Abstract: Systems, apparatuses, and methods are described for converting digital rights management (DRM) data in a specific protocol to standardized DRM data. The standardized DRM data may be used to secure content delivered to user devices through a content delivery network. If a user device decides to record a content item, a request for authenticating entitlement to the content item may be sent to a network device and the network device may reply with an authentication receipt if appropriate. If the user device later decides to access the content item, the user device may send the authentication receipt back to the network server so that the network server may reply with a decryption key for decrypting the content item.

Abstract: Techniques for managing customer license agreements are described. In one embodiment, a user-specified resource metric of a license model and a user-specified limit of the user-specified resource metric are obtained. A request for permission to launch a new compute resource at a computing device of the provider network is obtained from a service within a provider network. The new compute resource having a property that is an amount of the user-specified metric. A determination is made that a launch of the new compute resource would cause the user-specified limit to be exceeded, and the request the request to launch the new compute resource is denied.

Abstract: A system and method for performing licensing monitoring and compliance within a service provider platform are provided. The system comprises a memory and a processor configured to execute instructions stored within the memory. The system further comprises a central instance that executes on the processor and comprises a license repository containing licensing data for application components. The system further comprises a customer instance that includes a third-party application component installed within the customer instance from an application store. The system further includes a licensing module. The third-party application component is switchable between a monitor mode in which the licensing module reports usage of the third-party application component to the central instance and an enforcement mode in which the usage is controlled on the customer instance based on the license repository.

Abstract: Methods and systems for identifying a source of leak of confidential information are described herein. The methods and systems related to a file sharing system that may generate a copy of a shared file that is unique each user. The file management system may determine a plurality of differences within each version of the file. A table of differences is maintained by the file management system, for comparison against any leaked version of the file. The file management system compares each generated version of the file against previously generated versions to ensure enough differences are included to determine a unique identity of the user associated with any leaked file.

Abstract: The present invention discloses a method for unlocking an electronic cigarette, comprising the steps of: receiving an unlocking instruction, activating a display interface, and acquiring a password input by the user; determining whether the password is consistent with the preset password; and entering the activation state when the password is consistent with the preset password. The present invention also discloses a device for unlocking an electronic cigarette and a computer readable storage medium. The present invention realizes that the electronic cigarette enters an activation state by verifying the password input by the user, thereby improving the security of the use of the electronic cigarette.

Abstract: One embodiment provides a method, including: receiving, at an information handling device, a touchless command to perform an action; determining, using a processor, whether the action is one of: a protected action and an unprotected action; and requesting, responsive to determining that the action is associated with a protected action, user authentication input prior to performing the action. Other aspects are described and claimed.

Abstract: In the present disclosure, a request is received from a user to access the electronic device. Upon receiving the request, the user is prompted to perform an action and image frames are captured while the user performs the action. Next, a variation in characteristics of skin of the user is identified, while the user performs the action. The identification is performed using the image frames captured. Upon identification of the variation in the characteristic of the skin of the user, facial features of the user are recognized. The access is provided to the user based on recognition of the facial features.

Abstract: A contactless multiple body part recognition method using multiple biometric data according to an embodiment of the present invention comprises: a step of acquiring biometric data from a user in a contactless state when the user is detected within a preconfigured measurable range, and then comparing the acquired biometric data with preregistered biometric data, thereby performing user authentication for the biometric data; and a step of putting together the user authentication result of the biometric data and, if the user authentication result of the biometric data satisfies a preconfigured condition, then determining the user as an authorized user, wherein, in the step of acquiring the biometric data from the user in a contactless state when the user is detected within the preconfigured measurable range, and then comparing the acquired biometric data with the preregistered biometric data, thereby performing user authentication for the biometric data, when the user approaches, biometric data of a face and an

Abstract: Techniques include securely maintaining data associated with a plurality of authentication credentials; generating, as a function of the data associated with a selected group of the plurality of authentication credentials, a secret data element; making available, the secret data element, to be embedded in a first authentication credential; identifying an attempt to change the first authentication credential, the attempt including new authentication credential data to replace data in the first authentication credential; validating, conditional on whether the new authentication credential data includes the secret data element, the new authentication credential data; and determining, based on the validating, whether to perform a control action based on the new authentication credential data.

Abstract: An automated and processor agnostic method is described for modifying one or more executable binary files to insert one or more new software segments to modify the execution of the one or more executable binary files in at least certain circumstances. The modification takes into account the target microprocessor architecture of the one or more executable binary files which can be in the ELF format. In one embodiment, the new software segments are configured to add at least monitoring capabilities to monitor control flow integrity during execution of the one or more executable binary files.

Abstract: Tools and techniques are described to automate triage of security and operational alerts. Insight instances extracted from raw event data associated with an alert are aggregated, vectorized, and assigned confidence scores through classification based on machine learning. Confidence scoring enables heavily loaded administrators and controls to focus attention and resources where they are most likely to protect or improve the functionality of a monitored system. Feature vectors receive a broad base in the underlying instance values through aggregation, even when the number of instance values is unknown prior to receipt of the event data. Visibility into the confidence scoring process may be provided, to allow tuning or inform further training of a classifier model. Performance metrics are defined, and production level performance may be achieved.

Abstract: Modeling methods include providing one or more data stores storing model components and in some cases threats, each threat associated with at least one model components. A relational diagram of a system, application or process is displayed on one or more user interfaces. The diagram includes visual representations of the model components and defines a model. In response to adding a model component to the model, a list of one or more model components associated with the added model component is displayed, along with an indication of whether the model components are required to be added to the model. In some implementations a threat report is displayed on a threat report interface and includes each threat that is associated through the data store(s) with one of the model components in the model. Modeling systems and threat modeling systems include systems configured to carry out the modeling and threat modeling methods.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The at least one memory may include program code that provides operations when executed by the at least one processor. The operations may include: training, based on a training data, a machine learning model to enable the machine learning model to determine whether at least one container file includes at least one file rendering the at least one container file malicious; and providing the trained machine learning model to enable the determination of whether the at least one container file includes at least one file rendering the at least one container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.

Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: reducing a dimensionality of a plurality of features representative of a file set; determining, based at least on a reduced dimensional representation of the file set, a distance between a file and the file set; and determining, based at least on the distance between the file and the file set, a classification for the file. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: This invention teaches a system and methods of detecting software vulnerabilities in a computer program by analyzing the compiled code and optionally the source code of the computer program. The invention models compiled software to examine both control flow and data flow properties of the target program. A comprehensive instruction model is used for each instruction of the compiled code, and is complemented by a control flow graph that includes all potential control flow paths of the instruction. A data flow model is used to record the flow of unsafe data during the execution of the program. The system analyzes the data flow model and creates a security finding corresponding to each instruction that calls an unsafe function on unsafe data. The security findings are aggregated in a security report. To improve performance, the system further uses data flow merging, and caching of 1-to-many data flow maps for each basic block in the code.

Abstract: Generation of a first prediction model is caused based on first training data, where the first prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack. For each training instance in the first training data, the first prediction model is used to generate a score. Each training instance is added to second training data if the score is greater than a threshold value. The second training data is a subset of the first training data. Generation of a second prediction model is caused based on the second training data, where the second prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack.

Abstract: A system to create a stacked classifier model combination or classifier ensemble has been designed for identification of undisclosed flaws in software components on a large-scale. This classifier ensemble is capable of at least a 54.55% improvement in precision. The system uses a K-folding cross validation algorithm to partition a sample dataset and then train and test a set of N classifiers with the dataset folds. At each test iteration, trained models of the set of classifiers generate probabilities that a sample has a flaw, resulting in a set of N probabilities or predictions for each sample in the test data. With a sample size of S, the system passes the S sets of N predictions to a logistic regressor along with “ground truth” for the sample dataset to train a logistic regression model. The trained classifiers and the logistic regression model are stored as the classifier ensemble.

Abstract: A method for use in managing a secure object store in a computing system includes: securing the secure object store including creating, maintaining, and using a hierarchical key system and accessing an encrypted data object using the Node Key Encryption Key and a selected one of the Data Encryption Keys. The securing includes: generating a Node Key Encryption Key; generating a plurality of Data Encryption Keys that are encrypted using the Node Key Encryption Key; and encrypting a plurality of data objects using the Data Encryption Keys, each data object being encrypted by a respective Data Encryption Key.

Abstract: Disclosed herein is a distributed ledger method for a fifth-generation (5G) network. A network slice is created in the 5G network and a root block is generated in response, containing parameters of the network slice and contracts between participants in the network slice. A blockID of the root block is transmitted to identified participants in the network slice, who sequentially commit a plurality of new blocks to a blockchain beginning from the root block. The plurality of new blocks comprises auditing information of the network slice, wherein the information is collected by the participants in the network slice. The blockchain is stored in a blockchain network of a plurality of disparate blockchains. Desired auditing information for the network slice is retrieved by using the blockID of the root block to traverse the blockchain beginning at the root block until all blocks with the desired auditing information have been read.

Abstract: Methods of authenticating a file are disclosed. A method may include selecting, via an identifier, a subset of data segments of a file. The method may also include executing, via a microcontroller, a cryptographic function on only the subset of data segments of the file to generate a digest. Further, the method may include generating, via the microcontroller, an authenticator based on the digest and a private key. The method may also include conveying the file, the identifier, and the authenticator to a cryptography element. In addition, the method may include executing, via the cryptography element, the cryptographic function on the subset of data segments of the file to generate a second digest. Furthermore, the method may include authenticating, via the cryptography element, the file via verification of the authenticator based on the second digest and a public key of the microcontroller.

Abstract: Additional security is provided for users by implementing a module that notifies an account holder when the account is accessed to change in password, logout or lock the account via notifications to smartphone apps, browser plugin, etc. User can use mobile apps or browser plugin from any device to immediately stop the access by logging out the user from the already logged in systems, lock the user account, or change the password.

Abstract: The disclosed technology provides solutions that enable scalable and secure data retrieval between microservices by using microservice attributes to encrypt container based data stores. A process of the technology can include steps for: instantiating a first microservice and a second microservice in a cloud environment, wherein the first microservice is associated with a first attribute label and the second microservice is associated with a second attribute label, generating a first key based on the first attribute label and a second key based on the second attribute label, associating a first data store with the first microservice, wherein the first data store is encrypted using the first key, and associating a second data store with the second microservice, wherein the second data store is encrypted using the second key. Systems and machine readable media are also provided.

Abstract: A method and a sensitive data discovery engine (SDDE) are provided for discovering substantial sensitive data in source systems spurning across similar and variant data sources and applications. The SDDE configures a scanning pathway for scanning data based on a predefined or configurable unique data classification. The scanning pathway defines a sequence of one or more match operations including master data field, dictionary, code, pattern and exact data matches to be performed on the data for the unique data classification. The SDDE executes the match operations in the scanning pathway on the data based on a scan level, scores the data, and determines sensitive data. The SDDE generates a sensitive data discovery map report including locations of the sensitive data and discovery metadata including information of users and programs that access the sensitive data, generated by inspecting application codes, for use in downstream data protection and governance operations.

Abstract: In implementations of the present disclosure, a solution for managing a co-ownership database system is provided. In this solution, multiple members access the database system as the co-owner thereof. The database system comprises: an underlying database for storing data of multiple members of the database system, a rule set defining constraints on operations of the multiple members over the database system, and a blockchain storing a record of an operation history of the database system. The database system is co-owned by the multiple members. In response to receiving a data accessing request from one of members, the accessing request will be verified based on the rule set. Subsequently, the accessing request will be processed according to a result of the verification.

Abstract: A conference management system (“system”) facilitates data compliance in recording conversations between users. A host user can send an electronic invitation for a meeting to participants. Upon accessing the invitation, the participants can be presented with two options to join the conference—a first option using which a participant can join the meeting by providing consent to recording the meeting and a second option using which the participant can join the meeting by opting-out of recording of the meeting. When a participant opts-out of the recording of the meeting, the conference management system ensures that the recording is performed in compliance with a data compliance policy applicable to the participant who opted out of recording.

Abstract: Systems and techniques are disclosed for trust based access to records via encrypted protocol communications with an authentication system. An example system is configured to authorize and provide selective and secured access to sensitive medical information according to one or more trusted relationships. The system is configured to receive a request for access to a patient's health record from an outside entity. Authentication information associated with the outside entity is determined. Whether the outside entity is authorized to access the requested data is determined. The determination is based on existence of a trust relationship being established between the outside entity and the patient, the trust relationship established by an action of the patient or a patient's representative. Access to the patient's health record is enabled based on a positive determination.

Abstract: A system prevents divulgation of sensitive data in two snapshots, taken at different times, of one or more systems. The system identifies a set of files from among file pairs. Each file pair is formed from a respective file that includes a difference with respect to each of the two snapshots. The system performs a pattern reducing process that removes, from the set, any file having, as the at least one difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The system performs a commonality reducing process that removes, from the set, any file having, as the at least one difference, a common difference between different system users. The system annotates data in remaining files in the set as potentially being sensitive data. The predetermined non-sensitive difference is determined using a Sandbox host. The common difference is determined using an actual one of the systems.

Abstract: The method includes generating an additional block for expanding a blockchain structure, which includes the data to be stored and is intended to be linked bidirectionally to the last block of the blockchain structure; calculating a first check value of the last block for bidirectionally linking the additional block to the last block of the blockchain structure; calculating a check value of the additional block for bidirectionally linking the additional block to the last block of the blockchain structure; adding the first check value of the last block to the last block and; adding the check value of the additional block to the additional block.

Abstract: A node associated with an organization may receive a storage identifier for new credit data associated with an individual. A distributed ledger and distributed data sources may be used to share the new credit data with a network of nodes. The node may update a smart contract with the storage identifier for the new credit data. The node may receive, from a particular device associated with the organization, a request for the new credit data. The node may obtain the storage identifier for the new credit data from the smart contract. The node may obtain the new credit data by using the storage identifier to search the distributed data sources. The node may provide the new credit data to the particular device. The node may perform actions to obtain additional new credit data from the distributed data sources or provide the additional new credit data to the distributed data sources.

Abstract: Provided is a server, for use in digitally signing writing in a legal document, wherein a signee has an associated public/private key pair, the server comprising: one or more processors; a communication module, to communicate with a signee device; memory comprising instructions which when executed by one or more of the processors configure the server to: process a document based on a set of rules to extract writing from the document, for signing, from other document data; and generate, on the server, or receive, from the signee device: a hash of the extracted writing; a signee security stamp based on a private key associated with the signee and the hash.

Abstract: A system and method for cryptographic verification of entity/vehicle authenticity, comprising generating a Vehicle Identification Number (VIN)—Key for an individual platform/vehicle; applying the VIN—Key to components of the platform/vehicle; receiving input for the platform/vehicle; validating the authenticity of the input and/or the platform/vehicle; performing the operation of the input if it was validated; terminating the operation if it was not validated; logging the operation; and decommissioning the platform/vehicle at the end of life.

Abstract: A battery-powered device with an opening for receiving a smartcard; inside the opening there being at least one electrical contact which can be used to receive power from a power supply. There is also provided a power supply for one or more of the battery-powered devices, the power supply having one or more paddles each of which is configured to enter the smartcard opening of the battery powered device and supply power from a power input, to the electrical contact(s) located inside the opening.

Abstract: Inductive identification systems and methods are described. The system may include an inductive detector configured to identify objects having inductive identifiers. An inductive detector may include conductive coils and inductance readout circuitry for measuring an inductance of each coil. An inductive identifier may include a conductive pattern configured to induce a desired inductance in the coils of the inductive detector. An inductive identifier may include a film having openings, each opening configured to be disposed over a corresponding coil to induce differing inductance changes in the corresponding coils. A pattern of inductance values may be determined and used to identify the object. The detector may be implemented in a cassette recess of an infusion pump system. The inductive identifier may be disposed on a pump cassette configured to be received in the cassette recess and identified based on an inductive interaction between the inductive detector coils and the inductive identifier.

Abstract: A method by which a hub unit can discover IDs from a plurality of satellite units across a shared communication link that connects each of the satellite units to the hub unit, each satellite unit having a satellite unit ID, the method comprising the hub unit broadcasting a message over the shared communication link, the message including an ID segment with a string of bits shorter than a bit length of the satellite unit IDs and an ID segment location; and each satellite unit receiving the broadcast message and comparing the ID segment with an ID portion of its own satellite unit ID starting at the ID segment location, if the ID portion for a satellite unit matches the ID segment, the satellite unit transmitting its complete satellite unit ID to the hub unit over the shared communication link.

Abstract: The present invention is related to a trackable authentication system of canvas for tracking and authenticating artwork, the canvas comprising: a canvas made by thread; and a plurality of wireless communication chips, that is NFC (Near Field Communication) or RFID (Radio Frequency Identification) chip, each chip being disposed at an appropriate position wherein a plurality of threads are knitted into canvas material for the canvas, and wherein the NFC or RFID chips are for transferring verifiable codes and the codes are provided with tracking and authentification information.

Abstract: A code symbol reading device includes an imaging unit and a control unit. The imaging unit is configured to image a code symbol to facilitate capturing image data. The control unit is configured to receive the image data captured by the imaging unit, decode data encoded in the code symbol based on the image data, operate the imaging unit under a first imaging condition for imaging the code symbol, operate the imaging unit under a second imaging condition for imaging the code symbol, and switch between the first imaging condition and the second imaging condition in response to at least one of (i) the control unit failing to decode the data encoded in the code symbol or (ii) receiving a switch command from an operator. The second imaging condition includes switching among a plurality of the mutually different imaging conditions according to a switching procedure.

Abstract: A fingerprint sensor includes a substrate, and a plurality of first electrodes disposed on the substrate, and including a plurality of first pattern parts and a plurality of first connectors. The plurality of first electrodes is repeatedly arranged in a second direction intersecting a first direction, and the plurality of first connectors connects the plurality of first pattern parts in the first direction. The fingerprint sensor further includes an insulating layer disposed on the plurality of first electrodes, and a plurality of second electrodes disposed on the insulating layer, and including a plurality of second pattern parts and a plurality of second connectors. The plurality of second electrodes is repeatedly arranged in the first direction, and the plurality of second connectors connects the plurality of second pattern parts in the second direction. The plurality of first connectors and/or the plurality of second connectors include a metal material.

Abstract: The invention relates to a manufacturing process of a pixel array of a thermal pattern sensor comprising the steps of: providing a substrate; depositing a first layer of electrically conductive material, including depositing electrically conductive tracks, depositing of connector pins and depositing a ground strip; depositing of second layer of pyroelectric material covering the tracks and leaving at least part of the connector pins free; depositing of third layer of electrically conductive material; depositing of fourth layer of dielectric material in contact with the third layer; depositing of a fifth layer including electrically conductive heating tracks; depositing of a sixth protective layer, wherein the step of depositing the second and/or third and/or fourth and/or sixth layer is carried out by slot-die coating.

Abstract: Automatic substance preparation and evaluation systems and methods are provided for preparing and evaluating a fluidic substance, such as e.g. a sample with bodily fluid, in a container and/or in a dispense tip. The systems and methods can detect volumes, evaluate integrities, and check particle concentrations in the container and/or the dispense tip.

Abstract: A tracking control method includes obtaining a tracking parameter of a target object. The tracking control method also includes determining a characteristic part of the target object based on the tracking parameter. The tracking control method further includes tracking the target object based on the characteristic part.

Abstract: The present invention discloses a method and a system for unlocking an electronic cigarette based on face recognition, wherein the method comprises: when collecting a face image, comparing, by a mobile terminal, the collected face image with a preset face template library, and when the comparison is successful, sending an unlocking instruction to the electronic cigarette; and receiving, by an electronic cigarette, the unlocking instruction, and performing a corresponding unlocking operation according to the unlocking instruction. According to the present invention, the interaction between the electronic cigarette and the mobile terminal enables the mobile terminal to send the unlocking instruction to the electronic cigarette when the face is compared successfully, thereby realizing the personalized unlocking of the electronic cigarette, and improving the interest of the use of the electronic cigarette.

Abstract: A face attribute recognition method, electronic device, and storage medium. The method may include obtaining a face image, inputting the face image into an attribute recognition model, performing a forward calculation on the face image using the attribute recognition model to obtain a plurality of attribute values according to different types of attributes, and outputting the plurality of attribute values, the plurality of attribute values indicating recognition results of a plurality of attributes of the face image. The attribute recognition model may be obtained through training based on a plurality of sample face images, a plurality of sample attribute recognition results of the plurality of sample face images, and the different types of attributes.

Abstract: A server including a processor to receive an electronic photo having at least one face from a user and compare the electronic photo with a template having a design element, and a computer implemented algorithm. The processor compares the electronic photo to the template and determines if the face is overlapped by the design element or if the face is cropped out of the photo slot. The processor presents the template combined with the electronic photo to the user only if the design element of the template does not overlap the face in the electronic photo. Multiple templates are compared to the electronic photo, and the templates are displayed based on a priority using criteria.

Abstract: Predictive theft notifications are used to coordinate appropriate responses to persons who are likely to commit acts of theft. Image data is generated and processed in a computer processing device to recognize the presence of a facial image comprising a face of a person. An analysis is performed of data representative of the facial image to determine a biometric match relative to one or more biometric models of facial images stored in a database. Based on this analysis, at least one predictive notification is generated with regard to a future potential theft of merchandise from the secured facility. The predictive notification is generated based upon a determination of the biometric match.

Abstract: A gesture recognition method includes determining a palm connected domain based on an acquired depth image. The method includes determining a tracking frame corresponding to the palm connected domain. The method includes recognizing a gesture within a region of a to-be-recognized image corresponding to the tracking frame, based on a location of the tracking frame. In this arrangement, a palm connected domain and a tracking frame corresponding to the palm connected domain are acquired, and a gesture is recognized within a region of a to-be-recognized image corresponding to the tracking frame.

Abstract: Methods and systems by which an identifier of a social event, attendee recognition data, and an image of an attendee are obtained. In some variants a portion of image data associated with the attendee recognition data is sent to a mobile client device in response both to a recipient authorization and to an image data selection identifying the portion of the image data.

Abstract: A method of authentication using object imaging, comprising: identifying at least one key geometric marker related to an object captured from a specific viewport and depicted in a reference image; receiving a current image of the object, the current image captured by an imaging device; extracting at least one current geometric marker related to the object from the current image; and comparing the at least one current geometric marker to the at least one key geometric marker to verify that the current image is depicting the object from the viewport.

Abstract: Methods and systems for determining a ball shot attempt result, the ball shot attempt captured by a camera on a mobile computing device, are disclosed. The methods and systems perform steps comprising receiving an input video captured using the camera on the mobile computing device, wherein the input video comprises a ball shot attempt at a goal; receiving a declared ball shot attempt, the declared ball shot attempt detected by analyzing a ball trajectory in the input video; detecting an element movement associated with an element of the goal; and determining the ball shot attempt result based on the element movement and the ball trajectory. In some embodiments, the element of the goal is a net, and the declared ball shot attempt is detected by analyzing the ball trajectory in a ball shot attempt Region of Interest (ROI) within frames of the input video.