Abstract: A system for managing cyber security risks includes a memory storing instructions and a processor that executes the instructions to perform operations. The operations include receiving raw entity data for one or more entities from a source system and converting the raw entity data to processed entity data having a format different from the first entity data. The operations include extracting attributes for the entities from the processed entity data and generating an initial risk score for a selected entity based on an entity initial attribute associated with that entity. The operations also include receiving a rule for determining a rule-based risk score and generating a rule-based risk score for the selected entity based on the entity attribute of the selected entity. Additionally, the operations include generating a risk score for the selected entity based on the initial and rule-based risk scores.

Abstract: The present disclosure describes devices and methods monitoring a technology environment. In particular, a computing device including a processor with computer readable instructions to access a plurality of indicators (e.g., variables) that have corresponding stored historical information. The indicators are then used to calculate a summed weights table of relative risk for each time period in the past. The summed weights table is then correlated to a target variable (e.g., a variable that documents major issues, incidents, or disruptions that occurred in the technology environment in the past). The correlation coefficient between the summed weights table and the target variable is then used to implement a machine learning algorithm in order to better determine current risk levels (e.g., relative values that predict issues, incidents, or disruption).

Abstract: Systems, methods, and computer media for mitigating cybersecurity vulnerabilities of systems are provided herein. A current cybersecurity maturity of a system can be determined based on maturity criteria. The maturity criteria can be ranked based on importance. Solution candidates for increasing the cybersecurity maturity of the system can be determined based on the ranking. The solution candidates specify cybersecurity levels for the maturity criteria. A present state value reflecting the current cybersecurity maturity of the system can be calculated. For the solution candidates, an implementation state value and a transition state value can be determined. The implementation state value represents implementation of the maturity levels of the solution candidate, and the transition state value represents a transition from the present state value to the implementation state value.

Abstract: A system and method for generating content for an encrypted package is provided. A package may be received that includes one or more anti-tamper hash portions and encrypted data, where the encrypted data includes one or more procedural content generation instructions. A portion of the encrypted data including the one or more procedural content generation instructions may be decrypted and a data based on the execution of the one or more procedural content generation instructions and a corpus of data may be generated. The generated data may be encrypted and anti-tamper hashes may be generated based on the encrypted generated data. The generated anti-tamper hashes may be compared to the one or more anti-tamper hashes in the anti-tamper hash portion of the received package.

Abstract: Logical data containers of a data storage system are associated with policies that require data transformation of data to be stored in the logical data containers. When a data object is received to be stored in a logical data container, the data object is transformed in accordance with a policy on the logical data container. Transformation of the data object may include encryption. The logical data container may also be associated with a cryptographic key used to perform a required transformation.

Abstract: An open source library rating is generated for an open source library based on dependencies of the library, vulnerabilities of the library, an age of the library, a popularity of the library, a history of the library, or any suitable combination thereof. The rating of a specific version of a library may be generated based on a base score for all versions of the library and a version score for the specific version of the library. An authorization system receives a request from a developer to add a library to a software application. In response, the authorization system accesses a rating for the library. Based on the rating, the authorization system approves the request, denies the request, or recommends an alternative library.

Abstract: The present application provides a method, a device, a system and a readable medium for setting access permission for an application. The method comprises: obtaining an access permission configuration request from the application, and the access permission configuration request comprises an application identifier; determining at least one access permission setting policy for the application according to the access permission configuration request from the application; and setting the access permission for the application according to the at least one access permission setting policy. Recommended permission setting schemes are provided for a user according to the access permission configuration request from the application, and the access permission for the application is set by one click according to a scheme selected by the user, which simplifies user's operations and thus improves user experience.

Abstract: An apparatus includes a memory and a hardware processor. The memory stores security restrictions. The processor detects that a user attempted to access a third-party application that does not use the stored security restrictions and communicates the stored security restrictions to the third-party application. The processor also receives a message indicating that the third-party application registered the security restrictions, determines, based on the stored security restrictions, that the user should be granted access to the third-party application, and in response to the determination that the user should be granted access to the third-party application, redirects the user to the third-party application.

Abstract: A method, apparatus and computer program product are disclosed to provide for the selective establishment and use of secure communication channels to facilitate the exchange of data objects containing potentially sensitive information in a network environment. In some example implementations, upon detection that the processing of a network entity request implicates the exchange of non-public information amongst one or more other network entities, one or more secure communication channels are established between a secure transfer system and the relevant network entities such that non-public information neither passes to nor resides on system components associated with non-secure network entities.

Abstract: Embodiments described herein ensure differential privacy when transmitting data to a server that estimates a frequency of such data amongst a set of client devices. The differential privacy mechanism may provide a predictable degree of variance for frequency estimations of data. The system may use a multibit histogram model or Hadamard multibit model for the differential privacy mechanism, both of which provide a predictable degree of accuracy of frequency estimations while still providing mathematically provable levels of privacy.

Abstract: Example methods are provided for adaptive file access authorization using process access patterns. In a learning mode, attributes and other information, which are associated with applications or with processes that are related to the applications and that attempt to access a file system, are collected and used to generate a policy. In a protected mode, file access requests are examined against the policy, and are granted access to the file system or are denied access to the file system based on the contents of the policy. The policy may be updated so as to adapt to changes in the access patterns and to changes in the application or processes.

Abstract: In some implementations, a computing device can restrict the use of another computing device in certain contexts. For example, a parent may wish to use the parent's computing device to restrict her children's use of the children's computing devices while the children are in school while the children should be participating in some other activity. For example, the parent's controller device may be enabled to remotely configure and control the usage of the satellite device(s) without needing to physically access the satellite device. The parent may implement limitations, permissions, or different policies that may govern, for example, the ability of the satellite device to communicate with other devices, execute various application functionalities, run any particular software, and manage its own settings.

Abstract: This application discloses a data access authority management method, apparatus, terminal device and storage medium. The data access authority management method comprises obtaining report metadata in Tableau, the report metadata comprises report ID; creating folder data in Portal platform, the folder data comprises at least one folder, and the folder comprises folder ID; creating a correlation relationship between the report ID and the folder ID in Portal platform; obtaining user class authority configuration request entered by user, the user class authority configuration request comprises user class ID and target folder ID; performing user class authority configuration based on the user class authority configuration request in Portal platform, so as to enable the user class corresponding to the user class ID to have access authority to access report metadata which is corresponded to the report ID corresponding to the target folder ID.

Abstract: In a dataset exchange environment in which datasets are available for exchange or transformation, a dataset validation platform may be configured to update a cryptographically signed record based on each dataset that is available via the data exchange environment. The dataset validation platform may be further configured to control access to the datasets based on whether a request to access a particular dataset is compliant with an availability requirement of the particular dataset. The dataset validation platform may be further configured to update the cryptographically signed record based on requests to access the datasets, transformations that are based on the datasets, or modifications to the availability requirement of the datasets, such as a modification to a privacy limitation or other availability requirement indicating a criteria for usage of the requested dataset.

Abstract: Simplified and/or user friendly interfaces can be employed to facilitate administration of a routing platform that couples devices of a local area network (LAN) to an external communication network (e.g., the Internet). In one aspect, the routing platform comprises a firewall that can be employed to perform access control and/or an Internet of Things (IoT) hub that can be employed to control operations of IoT devices of the LAN, for example, based on domain information, user-defined tags and peer-defined criteria to make correlations that are leveraged to implement access control policies. A search and command interface is employable to issue textual (e.g., natural language) commands to configure access control policies, tags for devices and/or websites, and/or search for data.

Abstract: Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights. A level of access rights can be determined from a search query, and an index can be selected based on the determined level of access rights. A search key can be generated based on the received query, and the selected index can be searched using the search query. Database entries mapped to the values of the selected index returned in response to the search can be outputted. Each index is associated with a different granularity defining the number and/or ambiguity of search results returned in response to searching an index.

Abstract: A system for controlling access includes a computing device, configured to: determine a first identifier associated with a first access point being used by the computing device to access a network; determine first access control data associated with the first identifier and a first application executing on the computing device; and control access to data over the network by the first application based on the first access control data.

Abstract: An information handling system with improved data security has a signal detector circuit to receive a signal interrupt from a plurality of signal interrupt sources, and an authentication timer circuit that starts measuring a configured time duration based upon the received signal interrupt. A scrambler module initiates data scrambling upon completion of the configured time duration.

Abstract: Methods, systems, and devices for wireless communications are described. Aspects may include receiving, at a device, a device configuration profile including one or more parameters for managing data transfers associated with a service and generating a transaction credential by which the data is to be associated in a storage. The transaction credential may be generated according to the configuration profile. Aspects may also include identifying, at the device, that data is to be stored in the storage that is associated with the service. Aspects include signing the data using the transaction credential and transmitting the signed data to the storage.

Abstract: A method for managing a consent receipt under an electronic transaction, comprising: receiving a request to initiate a transaction between the entity and the data subject; providing a privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; accessing the privacy policy associated with the entity; storing one or more provisions of the privacy policy associated with the entity; providing a user interface for consenting to the privacy policy associated with the entity; receiving a selection to consent to the privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; generating, by a third-party consent receipt management system, a consent receipt to the data subject; and storing the generated consent receipt.

Abstract: A system for analytics security includes processor(s) and a readable medium. The readable medium causes the system to perform operations comprising receiving a request for analytics data; determining the analytics data based on the request (the analytics data comprises result(s) of an analytic calculation performed on commingled data and the commingled data comprises tenant data shared by a tenant and other tenant data shared by other tenant(s)); determining security information associated with the analytics data (the security information associated with the analytics data is based on the commingled data used for determining the analytics data); determining permissions associated with the requestor based on the tenant; determining whether the requestor is credentialed based on the security information associated with the analytics data and the permissions associated with the requestor; and providing the analytics data to the requestor based on a determination that the requestor is credentialed.

Abstract: A method of identifying one or more pieces of personal data associated with a data subject based at least in part on one or more triggering action; identifying a storage location of each of the one or more pieces of personal data associated with the data subject; automatically determining that a first portion of the one or more of the pieces of personal data has one or more legal bases for continued storage; automatically maintaining storage of the first portion of the one or more pieces of personal data; and automatically facilitating deletion of a second portion of the one or more pieces of personal data associated with the data subject.

Abstract: A method and a corresponding runtime environment for migrating an instance of an actor of an application are provided. An initiating runtime environment performs a method comprising selecting, based on obtained security attributes for a set of target runtime environments, a target runtime environment from the set of target runtime environments for migration of the instance of the actor. The method comprises migrating the instance of the actor to the selected target runtime environment once the target runtime environment has been selected.

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Abstract: Methods and apparatus for protecting a physical unclonable function (PUF) generator are disclosed. In one example, a PUF generator is disclosed. The PUF generator includes a PUF cell array, a PUF control circuit and a reset circuit. The PUF cell array comprises a plurality of bit cells. Each of the plurality of bit cells is configurable into at least two different stable states. The PUF control circuit is coupled to the PUF cell array and is configured to access each of the plurality of bit cells to determine one of the at least two different stable states upon a power-up of the plurality of bit cells, and generate a PUF signature based on the determined stable states of the plurality of bit cells. The reset circuit is coupled to the PUF cell array and is configured to set the plurality of bit cells to represent their initialization data based on an indication of a voltage tempering event of a supply voltage of the PUF cell array.

Abstract: A device, system and method for installing encrypted data are provided. A device includes a processor comprising: immutable memory storing preconfigured trust anchor data; and a module storing preconfigured non-exportable data.

Abstract: The present invention is a distributed and autonomous digital data security agent that secures stored data and the storage device itself, from remote manipulation. The present system is an “agent” in that it acts independently in the accomplishment of its objects and is distributed in that its functionality is resides on firmware resident at disparate hardware locations. The agent is autonomous in that it cannot be remotely compromised. The system includes server having a dedicated Private link with a Chip Administrator, and a Data Link between a Chip-A, a Chip-B of said security agent. The Chip-A is resident and operable to control Write/Read calls and data transfers between the server and the Chip-Bs of the data storage. The Chip Administrator, Chip-A and Chip-B in combination with their associated Firmwares provide said distributed and autonomous data security agent.

Abstract: This invention provides a method for providing trusted display to security sensitive applications on untrusted computing platforms. This invention has a minimal trusted code base and maintains full compatibility with the computing platforms, including their software and hardware. The core of the invention is a GPU separation kernel that (1) defines different types of GPU objects, (2) mediates access to security-sensitive GPU objects, and (3) emulates accesses to security-sensitive GPU objects whenever required by computing platform compatibility.

Abstract: An anti-theft protection disablement solution is provided to authorized users and authorized customer service representatives. An anti-theft protection disablement request message from a recovery application on a user device may be received via a cloud messaging service or a binary messaging service. In turn, an anti-theft protection disablement message may be transmitted to the user device via the cloud messaging service or the binary messaging service when the anti-theft protection disablement request message is authenticated. The anti-theft protection disablement message may disable an anti-theft protection function on the user device that calls for an input of an anti-theft protection authentication credential for a factory reset of the user device.

Abstract: A method for designing a part member of a custom-made furniture includes: producing a rectangular parallelepiped part member in a rectangular parallelepiped space; setting a XY coordinate system on six faces of the rectangular parallelepiped space using a corner of a rectangle of each face as an origin and two sides of a rectangle of each face as X axis and Y axis; setting one or more predetermined rules for determining positions of one or more machinings based on lengths p and q from a corner of the rectangle and designating a XY coordinate positions of the one or more machinings as a function of p and q; altering the dimensions of the rectangular parallelepiped space of the part member; calculating the positions of the machinings after the dimensions of the rectangular space are altered in accordance with the predetermined rules; and outputting the machining specification.

Abstract: A centralized design engine receives a problem specification from an end-user and classifies that problem specification in a large database of previously received problem specifications. Upon identifying similar problem specifications in the large database, the design engine selects design strategies associated with those similar problem specifications. A given design strategy includes one or more optimization algorithms, one or more geometry kernels, and one or more analysis tools. The design engine executes an optimization algorithm to generate a set of parameters that reflect geometry. The design engine then executes a geometry kernel to generate geometry that reflects those parameters, and generates analysis results for each geometry. The optimization algorithms may then improve the generated geometries based on the analysis results in an iterative fashion. When suitable geometries are discovered, the design engine displays the geometries to the end-user, along with the analysis results.

Abstract: A method of adjusting a three-dimensional representation of an object to be manufactured in an additive manufacturing process comprises determining a processing operation to be applied to the object, and adjusting the three-dimensional representation of the object based on adjustment parameters associated with the processing operation.

Abstract: A laboratory physical plant structure and corresponding method disclosed herein improves the time and efficiency of processing of laboratory samples. One embodiment includes a physical arrangement of the bloodletting stations and sorting of specimens including two levels wherein sorting and collection occurs on Level 1 and Processing occurs on Level 2. A lift or other transportation system between the levels is utilized to quickly process and move the samples being collected and tested.

Abstract: Methods for designing a bio-climatically adapted affordable Zero-Energy prefabricated modular building such as for housing, in which a Layered disposition of Envelope elements—including Structural Insulated Panels—in the wall, floor and roof sections, provide a highly energy-efficient Building Envelope, which together with a modular building Support Structure including Aeriated Frames, and an adequately sized renewable energy power generator system, inexpensively achieves the energetic independence of the building. In these methods, different possible configurations of the relevant elements of the Building Envelope, the building structure and the renewable power generator system are evaluated, discarding those configurations which don't meet the defined acceptable criteria for energy-efficiency, thermal isolation and water condensation risks. The building has a low environmental impact thanks to reduced greenhouse emissions during its construction and its useful life.

Abstract: Method and apparatus for conducting a Service Call in a structure using orienteering methods. The AVM may assist in determining whether or when equipment needs repair and can automatically call a service technician. By referencing the AVM on a smart device, the technician can quickly and easily locate the equipment to be repaired. Additionally, the data contained within the AVM may provide valuable clues to solving any service-related problem. Technical walkthroughs may also be displayed on the service technician's smart device.

Abstract: A virtual fabrication environment for semiconductor device fabrication that includes an analytics module for performing process window optimization is discussed.

Abstract: A computer-implemented method of machine-learning is described that includes obtaining a dataset of virtual scenes. The dataset of virtual scenes belongs to a first domain. The method further includes obtaining a test dataset of real scenes. The test dataset belongs to a second domain. The method further includes determining a third domain. The third domain is closer to the second domain than the first domain in terms of data distributions. The method further includes learning a domain-adaptive neural network based on the third domain. The domain-adaptive neural network is a neural network configured for inference of spatially reconfigurable objects in a real scene. Such a method constitutes an improved method of machine learning with a dataset of scenes including spatially reconfigurable objects.

Abstract: The present invention is a method for real-time determination of the forces exerted by incident waves on a mobile part of a wave energy system. Models are constructed of the radiation force exerted on the mobile part and of the drag force exerted on the mobile part and a non-linear model of the wave energy system dynamics. The invention uses only measurements of the float kinematics (position, velocity and possibly acceleration) and of the force applied by a converter machine, which measurements are normally available on a wave energy system since they are used for control and supervision thereof. Determination of the excitation force exerted by incident waves on the mobile part uses the models, the measurements and an unscented Kalman filter.

Abstract: An integrated circuit and a method for designing an IC where the smallest repeatable block is selected, designed and tested to span across multiple die levels. The block is configured to be timing closed at the block level thereby reducing the overall complexity of the design and avoiding the limiting effects of the constrained EDA tools. The block may subsequently be repeated on multiple die to be stacked in an IC.

Abstract: A system for producing a data stream based on redundant information that has a first controller, a second controller and a circuit. The first controller outputs a first part of first data via a first data output. The second controller outputs a second part of second data via a second data output. The circuit combines the data that is output to form a data stream. The first controller reads in at least the second part of second data of the combined data stream. The second controller reads in at least the first part of first data of the combined data stream. The read-in second part of second data is compared with a second part of the first data and if the comparison indicates a deviation, to stop outputting data via the first data output and/or to block the forwarding of the data stream.

Abstract: An IC design data base generating method, including: receiving a condition parameter, which comprises a process parameter and an operating parameter range comprising at least one operating parameter; and testing at least one cell according to the process parameter and the operating parameter range to generate a delay value data base. The delay value data base comprises a plurality of delay values, wherein the plurality of delay values for an identical cell correspond to the operating parameter range with an identical type but different value. An IC design method using the delay value data base is also disclosed.

Abstract: A cell architecture and a method for placing a plurality of cells to form the cell architecture are provided. The cell architecture includes at least a 1st cell and a 2nd cell placed next to each other in a cell width direction, wherein the 1st cell includes a one-fin connector which is formed around a fin among a plurality of fins of the 1st cell, and connects a vertical field-effect transistor (VFET) of the 1st cell to a power rail of the 1st cell, wherein a 2nd cell includes a connector connected to a power rail of the 2nd cell, wherein the fin of the 1st cell and the connector of the 2nd cell are placed next to each other in the cell width direction in the cell architecture, and wherein the one-fin connector of the 1st cell and the connector of the 2nd cell are merged.

Abstract: Techniques are presented for the application of neural networks to the fabrication of integrated circuits and electronic devices, where example are given for the fabrication of non-volatile memory circuits and the mounting of circuit components on the printed circuit board of a solid state drive (SSD). The techniques include the generation of high precision masks suitable for analyzing electron microscope images of feature of integrated circuits and of handling the training of the neural network when the available training data set is sparse through use of a generative adversary network (GAN).

Abstract: The present disclosure provides a method for manufacturing a semiconductor structure. The method includes receiving a layout data representing information for manufacturing the semiconductor structure having a metal layer over a substrate. A first parasitic capacitance and a second parasitic capacitance are formed between the metal layer and the substrate. The method further includes determining a parasitic capacitance difference between a first region and a second region. The method further includes forming a dummy capacitor to minimize the parasitic capacitance difference. A system for manufacturing a semiconductor device is also provided.

Abstract: Methods and devices for rendering content are described herein. In some embodiments, the method may include receiving an email or other markup language based content. The method may create a document object model (DOM) corresponding to the content using an off screen browser. The method may cause the off screen browser to indicate that the DOM has been created before the off screen browser retrieves any external content. The method may extract a portion of the content from the DOM, and then render the portion of the content using predefined formatting rules.

Abstract: Methods and devices for rendering content are described herein. In some embodiments, the method may include receiving an email or other markup language based content. The method may create a document object model (DOM) corresponding to the content using an off screen browser. The method may cause the off screen browser to indicate that the DOM has been created before the off screen browser retrieves any external content. The method may extract a portion of the content from the DOM, and then render the portion of the content using predefined formatting rules.

Abstract: A display terminal is communicable with a management system that is configured to manage sound data based on content generated during a conducted event and manage text data converted from the sound data. The display terminal includes circuitry configured to: receive the sound data, the text data, and time information from the management system, the time information being information relating to generation time of the content; control a display to display the received text data in an order of the generation time based on the received time information; and accept editing of particular text data among the displayed text data. The circuitry is further configured to control the display to display the edited particular text data in place of the received particular text data.

Abstract: According to an embodiment, a document analysis device includes one or more hardware processors configured to function as a sentence extraction unit, an analysis unit, a neural network unit. The analysis unit generates, for each of sentences, initial element information representing an initial value of relevance to each of predetermined attribute items. The neural network unit receives sentence information and outputs execution result of a main task on the target document, for each of the sentences. The neural network unit includes an attention unit and a main task execution. The attention receives the sentence information and the initial element information, calculates an attention weight and outputs attention information according to the attention weight, for each of the sentences. The main task execution unit executes the main task based on the attention information for each of the sentences.

Abstract: The invention discloses a multi-hop attention and depth model, method, storage medium and terminal for classification of target sentiments. In said model, the combined two-dimensional lexical features (matrix3) produced by the first convolution operation module are used in each hop of attention calculation module and the attention weight information is continuously transmitted to sublayers; before calculation in the last hop, the one-dimensional lexical features input are weighted (by lexical vector weighting module) in the model with the attention (the first attention calculation module) before convolution operation (the second convolution operation module), to generate the weighted combined two-dimensional lexical features (matrix4) to be used in the final attention calculation.

Abstract: A system and method for automatically tagging customer messages using artificial intelligence models features a computer network, user computational device, database for storing customer messages, and server gateway in communication with the user computational device through the computer network (i.e., internet) and the database. The server gateway features an artificial system for processing, analyzing, and tagging customer messages. A user supplies customer messages by using the user computational device, which communicates with the server gateway. The server gateway processes the customer messages and sends them to the artificial intelligence system for analysis. The artificial intelligence system then analyzes these customer messages to determine the content by tagging words and phrases with industry specific tags (e.g. product feedback, product defects, shipping delays, etc) as well as tags based on sentiment type (e.g., negative, positive, neutral, sarcasm, mixed) and contact type (e.g.