Abstract: A cloud computing platform, a method of operating a cloud computing platform, and a private business entity network are provided herein. In one embodiment, the cloud computing platform includes: (1) a consolidated data reservoir configured to store saved data collected by a business entity, (2) an application layer having an infrastructure for developing and running applications, including at least one customer application of a customer of the business entity, and (3) a service layer configured to control access of the customer application to the saved data and allow the customer application to execute proprietary algorithms of the business entity.

Abstract: Disclosed is a method of building a customized deep learning (DL) stack classifier to detect organization sensitive data in images, referred to as image-borne organization sensitive documents, and protecting against loss of the image-borne organization sensitive documents, including distributing a trained feature map extractor stack with stored parameters to an organization, under the organization's control, configured to allow the organization to extract from image-borne organization sensitive documents, feature maps that are used to generate updated DL stacks, without the organization forwarding images of organization-sensitive training examples, and to save non invertible feature maps derived from the images, and ground truth labels for the image.

Abstract: A method and system for performing query analysis are described. The method and system include receiving a query for a data source at a wrapper. The wrapper includes a dispatcher and a service. The dispatcher receives the query and is data agnostic. The method and system also include providing the query from the dispatcher to the data source and to the service as well as analyzing the query using the service.

Abstract: Embodiments disclosed herein provide systems and methods for quarantining communications at a network edge by routing traffic through a specialized network edge system. In a particular embodiment a method provides, identifying criteria indicating whether certain network traffic should be handled by the specialized network edge system. The method further provides receiving first information about first network traffic received at a first network edge system for a communication network. In response to determining, based on the first information, that the first network traffic satisfies the criteria, the method provides routing the first network traffic through the specialized network edge system.

Abstract: Provided is a method for secure processing of an authorization verification request from a unit requesting authorization verification, the authorization verification request being included in a transaction of a block chain, wherein a registration entity performs a check on a block chain data structure and on the transaction protected by the block chain and, in the event of a successful check, forwards the authorization verification request to a certification entity. The authorization verification request is included in a transaction and the registration entity performs a check on a block chain data structure and on the transaction. The transaction and the authorization verification request are protected by the block chain. In particular, the authorization verification request can no longer be altered retrospectively and information that has been transmitted to the registration entity within the context of the authorization verification request is stored in the block chain and protected against manipulation.

Abstract: Authentication tokens, systems, and methods are described. An illustrative method is disclosed to include receiving an electronic file including a digital image, receiving biometric information that is associated with a person, modifying the electronic file with the biometric information such that one or more pixels in the digital image are replaced with the biometric information, and storing the modified electronic file as a digital authentication token to be used in connection with authorized publications of original digital work.

Abstract: A method and a system for securely applying proprietary software functions of software sources to proprietary data of a population of users are disclosed. The proprietary data of a user is not exposed to software sources, and the proprietary software of a software source is not accessible to users. A collaboration software module, placed in at least one cloud, is configured to establish, and continually update, a data structure holding task permissions from grantors to grantees, a grantor being a software source or a user, and a grantee is also a software source or a user. The collaboration software module of a cloud applies software function of a software source, communicatively coupled to the cloud, to proprietary data of an originating user, communicatively coupled to the same cloud, to produce a requisite result which is only accessible to the originating user or any grantees of the originating user (the grantor).

Abstract: During operation, the system obtains a training dataset during a training mode, wherein the training dataset includes counts of actions performed by users while operating applications in the computer system. Next, the system uses the training dataset to produce corresponding per-action datasets. The system then cleanses the training dataset based on counts of actions in the per-action datasets to produce a cleansed training dataset, and uses the cleansed training dataset to produce corresponding per-user datasets. Next, the system trains per-user models based on the per-user datasets to detect anomalous actions of users. The system then obtains a surveillance dataset during a surveillance mode, wherein the surveillance dataset includes counts of actions performed by users while operating applications in the computer system. Next, the system uses the trained per-user models to detect anomalous actions in the surveillance dataset. Finally, when an anomalous action is detected, the system triggers an alert.

Abstract: Implementations of the present specification provide a blockchain-based identity verification method and related hardware. The method includes: An agent client generates an identity verification request based on identity verification input information of a business platform, the identity verification input information indicating an identity verification parameter for identity verification and an identity verification platform that executes the identity verification. The agent client sends the identity verification request to the identity verification platform. The identity verification platform performs identity verification on the identity verification parameter to obtain a result of the identity verification. The identity verification platform submits a transaction including a verifiable credential of a result of the identity verification to a blockchain.

Abstract: An information management device includes a memory and a processor configured to receive an access request to information related to individual, the access request including designation of a first data table including first information related to the individual and a second data table including second information related to the individual, perform, in accordance with whether the first data table and the second data table include a same key, determination of whether the individual is identified based on a combination of the first information and the second information to be included in a response to the access request, and perform a stop of output of the response when it is determined that the individual is identified based on the combination.

Abstract: Embodiments include a computing device with a memory and a processor configured to perform operations including computing a cybersecurity and privacy (CS&P) framework profile (or risk factor) for a cybersecurity program implemented by an enterprise, computing a CS&P maturity level (or maturity factor) for the cybersecurity program, determining an integrated result for the cybersecurity program based at least in part on a combination of the CS&P framework profile and the maturity factor.

Abstract: A system and method is described that sends multiple simulated phishing emails, text messages, and/or phone calls (e.g., via VoIP) varying the quantity, frequency, type, sophistication, and combination using machine learning algorithms or other forms of artificial intelligence. In some implementations, some or all messages (email, text messages, VoIP calls) in a campaign after the first simulated phishing email, text message, or call may be used to direct the user to open the first simulated phishing email or text message, or to open the latest simulated phishing email or text message. In some implementations, simulated phishing emails, text messages, or phone calls of a campaign may be intended to lure the user to perform a different requested action, such as selecting a hyperlink in an email or text message, or returning a voice call.

Abstract: A method, apparatus, and system provide the ability to act on cyber risks and reduce cyber attacks. System characteristics and system information for a cyber system are gathered. The system characteristics and system information are pre-processed to identify vulnerabilities that are relevant to the cyber system. A system model of a cyber environment is generated for the cyber system. One or more features are converted from cyber threat reports to one or more semantically relevant queries over the system model. The system model is reasoned over to generate one or more answers relevant to the one or more semantically relevant queries. Attack models are executed over the system model to generate actionable intelligence and reduce cyber attacks.

Abstract: A communication system for a working machine includes a communication device disposed on the working machine, and a mobile terminal to be connected to the communication device. The communication device transmits a service universal unique identifier (UUID) to the mobile terminal. The mobile terminal transmits unique information to the communication device. The communication device issues connection request to the mobile terminal after receiving the unique information. The mobile terminal requests transmission of authentication information after issuing the connection request, the authentication information being used for paring. The communication device transmits the authentication information to the mobile terminal in response to the request. And, the mobile terminal judges whether the paring is established based on the authentication information, and executes a program based on the service universal unique identifier (UUID) when the paring is established.

Abstract: Method, system and product for performing private and non-private tasks in Augmented Reality (AR) systems. A privacy policy of a user using an AR device is obtained. A frame sensor is utilized to obtain frames for processing. An overlay display for the frame is generated. The overlay display is generated based on an execution of a non-private task on a non-trusted device and based on an execution of a private task on a trusted device. The private task and the non-private task are determined based on the privacy policy. The overlay display is displayed by an AR device.

Abstract: A data-masking tool encoded on one or more computing readable storage media that includes a code that uses a combination of fields that uniquely identifies data in a record and utilizing it as a reference to mask original data with substitute values, by either aggregating several into one, mapping one-to-one or expanding one into a set.

Abstract: Systems and methods are described for receiving a byte stream from a data provider. Data elements of a data record included in the byte stream may be identified and transferred to buffer memory. A key-value map may be generated to map the identified data elements to their respective memory locations in the buffer memory. Based on a data directive associated with the data provider and using the key-value map, filtering of the data elements may be performed, and the filtered data elements may be provided to a data recipient.

Abstract: Systems and methods for enhancing resiliency of a power system (e.g., an energy cyber-physical system (ECPS)) against cyber-attacks are provided. An internet of things (IoT)-based digital twin (DT) for cyber-physical networked microgrids (NMGs) can be implemented to be a centric oversight for the NMG system. A cloud system can host the controllers (cyber things) and the sensors (physical things) of the power system into the cloud IoT core in terms of the IoT shadow. The DT can cover the digital replica for the physical layer, the cyber layer(s), and their hybrid interactions.

Abstract: Systems and methods are described for receiving at an intermediary entity a token from a data provider that enables access to a user's data at a data provider, where the token is received without an intermediary entity receiving user credentials. A request is received from a data recipient to receive data from the data provider, where the token is required to access the data. Data may be received from the data provider using the token, and the received data may be filtered based on a data directive associated with the data provider, to identify which data the data recipient is permitted to access. The identified data may be provided to the data recipient.

Abstract: A method includes, by a computer associated with a security reporter, updating a component vulnerability entry blockchain to represent a state of a component vulnerability entry of a software component vulnerability database. The method includes, by the computer, providing the updated component vulnerability entry blockchain to a management authority so that the management authority updates a master blockchain for the software component vulnerability database. The updated master blockchain includes a plurality of component vulnerability entry blockchains, which represent corresponding states of component vulnerability entries of the software component vulnerability database, including the updated component vulnerability entry.