Abstract: The data transformation method operates discrete input data sources DF-in each having df-in data fields carrying to-be-converted data (tbc-data). Initial steps identify tbc-data field and characteristics; output discrete output (df-out) with predefined df-out data fields for converted data (conv-data); and maps or look-up tables for relationships between df-in data fields and df-out data fields. Process activates: SFTP App in the presence df-in and transfers df-in to unstructured data blob; and App copying the df-in from blob to file share archive; first orchestrating sequence App to validate df-in data based upon conversion rules. If INVALID, App generates error entry. If VALID, App converts tbc-data into conv-data with conversion rules and mapping orchestrating App populates df-out data fields with conv-data resulting converted df-out in the blob. A second orchestrating App transfers converted df-out to destination store.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for facilitating on-demand delivery of unknown qubits. An example method includes determining a first quantum basis pattern. The example method further includes encoding, by encoding circuitry, a set of bits utilizing the first quantum basis pattern to generate a set of qubits and transmitting, by quantum communications circuitry, the set of qubits over a quantum line, for example, a polarization maintaining optical fiber, to a remote device, wherein the set of qubits is configured for measurement by an independently determined, second quantum basis pattern, resulting in a second set of bits different than the first set of bits.

Abstract: Systems and methods for generating, selecting, and implementing rule-based strategies are disclosed. An input data set representing a plurality of interactions that may be classified as malicious or non-malicious is received and at least one strategy tree including a plurality of rule-based strategies is generated. The at least one strategy trees is generated by a machine learning model configured to generate a tree structure. The rule-based strategies are ranked based on a precision-recall-stability (PRS) score generated for each of the rule-based strategies and at least a first rule-based strategy having a highest PRS score is extracted. One or more interactions are evaluated using the first rule-based strategy to determine when the one or more interactions are malicious.

Abstract: The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

Abstract: A privacy protection method for the electronic device includes: starting face change detection, where the face change detection is continuously detecting, in a current unlocking period, whether a face in front of a display of the electronic device changes; after starting the face change detection, detecting an operation of starting a first private application; and in response to the operation and determining that a result of the face change detection is that the current face does not change, displaying first private content corresponding to the first private application; or in response to the operation and determining that a result of the face change detection is that the current face changes, displaying first non-private content, where the first non-private content does not include first private content.

Abstract: In certain embodiments, systems and methods are provided for authenticating a user of a computing device. In some embodiments, a request to authorize a transaction associated with a user may be received, and a current location of the user may be determined. A determination of whether a threshold proximity exists (between the current location of the user and at least one location of at least one known associate) may be performed. The authorization request may be approved based on the determination of the threshold proximity. As an example, the known associate of the user may be determined from among a plurality of associates based on a geographical relationship between the location of the known associate and the current location of the user. The authorization request may be approved in response to a determination that the threshold proximity exists between the user's current location and the known associate's location.

Abstract: Apparatuses, systems, and techniques to perform a cryptographic operation using multiple iterations, wherein each iteration includes two or more stages operating in parallel on inputs derived from a common value, one of the stages computing real data and other stages computing dummy data.

Abstract: Computer methods, apparatuses, and graphical user interfaces include placing one or more electronic messages in cloud storage that is defined by or accessed by a blockchain data structure.

Abstract: An apparatus comprises an encryption key generator to generate a media encryption key to encrypt data in number of memory components, where the encryption key generator is configured to wrap the media encryption key to generate an encrypted media encryption key, The encrypted media encryption key is stored in a non-volatile memory. The apparatus comprises firmware having instructions to transition the apparatus to and from a secure state using the encrypted media encryption key.

Abstract: A computing platform is configurable to cause initiating a communication session with a user, the user having a user account associated with a workflow data object, the workflow data object being configured to represent a plurality of operations included in a workflow. The computing platform is also configurable to cause identifying a verified status indicator associated with at least one of the plurality of operations, the verified status indicator comprising a verified credential associated with at least one of the plurality of operations. The computing platform is also configurable to cause identifying a transfer operation associated with the verified status indicator and identifying a target entity associated with the transfer operation. The computing platform is also configurable to cause implementing the identified transfer operation based, at least in part, on identified target entity.

Abstract: A system, method, and computer-readable media for linking identify information between a group-based communication system and an external application based on a user authorization to share credentials. After sharing the user's credentials, the user may be authenticated with the external application and user data from the group-based communication system may be shared with the external application. Additionally, a preview of a web resource associated with the external application may be displayed to the user within the group-based communication system allowing the user to interact with the web resource from within the group-based communication system.

Abstract: In some embodiments, Uniform Resource Locator (URL) parameters may be used to bind access tokens to authorize web-browser-initiated network operations. In some embodiments, a user input at a data exchange gateway associated with a first website to perform a first network operation (e.g., a request to access resources associated with the first website) may be detected. In response to the detected user input, an access token may be generated based on user specific information associated with the user, where the access token is associated with one or more network operation parameters. In response to a use of the access token for authorizing the first network operation and successful authorization of the first network operation, the access token may be configured to be bound to a first URL identifier parameter associated with the first website.

Abstract: The invention relates to data recovery technology. Each created backup is checked for the integrity of the placed files, while calculating the checksums of each block of data that can be restored from the backup. The computer system is restored from a backup copy by connecting it using the archive copy connection driver, which creates a virtual disk that is readable by standard means of the operating system of the computer system being restored. The booting of the operating system is performed from the virtual disk and, after restoring the functioning of the computer system, the system volume that has been damaged is restored from the backup copy to the local storage medium.

Abstract: Embodiments of the present invention provide a system for authorizing entity users based on augmented reality and LiDAR technology. In particular, the system may be configured to receive a unique identifier from a user device of the user, where the unique identifier is scanned using LiDAR technology present in the user device of the user, determine location of the user based on the unique identifier, determine an entity device associated with the unique identifier and location of the user, perform authentication of the user using at least one authentication method, determine that the authentication is successful, and in response to determining that the authentication is successful, provide access to an entity device.

Abstract: An identity set may be selected from an identity pool of an identity management service. The identity set may be selected based on a threshold quantity of unnecessary permissions relative to one or more existing managed policies provided by the identity management service. The identity set may be grouped into a plurality of identity subsets. The grouping may be performed based at least in part on services accessed by the identity set. A plurality of candidate policies may be generated, such as by generating, for each identity subset of the plurality of identity subsets, based at least in part on a plurality of policy generation rules, a respective candidate policy. At least one candidate policy of the plurality of candidate policies may be selected as a new managed policy that is provided by the identity management service to users.

Abstract: An authentication method for use in a device and comprises monitoring a program behavior stream comprising a plurality of program observables that comprises a program observable. The method records the program observable and matches the recorded first program observable to a program model selected from a plurality of program models stored within a program store. A user model is selected from a plurality of user models stored within a user store corresponding to the program model. A user behavior stream corresponding to the program observable is monitored and a user observable contained in the user behavior stream is recorded. The user observable is correlated to the user model and an authentication state associated with the device is determined based on the correlating.

Abstract: A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

Abstract: A system receives a request to authorize an interaction between a first avatar associated with a first user and a second avatar associated with a second user within a virtual environment. The system receives a request to verify the identity of the first user. The system receives an image of the first user and extracts facial features from the image. The system identifies a serial number and a user credential associated with the first user. The system generates a token based on the facial features, the serial number, and the user credential. The system verifies the identity of the first user based on the token. If the identity of the first user is verified, the system authorizes the interaction between the first avatar and the second avatar.

Abstract: To support adding functionality to applications at a layer of abstraction above language-specific implementations of AOP, a language for implementing AOP facilitates runtime monitoring and analysis of an application independent of the language of the application. Aspects can be created for applications written in any supported language. Program code underlying implementations of aspects can be executed based on detecting triggering events during execution of the application. Routines written with the AOP language comprise event-based aspect code triggers that indicate an event which may occur during execution of the application and the associated aspect code to be executed. An agent deployed to a runtime engine to monitor the application detects events and evaluates contextual information about the detected events against the aspect triggers to determine if aspect code should be executed to perform further monitoring and analysis of the executing application.

Abstract: Presented is a network security system (NSS) that reliably detects malleable C2 traffic. The NSS intercepts outgoing transactions from user devices associated with user accounts. The NSS filters out transactions to known benign servers and analyzes remaining transactions for indicators of malleable command and control (C2) including heuristic, anomalous, and pattern-based detections. The NSS lowers the user confidence score associated with the user account or the user device based on the severity and number of detected indicators for each impacted outgoing transaction. When the user confidence score decreases below a threshold, the NSS implements a restricted security protocol for future outgoing transactions. Based on the detected indications, the NSS can identify malleable C2 attacker servers and add them to a blacklist of destination servers to further identify infected user accounts and devices.