Abstract: Management of machine-learned data between machine-learning devices is facilitated by a processor(s) obtaining a machine-learned data set of a first device, with the machine-learned data set of the first device being categorized machine-learned information. The processor(s) determines one or more device hardware requirements to use the machine-learned data set, and based on receiving a request to provide the machine-learned data set to a second device, determines whether the second device meets the one or more device hardware requirements to use the machine-learned data set of the first device. Based on determining that the second device meets the one or more device hardware requirements, the processor(s) provides the machine-learned data set of the first device to the second device to provide the categorized machine-learned information of the first device to the second device for use by the second device.

Abstract: Embodiments concern a dynamic authorization framework. Security Classification Process (SCP) is the process of classifying raw data, information extracted from raw data, content or code from security-value perspective. Security Achievability Determination Process (SADP) is a process based on a SV/SC that has been assigned, the RHE may determine the Security Requirements and how the security requirements may be achieved. During the Security Achievability Listing Process (SALP), the RHE uploads onto the Resource Listing Entity (RLE) the URI of the resource, the SAM associated with the resource and optionally a digital certificate associated with the resource. During the SAM Assessment Process (SAMAP) process, a Client evaluates the security mechanisms that must be carried out in order to meet the SAM that was provided as part of the Discovery Process (DP). Based on the SAM obtained from the RLE, the Client may initiate a Security Achievability Enabling Process (SAEP).

Abstract: An efficient method of feature selection for regression models can be implemented in a privacy-preserving manner in a multi-party computation setting. In accordance with various embodiments, the method takes as input data a feature matrix, a dependent variable vector, and an external feature matrix from which a feature is to be selected for addition to a regression model. Some or all of the input data can include private data that can be secret shared during the method so as not to disclose the private data to other parties. Based on two heuristic assumptions, the method determines numerators and denominators for a t-statistics vector in multi-party computations and then calculates the t-statistics vector. In determining the numerators and denominators, the method can determine a baseline Hessian matrix and a vector of predictions. A feature represented in the external feature matrix is then selected based on the calculated t-statistics vector.

Abstract: The present disclosure relates to a method and an apparatus for training a model for detecting anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises collecting feature samples of network data traffic at a monitoring point between a first and a second part of the network, and training the model for detecting anomalies on the collected feature samples using a plurality of anomaly detection, AD, trees. The training comprises creating the plurality of AD trees using respective subsets of the collected feature samples, at least some of the AD tree comprising subspace selection nodes and anomaly-catching nodes to a predetermined AD tree depth limit.

Abstract: A computer-implemented method, computer program product, and computer system are provided. The method comprises training a machine-learning model using an initial set of training data samples, receiving a new training data sample, and predicting a label for the new training data sample. The method also comprises, upon determining that a prediction quality value for the predicted label of the new training data sample is below a predefined quality value, adding the new training data sample to the initial set, thereby building an extended training data set. The method also comprises retraining the machine-learning model using the extended training data set.

Abstract: A method for reducing file size of a blockchain through hash truncation includes: receiving a plurality of blockchain transactions; generating a first Merkle root of a first Merkle tree comprised of a first hash of each of the plurality of blockchain transactions; generating a second Merkle root of a second Merkle tree comprised of a second hash of each of the plurality of blockchain transactions, where the second hash is a truncation of the first hash for the respective blockchain transaction; generating a new block comprised of a block header and the first hash of each of the plurality of blockchain transactions, the block header including at least a timestamp, the first Merkle root, the second Merkle root, and a block reference value associated with a prior block in a blockchain; and transmitting the generated new block to a plurality of additional nodes in the blockchain network.

Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.

Abstract: To enable a user himself/herself who is the owner of management data of a P2P database to disclose data while maintaining authenticity of the data. An information processing apparatus is provided including a creation unit that creates public data by using management data of a P2P database, and a registration control unit that controls registration of the public data to the P2P database, on the basis of first identification information that uniquely identifies the management data.

Abstract: Methods and systems are described for using cache objects to store events for adding corresponding objects in a blockchain. In one implementation, a first cache object is identified. The cache object stores events published responsive to updates, insertions, or deletions of records in a database object. An identifier for the cache object is based on a time window with which the cache object is associated, and an identifier for the database object. Events are retrieved from a cache that includes the cache object, based on the identifier for the cache object. The events were stored in the cache object during the time window. A block is added to a blockchain. The block's payload includes objects corresponding to a subset of the events.

Abstract: A system for analytics security includes processor(s) and a readable medium. The readable medium causes the system to perform operations comprising receiving a request for analytics data; determining the analytics data based on the request (the analytics data comprises result(s) of an analytic calculation performed on commingled data and the commingled data comprises tenant data shared by a tenant and other tenant data shared by other tenant(s)); determining security information associated with the analytics data (the security information associated with the analytics data is based on the commingled data used for determining the analytics data); determining permissions associated with the requestor based on the tenant; determining whether the requestor is credentialed based on the security information associated with the analytics data and the permissions associated with the requestor; and providing the analytics data to the requestor based on a determination that the requestor is credentialed.

Abstract: In an example, a first metadata tag and a second metadata tag are added to first Personally Identifiable Information (PII) of a first user handled by a first application. The first PII is to be part of call home data captured from a hosting system. The first metadata tag may be indicative of security rules to be complied with for the first application and the second metadata tag may be indicative of security rules to be complied with for the first user. The first PII, the first metadata tag, and the second metadata tag may be protected and transmitted to a data processing center. The transmission may be in response to a determination to transmit the call home data.

Abstract: Disclosed herein is a system and method for performing on-demand data analytics directly on blockchain without the need to extract data from the blockchain to an external intermediary platform. The system and method disclosed herein enable unsupervised learning-based analysis directly on the blockchain, for data records stored on the blockchain. Furthermore, the system and methods disclosed herein allows a consumer to execute custom data analysis algorithms, in addition to standard data analytics, on data records to generate useful insights.

Abstract: Methods, computer-readable media, and processing systems are disclosed for establishing a data sharing community for an event of an event type. For example, a processing system including at least one processor may detect, via at least one data source device, a trigger condition for an event of an event type, and establish a data sharing community for the event, the data sharing community including a plurality of data sources, the plurality of data sources including the at least one data source device, and a plurality of data consumers, where the establishing includes setting respective permission levels for the data consumers. The processing system may further collect data from the plurality of data sources in accordance with the event type, and provide at least a first portion of the data to at least a first data consumer in accordance with a respective permission level of at least the first data consumer.

Abstract: A system, method, and computer-readable storage medium is provided for storing, in a blockchain system, at least one generic finite blockchain comprising representative blocks, each corresponding to at least one step in a multi-step process; dynamically generating at least one finite blockchain instance based on said at least one generic finite blockchain; receiving, by a processor, change evidence data pertaining to at least one step in said multi-step process; and performing an update operation comprising updating the at least one finite blockchain instance based on said change evidence data.

Abstract: The disclosed computer-implemented method for detecting potentially malicious content in decentralized machine-learning model updates may include (i) receiving messages communicated within a group of client devices for performing an update of a shared machine-learning model, (ii) determining a bias of a target message in the messages communicated from a target client device in the group with respect to a remaining number of the messages in the messages communicated from the other client devices in the group, (iii) assigning a confidence score to each of the other client devices based on the bias determined for the target message, the confidence score representing a likelihood of potentially malicious content in the target message, and (iv) performing, based on the confidence score, a security action that prevents the potentially malicious content from compromising the update of the shared machine-learning model. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Aspects generally relate to an apparatus for authenticating a user. The apparatus can include a screen, and located under the screen are a plurality of fingerprint scanners, the plurality of fingerprint scanners corresponding to respective regions of the screen. An interface requests a location of the screen that an application uses for a fingerprint scan. A screen location touched by a user is identified, and based on the screen location touched by the user and the location of the screen that an application uses for a fingerprint scan, enabling fingerprint scanners covering the region of the location of the screen.

Abstract: The electronic device includes: a sensor unit configured to detect biometric information, a security module to extract a genuine score from the detected biometric information and generate a biometric authentication model, and perform user authentication based on feature points acquired from the detected biometric information and the biometric authentication, and a controller to control an operation of the electronic device based on a result of the user authentication, wherein the security module determines whether or not the biometric information used for the user authentication is biometric information acquired from a genuine user when the user authentication fails, and updates the biometric authentication model based on the genuine score extracted from the acquired biometric information. The present invention may provide an electronic device performing complex biometric authentication by using TOT (Internet of Things).

Abstract: Users often have multiple resource (e.g., devices, accounts, authorizations, permissions, etc.) that utilize or leverage a credential that may become compromised. A stolen mobile device may allow unauthorized access to the device to make and receive calls and potentially expose other resources (e.g., emails, text messages, accounts, etc.). Maintaining all these accounts is cumbersome and error prone. Having a ledger indicating resources that are blocked is provided. Copies of the ledger are maintained by other entities and updates exchanged therebetween. As a result, parties can be quickly notified when a resource should be blocked, or unblocked, if blocking is no longer warranted.

Abstract: Aspects of the subject disclosure may include, for example, capturing first monitoring information associated with an audience that is viewing a presentation, determining an actual audience engagement level by performing pattern recognition on the first monitoring information, comparing the actual audience engagement level with an expected audience engagement level to generate an engagement score for the presentation, and transmitting, to a device, a haptic feedback according to the engagement score during the presenting of the presentation. Other embodiments are disclosed.

Abstract: An embodiment of the present invention is directed to delivering an entitlements model that scales to both mid-frequency and low-latency use cases. The innovative solution may be distributed in nature and able to operate in low priority threads alongside the main logic of the software. An embodiment of the present invention may be implemented as a software module with APIs for ease of adoption.