Abstract: Enhanced spelling correction is provided. An enhanced spelling correction service may determine any misspellings (e.g., a word of the text containing an identified spelling error) in text using lexicon-based spelling correction. Each misspelling is assigned an error flag. The service can communicate each misspelling to a language model-based spell checker and receive, for each misspelling, an error confidence signal from the language model-based spell checker. For each misspelling having an error confidence signal indicating a low confidence that the identified spelling error is an actual spelling error, the service can determine whether to maintain or suppress the error flag by applying decision logic. In response to determining to maintain the error flag, the service can surface a visual indication of the spelling error. In response to determining to suppress the error flag, the service can suppress the error flag whereby the visual indication of the spelling error is not surfaced.

Abstract: A computer process for entity resolution of natural language records including training a semantic embedding function on a corpus of unlabeled training materials. The semantic embedding function can take a word and represent it as a vector, where the vector represents the word as it relates to the semantic information of the corpus of unlabeled training materials. The process may transform a list of normalized descriptions using the semantic embedding function into a list of vector representations of the descriptions. The process may transform words from a natural language record to a vector representation of the natural language record using the semantic embedding function, and may use a named entity recognizer. The process may find a best match description from the list of normalized descriptions using the list of vector representations of the descriptions and the vector representation of the natural language record, and may include using word mover distance.

Abstract: Embodiments of the present disclosure relate to attention-based neural language processing. In an embodiment, a method is disclosed. According to the method, a sentence graph is generated from a sentence containing words. The sentence graph comprises nodes representing words and edges connecting the nodes, at least one of the edges being constructed to indicate a syntactic relationship between words represented by nodes connected therebetween. Word representations for the words are determined based on the sentence graph by applying an attention mechanism on respective ones of the nodes and respective sets of neighbor nodes for the nodes. A set of neighbor nodes for a node has edges connected to the node. A sentence representation for the sentence is determined based on the word representations for use in a natural language processing task related to the sentence. In other embodiments, a system and a computer program product are disclosed.

Abstract: Techniques facilitating detection of conversation threads in unstructured channels are provided. A system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise an extraction component that employs a model to detect conversation messages based on a defined confidence level and assigns the conversation messages to respective conversation thread categories. The computer executable components also can comprise a model component that trains the model on conversation messages that comprise respective text data, wherein the model is trained to detect the respective text data to the defined confidence level.

Abstract: Disclosed embodiments provide techniques for expanding user-chatbot conversations to include other relevant users. In some embodiments, the users are deemed to potentially be interested in learning information regarding the conversation topic. In other embodiments, the users are deemed to be potentially able to provide additional information regarding the conversation topic. In embodiments, a submitted question to a chatbot in a conversation on a messaging platform is received. The topic of the submitted question is identified. A probability that one or more additional users would benefit from an answer to the submitted question is determined. One or more additional users are invited to the conversation based on the determined probability that one or more additional users would benefit from an answer to, and/or provide information regarding, the submitted question.

Abstract: Methods, systems, apparatuses, and computer-readable storage mediums described herein are configured to provide context for characters displayed via a terminal application. For instance, a command line application communicatively coupled to the terminal application may generate a semantic sequence, which includes metadata that provides information about an entity represented by characters that are to be transmitted to the terminal application (via a serialized stream of data) and displayed thereby. The semantic sequence is transmitted to the terminal application via a virtual terminal sequence. The terminal application detects and parses the semantic sequence therein and associates the metadata with characters included in the serialized stream of data. The characters are displayed via the terminal application. The metadata is outputted via an output device in response to user interaction with the characters. The metadata may be output by the terminal application itself or by another application.

Abstract: Linguistic expressions for training a chatbot can be generated in an automated system via linguistic expression templates that are associated with intents. The pre-categorized linguistic expressions can then be used for training and validation. Chatbot development can thus be improved by having a large number of expressions for development, leading to a more robust chatbot. In practice, the process can iterate with modifications to the templates until a suitable benchmark is met. The technique can be applied across human languages to generate chatbots conversant in any number of languages and is applicable to a variety of domains.

Abstract: A disclosed sentiment topic modeling tool identifies issues within voluminous customer review data, based on particular categories of review submission (e.g., particular products and experiences) and concern areas (e.g., quality, performance, suitability of features), and abstracts the extracted topic data into a manageable set of focus areas for business operations improvements. An exemplary process includes: receiving a plurality of reviews; selecting a category of review to use for a topic network; selecting a number of topics for generating the topic network; generating, based at least on the selected category and the selected number of topics, the topic network; generating a plurality of topic networks in a topic network group, and determining a set of themes for the group. Additional network groups are generated, and a set of themes is determined for each. A set of focus areas is determined, based at least on the sets, and reports are generated.

Abstract: Embodiments of the present disclosure are directed to a system, methods, and computer-readable media for facilitating stylistic expression transfers in machine translation of source sequence data. Using integrated loss functions for style transfer along with content preservation and/or cross entropy, source sequence data is processed by an autoencoder trained to reduce loss values across the loss functions at each time step encoded for the source sequence data. The target sequence data generated by the autoencoder therefore exhibits reduced loss values for the integrated loss functions at each time step, thereby improving content preservation and providing for stylistic expression transfer.

Abstract: A computer-implemented method and system may include identifying an embedded human language string within a programming code based on a configuration file that specifies boundaries of the human language string within the programming code, communicating the identified embedded human language string for language translation from a first human language of the embedded human language string to a second human language to create a translated human language string, receiving the translated human language string, and inserting the translated human language string in the programming code to create a translated programming source code.

Abstract: Methods are disclosed for providing accurate translation between some languages and dialect-rich languages well as between dialects within dialect-rich languages. The present methods assign values to specific words within various dialect-rich languages and utilizes these values to perform specific and contextual matching to provide accurate specific meaning based translations.

Abstract: Embodiments of the present disclosure relate to generation of sentence representation. In an embodiment, a method is disclosed. According to the method, a sentence graph is generated from a sentence containing words, the sentence graph comprising nodes representing the words and edges connecting the nodes to indicate relationships between the words. Word representations for the plurality of words are determined based on the sentence graph by applying a graph convolution operation on respective sets of neighbor nodes for respective ones of the nodes, a set of neighbor nodes for a node having edges connected with the node. A sentence representation for the sentence is determined based on the word representations for use in a natural language processing task related to the sentence. In other embodiments, a system and a computer program product are disclosed.

Abstract: A method for optimizing orientations of an anisotropic material in a component. For example, the method overcomes the non-uniqueness and gimbal locking problems associated with using Euler angles to define the orientation by instead parameterizing the orientation using an orientation tensor that is a self-dyadic product of a direction vector. To avoid non-linear constraints in the mathematical design variables used in the optimization, isoparametric shape functions map the mathematical design variables to physical design variables, and the mapping ensures that various constraints associated with tensor invariants of the orientation tensor are satisfied even though these constraints are not directly imposed on the mathematical design variables. The physical design variables are used to model the component, whereas optimization is performed using the mathematical design variables.

Abstract: A function equivalence check method includes receiving a cell list, receiving an analog constraint of a cell in the cell list, generating the full-coverage input stimuli according to the analog constraint, performing a behavioral-level simulation using the full-coverage input stimuli and according to the behavioral code to generate a behavioral-level simulation result, performing a circuit-level simulation using the full-coverage input stimuli and according to the circuit-level netlist to generate a circuit-level simulation result, and comparing the behavioral-level simulation result and the circuit-level simulation result to generate a comparison report for an analog value auto-comparison.

Abstract: A method includes: receiving, from a manufacturer, a first printed document including specifications for a product and a first encoded image; sending, to the manufacturer, a second printed document, wherein the second printed document includes a second encoded image; receiving, from the manufacturer, a third printed document that corresponds to revisions to the specifications and includes a third encoded image; scanning the third encoded image; determining, based at least on scanning the third encoded image, that the third printed document corresponds to at least one of the first printed document or the second printed document; and in response to determining that the third printed document corresponds to at least one of the first printed document or the second printed document, making the product in conformance with the specifications.

Abstract: According to an example embodiment of the invention, there is provided a system for providing access to access restricted content to a user, the system including a communication arrangement operable to receive a content request message, the content request message including a content identifier, a processor configured to cause a first determination to be performed to yield a positive or a negative result, a validation module configured to, in response to the first determination yielding a positive result, obtain a first digital rights management key, the processor being further configured to cause a second determination to be performed to yield a positive or a negative result, and responsive to the first and second determinations yielding a positive result, the validation module is configured to cause access to the access restricted content to be provided to the user.

Abstract: It is provided a method for enabling an encrypted software module in a container file for a software application. The method is performed in a module provider and comprises the steps of: obtaining a software module; obtaining a module key based on an identifier of the software module and on a master key, the master key being used to generate a plurality of module keys in combination with respective identifiers of software modules; encrypting the software module using the module key, yielding an encrypted software module; and including the encrypted software module in a container file while omitting the module key from the container file, and omitting, from the container file, information that could be used to generate the module key.

Abstract: Apparatus, systems, methods, and articles of manufacture related to end-point media watermarking are disclosed. An example device includes a media receiver to receive a media signal, a watermark generator to generate a watermark, a trigger to activate the watermark generator to generate the watermark based on an external input, an encoder to encode the media signal with the watermark to synthesize an encoded media signal, a media output to render the encoded media signal.

Abstract: Aspects of the disclosure relate to multicomputer processing and dissemination of data files. A computing platform having at least one processor, a memory, and a communication interface may search one or more social media platforms for unauthorized dissemination of a data file. The computing platform may correlate a unique identifying feature(s) of the disseminated data file to that of a copy of the data file previously distributed to a linked user account. The computing platform may transmit, via the communication interface, to an administrative computing device, an unauthorized dissemination report which, when processed by the administrative computing device causes a notification to be displayed on the administrative computing device. The notification may identify the linked user account associated with the unauthorized dissemination, the name, content, or general nature of the data file, and/or the social media platform(s) on which the data file was discovered.

Abstract: The present disclosure describes apparatus, systems and methods in which a first data storage is maintained for a first group of authorization codes, for example those associated with a local POS system, and second data storage, logically separate from the first data storage, is maintained for a second group of authorization codes, such as those associated with a remote or online sales system. Access control is achieved by checking a received authorization code for validity against one or both groups of authorization codes, without needing to integrate different code assignment systems or different sales systems with one another. The technology has particular utility for automated car wash systems, although it is not limited thereto, and embodiments of the technology may be retrofit to existing car wash control interfaces.

Abstract: Various embodiments are directed to performing identity verification using biometrics and open data, such as publicly available data on the Internet. A person may provide various types of information about the person, including a name and an image of the person. An Internet search may be performed on the provided name and one or more publicly-available images corresponding to that name may be acquired. Biometric analyses may be performed on both the image provided by the person and the acquired one or more images to determine whether any of them match the person. Metadata may be extracted from a matching image. Moreover, data relating to the person may be acquired from the source of the matched image. The metadata and the data from the source may be compared with the information provided by the person to validate the identity of the person.

Abstract: The present invention includes: a voice sensor for detecting voice information; a camera for capturing an image of a subject related to the voice information; and a control unit for controlling the camera such that the image of the subject related to the voice information is captured when the voice sensor detects the voice information, and determining, by using the captured image of the subject and the voice information, whether the subject related to the voice information is a counterfeit face, thereby determining whether to execute a control command corresponding to the voice information.

Abstract: Provided are a user authentication device and method based on iris recognition. The user authentication method includes: acquiring an image of a user's left and right eyes; extracting a pupil image and an iris image from the image; obtaining a first iris feature by analyzing the iris image; obtaining a second iris feature by analyzing the iris image and the pupil image; obtaining a similarity score based on the first iris feature, the second iris feature, and prestored reference iris data; and determining whether to approve user authentication based on the similarity score.

Abstract: An infusion system to administer fluid is disclosed. The infusion system includes an infusion pump having a pump processor, a pump memory and a pump radio to enable bi-directional communication. The pump memory stores a plurality of fingerprint tokens and security conditions. The infusion system includes a controller with a processor, a controller memory and a controller radio to transmit and receive communication from the pump radio. The controller includes a fingerprint scanner and a graphical user interface (GUI) and controls to manipulate the GUI. The GUI and fingerprint scanner enable the controller to scan and determine tokens based on scanned fingerprints. Additionally, communication between the infusion pump and the controller establish relative proximity between the infusion pump and the controller such that when the relative proximity exceeds a threshold distance at least one of the plurality of security conditions is automatically matched.

Abstract: An authentication method includes: acquiring a front face feature and a side face feature of a first user in response to a face authentication request of the first user; searching, based on the front face feature and the side face feature of the first user, a first list of users of multiple births corresponding to the first user for a candidate user matching both the front face feature and the side face feature of the first user, wherein the first list of users of multiple births corresponding to the first user is a list of users of multiple births with similar front face features and non-similar side face features; and determining, based on consistency between the candidate user and the first user in the front face feature and the side face feature, whether the first user succeeds in authentication.

Abstract: Systems and methods to authenticate a vehicle operator for an autonomous vehicle on a vehicle service platform are provided. In one example embodiment, a computer-implemented method includes obtaining authentication request data indicative of an authentication request, the authentication request data including at least an operator identifier associated with the vehicle operator and a vehicle identifier associated with the autonomous vehicle. The method includes providing a service code associated with the authentication request to the autonomous vehicle. The method includes obtaining from a user device in response to providing the service code to the autonomous vehicle, operator data associated with the authentication request, the operator data including the service code. The method includes determining an authentication result associated with the authentication request based at least in part on the service code and the operator data. The method includes providing the authentication result to the user device.

Abstract: A vehicle authentication system includes a ring-type wearable device, an in-vehicle device, and a communication terminal. The in-vehicle device performs authentication regarding use of the vehicle. The in-vehicle device causes a short-range communication module to perform short-range wireless communication with the ring-type wearable device that has unique identification information. The in-vehicle device acquires information received by a wide area communication module configured to communicate, via a network, with the communication terminal configured to make a reservation for the use of the vehicle.

Abstract: Provided is an artificial intelligence (AI) system simulating functions of a human brain, such as recognition and decision, by using a machine learning algorithm, such as deep-learning. Image display apparatuses are more convenient for a user, by performing user authentication by using an authentication image set generated based on an object recognized from content viewed by the user.

Abstract: Techniques are described for enabling administrators of teams that use a particular service to specify which sign-on options, of multiple possible sign-on options, are assigned to the members of the teams to which the administrators belong. For example, an administrator may assign a sign-on option, which allows members of the team to use either native authentication or third-party single-sign-on authentication. Upon successful authentication of a member using third party single sign-on authentication, the member is automatically assigned to use only the third party single sign-on authentication.

Abstract: The present disclosure discloses a method and server for logging into a first application running on a terminal device. The method includes receiving, by a server from a second application running on the terminal device and distinct from the first application, a login verification request communicated from a login interface of the first application to the second application via an inter-application communication within the terminal device; verifying, by the server, in response to the login verification request, whether the first application is permitted to use login account information associated with an login account of the second application to perform a login to the first application; and sending, by the server, a response to the login interface of the first application via the second application to indicate a successful login verification when verification is successful, so that the first application uses the login account information to perform the login to the first application.

Abstract: An application with self-configuring accessibility settings is described. The application is configured to interact with an operating system of a computing device upon which the application is executing to obtain information relating to one or more user-configurable accessibility settings of the operating system. Such interaction may occur via an application programming interface exposed by the operating system. Based on the information obtained from the operating system, the application then determines one or more accessibility settings of the application, which may include identifying the one or more accessibility settings of the application based on a correspondence to the one or more accessibility settings of the operating system. The application then applies the one or more application accessibility settings either automatically or after obtaining user approval.

Abstract: Each of the authentication apparatus and the authentication target device holds the last piece of authentication information subjected to an authentication process. When the authentication target device is reconnected to the authentication apparatus, the authentication apparatus collates the authentication information held in the authentication apparatus with the authentication information read out of the authentication target device. The authentication apparatus determines, based on the collation result, whether or not the authentication target device has been authenticated by a different authentication apparatus.

Abstract: An example apparatus includes a packaging container, and any of a label and an electronic tag detachably connected to the packaging container and including an electrical code set for electrical authentication upon removal of any of the label and the electronic tag from the packaging container and being affixed to a device associated with the packaging container, wherein the electrical authentication is to validate the packaging container and the device as original equipment manufacturer components. Any of the label and the packaging container is altered upon removal of the label from the packaging container.

Abstract: The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

Abstract: A method is used in managing passwords. A proposed new password is received. The proposed new password is associated with contextual information indicating a context in which the proposed password is to be used. A machine learning model is dynamically selected from a set of machine learning models based on the contextual information. A quality metric is derived from the proposed new password based on the selected machine learning model.

Abstract: There are disclosed devices, system and methods for detecting malicious scripts received from malicious client side vectors. First, a script received from a client side injection vector and being displayed to a user in a published webpage is detected. The script may have malicious code configured to cause a browser unwanted action without user action. The script is wrapped in a java script (JS) closure and/or stripped of hyper-text markup language (HTML). The script is then executed in a browser sandbox that is capable of activating the unwanted action, displaying execution of the script, and stopping execution of the unwanted action if a security error resulting from the unwanted action is detected. When a security error results from this execution in the sandbox, executing the malicious code is discontinued, displaying the malicious code is discontinued, and execution of the unwanted action is stopped.

Abstract: An information processing apparatus for processing a program is provided. The information processing apparatus includes an extraction unit that extracts security information from a binary file of an application, a processing unit that generates security setting on the basis of the security information extracted by the extraction unit, and a construction unit that constructs an isolated environment on the basis of the binary file of the application and the security setting. The processing unit generates security setting by combining the security information extracted by the extraction unit with a database in which security desired to be set for the application is defined in advance.

Abstract: An apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method (1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or (2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based knowledge base from application request and response sequences.

Abstract: A lateral movement path detector is disclosed. Data is gathered via programmatic access to a management service director through a REST API endpoint. The data is grouped into a graph having nodes of users, groups, and devices. The nodes coupled together via edges. A visualization of the graph is provided to illustrate lateral paths of the management service directory.

Abstract: Novel hardware-based frameworks and methods for the detection and inhibition or prevention of insider threats utilizing machine learning methods and data collection done at the physical layer are provided. Analysis is done on unknown USB-powered devices, such as a keyboard or mouse, introduced to a computing environment and, through the utilization of machine learning, the behavior of the unknown device is determined before it can potentially cause harm to the computing environment.

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

Abstract: Injection attack identification and mitigation includes tracking characteristics of user input by a user to a computer system via input device(s), building and maintaining a user profile based on the tracking and that provides a baseline of expected characteristics of user input, the baseline defined by the tracked characteristics, monitoring input to the computer system in real time as the input is provided to the computer system, identifying, based on the monitoring and on a comparison of characteristics of the monitored input to the baseline of expected characteristics, a potential malicious code injection as part of the monitored input to the computer system, and performing mitigation processing based on identifying the potential malicious code injection.

Abstract: According to some embodiments, system and methods are provided including receiving, via a communication interface of an event detection and classification module comprising a processor, data from one or more sensors in a system; determining an event occurred based on the received data; applying a coherency similarity process to the received data via a classification module; determining whether the event is an actual event or a mal-doer event based on an output of the classification module; transmitting the determination of the event as the actual or the mal-doer event; and modifying operation of the system based on the transmitted output. Numerous other aspects are provided.

Abstract: A storage system includes a host device including a host processor and a secure element distinguished from the host processor, and a storage device that includes a first memory area accessed by the host processor, and a second memory area distinguished from the first memory area and accessed by the secure element. The host processor includes a first replay protected memory block (RPMB) key and a first RPMB counter for a first RPMB subsystem of the host processor. The secure element includes a second RPMB key and a second RPMB counter for a second RPMB subsystem of secure element. The first memory area includes a third RPMB key, a third RPMB counter and a first data space of the first RPMB sub-system. The second memory area includes a fourth RPMB key, a fourth RPMB counter and a second data space of the second RPMB sub-system.

Abstract: Embodiments of the disclosure disclose a system to prevent data of a client from leaking to untrusted parties in a multiparty computation environment. According to one embodiment, in response to a request received at a gateway (e.g., a non-bypassable gateway) of a server from a user device of a user over a network to process user data by an execution service, the system sanitizes the user data by scanning the user data for malicious code. The system selects a trusted execution environment (TEE) worker from a number of TEE workers and initiates an execution of the execution service by the selected TEE worker. The system receives execution results from the selected TEE worker. The system transmits the execution results to the user device of the user over the network.

Abstract: During a power-on self-test (POST), a basic input/output system (BIOS) retrieves an attribute value associated with the persistent memory device, and compares the attribute value to a default value. In response to the attribute value matching the default value, the BIOS may determine that a firmware management protocol was not executed during a previous POST. In response to the attribute value not matching the default value, the BIOS may compare the attribute value to a current firmware version of firmware within the persistent memory device.

Abstract: Methods, systems, and computer programs encoded on computer storage medium, for providing, by a client computing node, an interface identifying a secure boot certificate namespace hierarchy including a plurality of namespaces; in response to providing the interface, receiving, by the client computing node, a request to create a new namespace within the secure boot namespace hierarchy; configuring the new namespace, including adding a certificate that is to be included by the new namespace, the certificate associated with a server computing system; and assigning the new namespace to the server computing system.

Abstract: One method disclosed includes booting a computer with a bootloader, where the bootloader is stored on an unencrypted portion of a data storage device of the computer. The method further includes unsealing a decryption password for an encrypted portion of the data storage device from a trusted platform module (TPM) using a first sealing policy, where the first sealing policy excludes dependence on a first platform configuration register (PCR), wherein the first PCR stores a measurement result associated with the bootloader. The method subsequently includes sealing the decryption password into the TPM using a second sealing policy, where the second sealing policy includes dependence on the first PCR.

Abstract: A method, apparatus, system, and computer program product for operating a portable security testing device. The portable security testing device is configured by computer system with an operating system and a starting set of security testing tools. A selected set of the security testing tools is determined by the computer system for the portable security testing device based on information collected about a target by the portable security testing device. The starting set of the security testing tools in the portable security testing device is changed by the computer system to form a current set of the security testing tools in response to the starting set of the security testing tools being different from the selected set of the security testing tools, wherein the current set of the security testing tools operate to perform security tests on the target.

Abstract: Various embodiments for predicting which software vulnerabilities will be exploited by malicious hackers and hence prioritized by patching are disclosed.