Abstract: A computer implemented method can receive a metadata definition of a restricted measure pertaining to a database including a plurality of database tables. The restricted measure has a label, and the metadata definition includes one or more filter criteria configured to filter values contained in the plurality of database tables. In a report designer user interface for a report, the method can present the label of the restricted measure as an option based on the metadata definition. The method can receive a selection of the label of the restricted measure in the report designer user interface. Responsive to the selection, the method can link the metadata definition of the restricted measure to the report. When generated, the report requests access to the values contained in the plurality of database tables via application of the one or more filter criteria of the metadata definition.

Abstract: A provider of a first network-based service provides a list of user data for users of the first network-based service to a provider of a second network-based service. The users associated with the list of user data access results of the one or more identity monitoring services from the first network-based service, the second network-based service, a third-party identity monitoring service, or any suitable combination thereof. Additional services are offered to one or more users associated with the list of user data. A user accepting the offer pays a fee to the offering provider for the additional service. Based on the user being associated with the list of user data provided by the provider of the first network-based service and the user paying the fee for the additional service, a portion of the fee is transferred to the provider of the first network-based service.

Abstract: System and methods are provided to facilitate the exchange of user data between two parties, but limit the exchange of user data to users that are known to both parties. According to an embodiment, encrypted first user data is transmitted from a first device to a second device. The second device then transmits intersection data to the first device, where the intersection data is based on the encrypted first user data and second user data. The intersection data may be decrypted by the first device and the first device may determine, based on the decrypted intersection data, that one or more users are common to the both the first device and the second device. The first and second devices may then exchange data pertaining to the common users.

Abstract: Methods, systems, and techniques for private identity verification involve obtaining a cryptographically secure commitment that is generated using a first user identifier and a private user identifier associated with the first user identifier; receiving, from an identity verification system, initial zero knowledge proof messages comprising the commitment; sending, to the identity verification system, a set of cryptographically secure known identifier commitments generated using a set of private user identifiers; receiving, from the identity verification system: (i) a zero knowledge proof response generated using the zero knowledge proof challenge; and (ii) proof that the private user identifier used in the initial zero knowledge proof messages comprises part of the set of private user identifiers; and verifying that the private user identifier used in the initial zero knowledge proof messages comprises part of the set of private user identifiers.

Abstract: Deterministic identifiers fuel reliable efficient capture of product discovery, purchase and consumption events, which in turn enable more reliable product recommendation, more accurate shopping list generation and in-store navigation. A mobile device, equipped with image and audio detectors, extracts product identifiers from objects, display screens and ambient audio. In conjunction with a cloud-based service, a mobile device application obtains product information and logs product events for extracted identifiers. The cloud service generates recommendations, and mapping for in-store navigation. The detectors also provide reliable and efficient product identification for purchase events, and post shopping product consumption events.

Abstract: A unified cloud configuration evaluation (UCCE) system is described capable of evaluating both asset configurations in a live cloud environment and proposed configuration changes produced by a cloud configuration development (CCD) system. In embodiments, the UCCE system may be implemented as a Cloud Security Posture Management (CPSM) system that monitors assets in the cloud environment and check the assets' configurations for compliance with a set of compliance rules. In embodiments, the UCCE system ingests a cloud configuration definition generated by the CCD system. In embodiments, the CCD system is implemented as an Infrastructure as Code (IaC) system that allows a user to create a cloud configuration definition that describes proposed configuration changes to the cloud environment. The UCCE system is configured to interpret the cloud configuration definition and analyze the proposed configuration changes for compliance using the same set of compliance rules used for the live cloud environment.

Abstract: In an example embodiment, an efficient, automated method to generate password guesses is provided by leveraging online text sources along with natural language processing techniques. Specifically, semantic structures in passwords are exploited to aid system in generating better guesses. This not only helps cover instances where traditional password meters would indicate a password is safe when it is not, but also makes the solution robust against fast-evolving domains such as new slang in natural languages or new vocabulary arising from new products, product updates, and services.

Abstract: A computer system including a plurality of systems, in which the plurality of systems include a plurality of provision systems that provide data and a platform system that controls access to the data, the platform system receives, from a user, an acquisition request including a data acquisition condition, a quality condition, and a provider condition related to providers of data provided by the provision systems, and in a case where data satisfying the data acquisition condition satisfies the quality condition and a provider of the data satisfying the data acquisition condition satisfies the provider condition, the platform system performs control such that the user is allowed to access the data satisfying the data acquisition condition.

Abstract: Examples of the disclosure can provide an apparatus for detecting malware. The apparatus can comprise means for: selecting one or more tasks to be performed by a user device during charging of the user device; enabling a power trace to be obtained wherein the power trace provides an indication of the power consumed by the user device while the one or more tasks are being performed; and enabling the power trace to be analysed to provide an indication of the presence of malware.

Abstract: A system includes a hypervisor, a memory, and boot firmware stored in the memory. The boot firmware is configured to execute on a processor to load a trusted code that includes a condition checker from the hypervisor, check a signature of the trusted code, and verify the signature is trusted by a guest. The boot firmware is also configured to load the trusted code into an encrypted memory at a known guest address. The hypervisor is configured to protect the known guest address. The trusted code includes a first instruction, one or more intermediate instructions, and a final instruction. The first instruction and the final instruction are exits to the hypervisor. The hypervisor is also configured to execute the condition checker and detect an inconsistency in guest memory.

Abstract: An IoT/M2M service layer may be provided with the capability to protect user privacy. This functionality may allow the IoT/M2M service layer to anonymize user data, particularly when user data is shared with third party consumers. A privacy policy service may enable the IoT service layer system to generate anonymization (e.g., privacy) policies based on inputs such as legal obligations, subscriber privacy preferences, and an authorization level of the data consumer. Data anonymization policies may be output from the privacy policy service and may be sent to a data anonymization service, where raw data may be anonymized based on the one or more data anonymization policies. The output from the data anonymization service function may be a privatized (e.g., anonymized) version of data that may prevent the data consumer from discovering one or more identifying characteristics of a user.

Abstract: There is provided a data security method, comprising: creating an interaction graph, by: analyzing collected interaction events between users and between users and files and/or records, wherein a respective node of the interaction graph represents a specific one of a user, a record, and a file, wherein a respective edge indicates an interaction between respective users or between a respective user and a respective file and/or record, wherein an interaction weight assigned to the respective edge indicates an amount of the interaction, monitoring an attempt by a target user to access a target file and/or record, computing a target interaction weight between the target user and the target file and/or record from the interaction graph, and in response to the target interaction weight being below a target threshold, at least one of: filtering security alerts, and blocking access by the target user to the target file and/or record.

Abstract: This invention involves an encryption method that is mainly applied to network. The network could be both wireless or wired, the former is connected through a wireless router, and the latter is connected through a router. When the network receives a message requesting connection from at least one new networking device, it can authenticate and authorize the message through the key to form a fixed connection with the network, and at the same time, at least one connected device to the network can update the password connected to the network synchronously, or at least one connected device connected to the network can update the password connected to the network at any time, so as to improve the performance of network security and avoid hacking.

Abstract: A system receives a request from a user to execute a command on an air-gapped computer system. If a role-based access control system permits the user to execute the command, the system prompts a number of approvers to determine whether to approve of the user executing the command. If a required number of approvers have approved of the user executing the command, the system encodes the command and incorporates the encoded command in an encoded message. The system uses a simplex communication output device to communicate the encoded message to a simplex communication input device for the air-gapped computer system. The system enables execution of the command by requesting the air-gapped computer system to execute the command, or by providing the user with an access token, received from the air-gapped computer system, which enables the user to physically access the air-gapped computer system and execute the command.

Abstract: A biometric identification device may be used to secure passwords and other valuable information. In one implementation, the biometric identification device may be a capacitive fingerprint sensor. Capacitive readings may be used to identify the ridges and valleys of a fingerprint and determine if an object contacting the fingerprint sensor is living tissue. Two-factor identification may be implemented by recognizing the authenticity of biometric inputs and a specific combination or sequence in which the biometric inputs are provided. A user interface is provided in which sequences of biometric inputs are associated with commands. A user may indicate a command by providing a predetermined sequence of fingerprints to a fingerprint scanner.

Abstract: Systems and methods for protecting privacy for safety, comfort, and infotainment of one or more occupants of an autonomous vehicle are disclosed. For example, the system may capture image data indicative of an interior of the autonomous vehicle via one or more cameras integrated with the autonomous vehicle. The captured image data is then transformed to remove personal identification information of the one or more occupants, and the transformed image data may be analyzed to identify a concern, e.g., an occupant safety concern or a vehicle safety concern. The level of concern may be determined, and a mitigation strategy may be deployed based on the safety concern identified.

Abstract: A system and method are disclosed for delegating, by a resource-constrained device, a privilege to a basic input/output system, wherein the privilege allows the basic input/output system to authenticate an endpoint device on behalf of the resource-constrained device. The system and method also includes generating an asymmetric security key that includes a private key and a public key and transmitting the public key to the basic input/output system, wherein the public key is included in a proxy certificate generated by the basic input/output system. In addition, the system and method includes establishing a secure session between the basic input/output system and the endpoint device using the private key and the proxy certificate, wherein the secure session is used by the basic input/output system to authenticate and verify that the endpoint device is authorized to perform an operation.

Abstract: Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations.

Abstract: The present invention relates to a method, apparatus, and system for communication with a user's family members using the DNA of the user without making the DNA profile public. According to a first aspect, there is provided a computer implemented method of locating one or more members of a familial network, comprising the steps of: generating one or more encryption keys derived from a first genomic sequence; encrypting a message using the or each encryption key to form an encrypted message; sending the encrypted message to one or more remote devices wherein decrypting the encrypted message at the one or more remote devices uses one or more encryption keys derived from a second genomic sequence; and receiving a confirmation regarding whether the decryption of the encrypted message was successful by any of the one or more remote devices.

Abstract: Indices of non-zero weights may be stored in an index register file included within each of a plurality of processor elements in a systolic array. Non-zero weights may be stored in a register file associated with the index register file. Input values (e.g., dense input values) corresponding to a single block in a data structure may be sent to the plurality of processor elements. Those of the input values corresponding to the indices of non-zero weights in the index register file may be selected for performing multiply-accumulate (“MAC”) operation based on sending the plurality of input values to one or more of the plurality of processor elements. The indices of the plurality of non-zero weight are stored in an index data stick. The values of the plurality of non-zero weights are stored in a value data stick.