) of the executor within the restricted operating environment, where the executor, when executed, is to process the user data without accessing an external component external to the restricted operating environment.

Abstract: A computer-implemented method for a token-based authorization in a data processing environment comprising a user system, an application server and an authorization server may be provided. The method comprises accessing the application via the user agent, sending an access token and a refresh token from the authorization server to the application, triggering an execution of the service providing the long-running operation by the application. The triggering comprises requesting and receiving a transferable refresh token, starting an execution of the service providing the long-running operation by passing the transferable refresh token together with the identifier from the application to the service providing the long-running operation, passing the transferable refresh token from the long-running service to the authorization server, receiving an access and refresh token, and continuing the long running service.

Abstract: Methods and systems for routing key commands received from a remote-control device are provided. The method and/or system may include receiving, at a device, a key command from the remote-control device, generating a first message that includes the key command, sending, from the device, the first message to a keystroke router, and determining, at the keystroke router, a system network controller associated with the device. Moreover, the keystroke router may send the key command to the system network controller.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to generate synthetic respondent level data. Example apparatus disclosed herein include a synthetic panel generator to (i) generate a synthetic panel corresponding to a duration of time, the synthetic panel to be generated based on (a) a seed panel and (b) duration constraints based on return path data reported by a plurality of media devices, the synthetic panel representative of audiences of media presented by the plurality of media devices during the duration of time, and (ii) generate synthetic respondent level data based on viewing data of synthetic panelists in the synthetic panel. Disclosed example apparatus also include an output file generator to generate an output file based on the synthetic respondent level data.

Abstract: Systems, apparatuses, and methods directed to security enhancement. One or more remote data sources may be accessed to retrieve remote data associated with security for a computing architecture. An input model of an input network security architecture may be identified. One or more user-based constraints may be identified. An output model may be automatically generated based on the input model, the remote data and the one or more user-based constraints. The output model is an output network security architecture that complies with the one or more user-based constraints.

Abstract: A security monitoring platform may use an unsupervised machine learning technique to cluster historical data related to user access rights associated with multiple cloud applications based on various features that relate to user permissions and attributes within the multiple cloud applications. The security monitoring platform may use a supervised machine learning technique to train an access rights data model based on the clustered historical data and perform one or more actions that relate to current access rights assigned to at least one user within one or more of the multiple cloud applications based on a score representing a probability that an access level assigned to the at least one user within the one or more of the multiple cloud applications is correct. The security monitoring platform may apply a reinforcement learning technique to update the access rights data model based on feedback related to the one or more actions.

Abstract: According to one aspect of the present disclosure, a transmission method for enabling transmission of content using a broadcast wave and a communication channel includes: transmitting auxiliary information using at least the broadcast wave, the auxiliary information being information for synchronizing content transmission using the broadcast wave and content transmission using the communication channel when the content is transmitted using the broadcast wave and the communication channel, and the auxiliary information causing a reception side to perform the syncronization when the reception side receives the auxiliary information. Therefore, even if timing of starting reception of the content through the communication is delayed, the reception side can play back the content by a combination of the broadcasting and the communication.