Abstract: A plurality of weak label augmenters of different paradigms are integrated into a framework using robust training and negative instance filtering. A first of the augmenters extracts first weak labels from unlabeled data, a second of the augmenters extracts second weak labels from the unlabeled data. The robust training is used with an objective to downweight the probability of entities belonging to the wrong category. The first and second weak labels are filtered using an instance filter to update a high-precision training set shared by the plurality of augmenters. The plurality of augmenters are iteratively retrained using the updated high-precision training set to improve recognition performance over iterations.

Abstract: Examples include techniques for backing up a file to long term “cold” storage by using circuitry, and logic for execution by the circuitry, to receive a request to back up the file in a distributed file system to cold storage, to copy the file from at least one data node of the distributed file system to cold storage, to set a location of the file in cold storage in a name node of the distributed file system, and to set a length of the file to zero in the name node.

Abstract: Examples include techniques for backing up a file to long term “cold” storage by using circuitry, and logic for execution by the circuitry, to receive a request to back up the file in a distributed file system to cold storage, to copy the file from at least one data node of the distributed file system to cold storage, to set a location of the file in cold storage in a name node of the distributed file system, and to set a length of the file to zero in the name node.

Abstract: Disclosed is a file system that may support data management for a distributed data storage and computing system, such as Apache™ Hadoop®. The file system may include an expandable tree-based indexing framework that enables convenient expansion of the file system. As a non-limiting example, the file system disclosed herein may enable indexing, storage, and management of a billion or more files, which is 1,000 times the capacity of currently available file systems. The file system includes a root index system and a number of leaf index systems that are organized in a tree data structure. The leaf index systems provide heartbeat information to the root index system to enable the root index system to maintain a lightweight and searchable index of file references and leaf index references. Each of the leaf indexes maintains an index or mapping of file references to file block addresses within data storage devices that store files.

Abstract: According to one embodiment, an apparatus may store a first and second subject token that indicate a first authentication method performed by the user and a second authentication method performed by the user respectively. The apparatus may detect at least one new subject token indicating at least one different authentication method performed by the user. The apparatus may then determine that a particular combination of subject tokens in the first subject token, second subject token, and the at least one new subject token indicates a privilege should be granted to the user, and facilitate the granting of the privilege to the user.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens indicating a user is accessing a resource over a network. The plurality of tokens may include a risk token indicating a risk associated with access by the user to the resource. The apparatus may detect a token indicating a change associated with accessing the resource, and determine that the change triggers a risk update. The apparatus may then generate a dataset token that represents the risk token and the token indicating the change, and communicate the dataset token to a token provider to perform the risk update. The apparatus may then receive a recomputed risk token representing an updated risk. The updated risk may indicate the risk associated with continuing access to the resource with the change.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate the processing of transactions. The apparatus may receive a transaction token indicating that a transaction associated with an entity has been requested. The apparatus may determine at least one token-based rule based at least in part upon the transaction token. The at least one token-based rule may indicate that there is a risk that the transaction is fraudulent. The apparatus may determine that the transaction should be denied based at least in part upon the risk that the transaction is fraudulent.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token associated with access to the resource by a device. The apparatus may receive a first token indicating that an alarm associated with the device has been triggered. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated.

Abstract: According to one embodiment, an apparatus may store: a hard token representing identification information of the device, a network token representing the status of a network, and a resource token representing information associated with a resource. The apparatus may further store secured copies of the hard token, network token, and resource token. The apparatus may receive a suspect token indicating a risk that at least one of the device, the network, and the resource has been tampered, and in response, determine to inspect at least one of the hard token, network token, and resource token. The apparatus may then compare the at least one of the hard token, network token, and resource token with its corresponding secured copy. If at least one of those tokens does not match its corresponding secured copy, the apparatus may communicate a revalidation token indicating at least one token has been tampered.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens. The plurality of tokens may include a plurality of risk tokens. Each risk token may represent a risk rating. The risk rating may be a numerical value indicating a risk associated with granting a particular user access to a particular resource. The apparatus may identify a set of related risk tokens in the plurality of risk tokens, and generate a composite risk token that represents an arithmetic combination of the risk ratings represented by the set of related risk tokens. The apparatus may then use the composite risk token to facilitate the making of an access decision.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens indicating that a user is attempting to access a resource. The apparatus may determine an authorization level for the user based at least in part upon the plurality of tokens. The authorization level may indicate whether the user is authorized to access the resource. The apparatus may then determine a related resource that shares a relationship with the resource, and determine that the authorization level indicates that the user is authorized to access the related resource. The apparatus may then communicate a decision token indicating that the user is authorized to access the resource and the related resource.

Abstract: According to one embodiment, an apparatus may monitor a session that facilitates the processing of a transaction. The transaction may represent an action taken against a resource during the session. The apparatus may determine that the transaction qualifies for additional monitoring, and in response, generate a tag. The tag may be unique to the transaction. The apparatus may then associate the tag with the transaction to facilitate tracing of the transaction. The apparatus may then trace the transaction during the processing of the transaction by following the tag, and communicate a message to transfer the transaction to an isolated processing unit. The isolated processing unit processes the transaction in isolation.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule may facilitate access to a resource. The apparatus may further store a plurality of tokens. The plurality of tokens may include a session token associated with access to the resource by a user. The apparatus may receive a first token indicating at least one of the detection of a face other than the user's and the detection of a voice other than the user's. The apparatus may determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, that access to the resource should be terminated in response to receiving the first token and terminate the session token in response to the determination that access to the resource should be terminated.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may receive a first token indicating that a first form of encryption has been performed and determine, based at least in part upon the first token, at least one token-based rule. The apparatus may determine, based at least in part upon the token-based rule, that a second form of encryption should be performed. The apparatus may receive a second token indicating that the second form of encryption has been performed and determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed. The apparatus may then generate a decision token representing the determination that access to the resource should be granted and transmit the decision token.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens indicating a user is requesting access to a resource over a network. The apparatus may determine a condition associated with accessing the resource based on the plurality of tokens. The condition may be determined in addition to a determination to grant or deny access to the resource. The condition may include an obligation to be fulfilled and a message providing instruction regarding how to fulfill the obligation. The apparatus may generate a decision token representing the condition, and communicate the decision token to a resource provider to facilitate enforcement of the condition.

Abstract: According to one embodiment, an apparatus may store a plurality of token-based rules that facilitate access to a resource, and a plurality of tokens indicating a user is using a device to request access to a resource over a network. The apparatus may receive a risk token indicating the risk associated with granting at least one of the user and the device access to the resource. The risk token may be computed from a set of tokens in the plurality of tokens. The apparatus may determine at least one token-based rule based at least in part upon the plurality of tokens and the risk token. The apparatus may then make an access decision based upon the at least one token-based rule, and communicate a decision token representing the access decision.

Abstract: According to one embodiment, an apparatus may receive a resource token associated with a resource indicating that access to the resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the resource token, wherein the at least one token-based rule may be associated with at least one subject token. The apparatus may then determine that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens based at least in part upon the at least one token-based rule, and deny access to the resource.

Abstract: According to one embodiment, an apparatus may receive a first data token indicating a request for data associated with the resource, a subject token indicating that at least one form of authentication has been completed, and a network token indicating that at least one form of encryption has been performed. The apparatus may determine at least one token-based rule based at least in part upon the first data token, the subject token, and the network token. The apparatus may determine, based at least in part upon the at least one token-based rule, that a second data token representing the data should be generated. The apparatus may generate a message indicating the determination that the second data token should be generated and then transmit the message.

Abstract: According to one embodiment, an apparatus may monitor a session that facilitates a user's access to a resource. The user may be granted a privilege associated with accessing the resource. The apparatus may detect a change associated with the privilege granted to the user in at least one token of a plurality of tokens. The apparatus may then communicate a token that represents the change, and receive a risk token associated with the token. The apparatus may then determine to revoke the privilege based on the risk token, and generate a second token that represents the determination to revoke the privilege. The apparatus may then communicate the second token to facilitate the revoking of the privilege.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens. The apparatus may receive a first token indicating that access to a resource has been requested by a device. The apparatus may determine at least one token-based rule based at least in part upon the first token. The at least one token-based rule may condition access to the resource upon a second token. The apparatus may determine the geographic location of the device based on a token in the plurality of tokens. The apparatus may determine, based on the geographic location of the device, that the second token should be requested from an entity and transmit a request to the entity for the second token. The apparatus may receive the second token from the entity and generate a session token based at least in part upon the first token and the second token.