Abstract: Embodiments of the present invention are directed to facilitating data model acceleration in association with an external data system. In accordance with aspects of the present disclosure, at a core engine, a search request associated with a data model is received. The data model generally designates one or more fields, from among a plurality of fields, that are of interest for subsequent searches. Thereafter, it is determined that an accelerated data model summary associated with the data model is stored at an external data system remote from the core engine that received the search request. The accelerated data model summary includes field values associated with the one or more fields designated in the data model. A search for the received search request is initiated using the accelerated data model summary at the external data. A set of search results relevant to the search request is obtained and provided to a user device for display to a user.

Abstract: A method and an apparatus for obtaining data, based on location information, are provided. The method includes receiving, from a user terminal, a first query request that is used to obtain object information, the first query request carrying location information of the user terminal, and querying, in response to a cache area being not empty, the cache area for hotspot data in an area range in which the location information of the user terminal is located, the hotspot data being information of an object included in the area range, and the hotspot data being cached in response to a frequency of query access occurring in the area range exceeding a predetermined threshold. The method further includes sending, to the user terminal, the hotspot data in the area range.

Abstract: A computer-implemented method comprises analyzing content sections on each of a plurality of open browser pages using natural language processing to identify one or more topics on each of the plurality of open browser pages; calculating a respective relevance score for each of the content sections; grouping each of the plurality of topics into one of a plurality of topic groups; calculating a respective group ranking for each of the plurality of topic groups based on the respective relevance score for each content section. The method further comprises, for each topic group, assigning the respective group ranking to all of the content sections corresponding to the respective topic group; and, for each of the plurality of open browser pages, selecting at least one content section having a highest group ranking and modifying a display of the respective open browser page to direct attention to the selected content section.

Abstract: A data processing method and apparatus are described. The method includes receiving a request which carries a user identifier (ID) from a user terminal. The method also includes determining all associated user IDs associated with the user ID. The method also includes selecting N particular user IDs which meet a set condition from all the associated user IDs, pulling latest user data corresponding to the N particular user IDs, and returning the latest user data corresponding to the N particular user IDs to the user terminal. Wherein N is smaller than or equal to a user data amount M requested by a page.

Abstract: A system and method system for providing auto-hyperlinking in endpoint content. A system includes email clients installed on remote client devices and managed by an application management service. The system further includes an auto-hyperlinking system having: a configuration file that regular expressions (regex's), wherein each regex is associated with an application and a URL template, and wherein each regex is coded to identify a string and parse an associated parameter; and a process that modifies an inputted email including: searching the inputted email for an email text string specified by the set of regex's; in response to locating a matching email text string as specified by an associated regex, parsing the matching email text string to extract a parameter value; and converting the email text string within the inputted email into a hyperlink based on an associated URL template, wherein the hyperlink includes the parameter value.

Abstract: A system and method connects multiple diverse publish-subscribe systems and a platform-independent interface that exchanges messages between publishers and subscribers. The system and method connects a software application and the platform-independent interface and exchanges multiple messages between two or more diverse publish-subscribe systems and the software application. The two or more diverse publish-subscribe systems run concurrently.

Abstract: According to one embodiment, a processing device includes: a first circuit configured to execute first processing using a first matrix to first data of a size of 5×5 within input data to generate second data; a second circuit configured to execute second processing using a second matrix to third data of a size of 3×3 to generate fourth data; a third circuit configured to execute a product-sum operation on the second data and the fourth data; and a fourth circuit configured to execute third processing using a third matrix on a result of the product-sum operation on the second data and the fourth data to obtain a first value corresponding to a result of a product-sum operation on the first data and the third data.

Abstract: Embodiments relate to a denominator circuit that determines the number of valid elements of a data surface covered by a kernel depending on various locations of the kernel relative to the data surface. The denominator circuit includes a first circuit and a second circuit that have the same structure. The first circuit receives numbers representing different horizontal locations of a reference point in the kernel and generates a first matrix with first output elements corresponding to the different horizontal locations. The second circuit receives numbers representing different vertical locations of a reference point in the kernel and generates a second matrix with second output elements corresponding to the different vertical locations. A matrix multiplication of the first matrix and the second matrix is performed to obtain an array of valid elements covered by the kernel.

Abstract: Presented herein are techniques for training a central/global machine learning model in a distributed machine learning system. In the data sampling techniques, a subset of the data obtained at the local sites is intelligently selected for transfer to the central site for use in training the central machine learning model. In the model merging techniques, distributed local training occurs in each local site and copies of the local machine learning models are sent to the central site for aggregation of learning by merging of the models. As a result, in accordance with the examples presented herein, a central machine learning model can be trained based on various representations/transformations of data seen at the local machine learning models, including sampled selections of data-label pairs, intermediate representation of training errors, or synthetic data-label pairs generated by models trained at various local sites.

Abstract: A disclosed method includes a data distribution computer receiving a data packet comprising a plurality of data values in response to an interaction between a resource provider and a user. The data distribution computer can then determine a data item for each data value of the plurality of data values and associate each data value to a processing computer using the data item for each data value. The data distribution computer can generate a plurality of authorization request messages comprising at least one data value. The data distribution computer can then transmit the plurality of authorization request messages to a plurality of processing computers adapted to process the data values in the respective authorization request messages, wherein the plurality of processing computers process the data values in the respective authorization request messages. The plurality of authorization request messages are subsequently forwarded to the authorization computer.

Abstract: One or more embodiments of the present specification provide methods and apparatuses for copyright allocation for a blockchain-based work, which are applied to a blockchain network that includes an original author client device, a co-creation participating user client device, and a first node device. The method includes the following: obtaining, by the first node device, a first target transaction from a distributed database of the blockchain, where the first target transaction includes co-creation participating behavior data of the co-creation participating user for a target work, and the target work is originally created by the original author; and invoking a smart contract corresponding to copyright allocation for the target work, executing logic declared in the smart contract for allocating a copyright share to the co-creation participating user based on the co-creation participating behavior data, and allocating a copyright share of the target work to the co-creation participating user.

Abstract: A method for remotely verifying a non-resident alien's identity, includes: receiving a request to establish a communication session from a user device; analyzing the request to determine whether the user device is compromised; in response to determining that the user device is not compromised, providing a page flow to the user device to solicit information from the non-resident alien, the information including identity information associated with a local foreign government identification document (ID), and other information not shown on the local foreign government ID; querying one or more foreign governmental data stores to identify foreign data associated with the non-resident alien based on a unique identifier associated with the local foreign government ID; comparing the information with the foreign data; and verifying an identity of the non-resident alien based on the comparing, wherein the verifying includes determining that at least one of the other information matches the foreign data.

Abstract: Systems and methods are provided for establishing personal connections in a network following secure verification of interested parties. The disclosed embodiments may involve a system comprising a memory and a processor. The disclosed embodiments may require unique sets of identification parameters of each user in order to ensure a user has been properly verified prior to use of the system.

Abstract: A system and method for authentication are described herein. An authentication request is received at a combiner proxy (350). The combiner proxy (350), is arranged to receive a user authentication request, receive one or more share values from one or more communications devices (330A, . . . , 330N) where each of the communications devices (330A, . . . 330N) stores at least one share value of a set of share values and determine if one or more share values that have been received from the communications devices (330A, . . . , 330N) meet a quantitative criteria. The combiner proxy (350) is arranged to authenticate the user if the received share values meet the quantitative criteria.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: A computer-implemented method and system for verifying the identity of a user in an identity authentication and biometric verification system which includes collecting information from the user regarding the user's identity, which is then electronically authenticated. Upon authentication, personal information regarding the verified identity of the user is retrieved from a source database which is used to verify the identity of the user, via user interaction. Upon successful verification and authentication, biometric data regarding the user is electronically collected.

Abstract: Techniques for managing secure login with authentication while viewing a unique code are described. In some examples, a requesting device displays a visual representation of data. An authenticating device detects the presence of the visual representation of data. The authenticating device prompts a user to provide authorization information at the authenticating device. The authenticating device receives a set of one or more inputs. The authenticating device transmits information authorizing access to content on the requesting device.

Abstract: A method of authenticating a user by means of a fingerprint authentication system comprising a finger sensing arrangement, comprising the following steps for each authentication attempt in a sequence of authentication attempts: receiving a touch by a candidate finger probe on the finger sensing arrangement; acquiring a candidate fingerprint image of the candidate finger probe; determining an authentication representation based on the candidate fingerprint image; retrieving a stored enrollment representation of an enrolled fingerprint of the user; determining a match score based on a comparison between the authentication representation and the enrolment representation; determining a liveness score for the authentication attempt; determining a qualification metric for the authentication attempt based on a relation between the liveness score for the authentication attempt and a liveness score for at least one previous authentication attempt; and determining an authentication result for the authentication attempt

Abstract: An authorization management method and apparatus, and an electronic device are provided. The method is applicable to a mobile terminal. A display screen of the mobile terminal is a bendable display screen and the display screen simultaneously displays an active authorization application and a passive authorization application. The method includes: monitoring whether the display screen is bent; and in a case that it is monitored that the display screen is bent, sending a first authorization confirmation instruction to the active authorization application such that the active authorization application provides an authorized account for the passive authorization application, and the passive authorization application acquires the authorized account from the active authorization application and performs a login through the account.

Abstract: Techniques for validating a user on an electronic device in an Internet of Things (IoT) environment are provided. An example of an apparatus according to the disclosure includes a transceiver configured to detect one or more proximate devices, and at least one processor operably coupled to the transceiver and configured to receive authentication information from the user, determine that the one or more proximate devices is at least one companion device, and validate the user based on the authentication information and a detection of the at least one companion device.

Abstract: The invention relates to a system for controlling access to a device protected by at least one pre-configured authentication factor, comprising an access control unit comprising a short-range wireless communication device, a module for receiving keys, a module for verifying authentication factors, at least one access path, and at least one controllable switch, configured to open or close the path for accessing the protected device in case of receiving an access authorisation coming from the verification module. The system further comprises an administration unit, adapted to allow to pre-configure each authentication factor and a user unit, configured to transmit at least one key to the module for receiving keys.

Abstract: Systems and methods for multi-factor authentication using graphical passwords. An access request that includes an identifier and which identifies a protected resource is received from a client device. An interface is generated having a plurality of graphical objects for presentation at random locations on a display of the client device as defined by an object map. The plurality of graphical objects include a null object and a set of user-defined objects associated with the identifier that define a graphical password. Input data including an input event for each detected interaction with the interface is received. Each input event identifies a position on the display at which a corresponding interaction was detected. Using the object map, it is determined that the input data satisfies the graphical password. Access to the protected resource is granted in response to determining that the input data satisfies the graphical password.

Abstract: An image capture device for a secure industrial control system is disclosed. In an embodiment, the image capture device includes: an image sensor; a signal processor coupled to the image sensor; and a controller for managing the signal processor and transmitting data associated with processed image signals to at least one of an input/output module or a communications/control module via a communications interface that couples the controller to the at least one of the input/output module or the communications/control module, wherein the controller is configured to establish an encrypted tunnel between the controller and the at least one of the input/output module or the communications/control module based upon at least one respective security credential of the image capture device and at least one respective security credential of the at least one of the input/output module or the communications/control module.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: Some embodiments described herein include a method to validate supply chains for electronic devices using side-channel information in a signature analysis. The method includes sending, to a target device, a first signal associated with a set of codes to be executed by the target device, and then receiving first side-channel information associated with the target device in response to the target device executing the set of codes. The method also includes determining second side-channel information associated with a simulated device in response to the set of codes. The method further includes comparing a discriminatory feature of the first side-channel information with a discriminatory feature of the second side-channel information to determine a characteristic of the target device based on a pre-determined characteristic of the simulated device. Finally, the method includes sending, to a user interface, a second signal associated with the characteristic of the target device.

Abstract: An information processing apparatus includes a controller that, in response to capturing of an operation target and an authentication object by an image capturing unit, controls notification of information used for operating the operation target.

Abstract: Security systems for microelectronic devices physically lock the hardware itself and serve as a first line of defense by preventing overwriting, modification, maniplation or erasure of data stored in a device's memory. Implementations of the security systems can respond to lock/unlock commands that do not require signal or software interactivity with the functionality of the protected device, and which therefore may be consistent across devices. In various embodiments, a security device passively “listens” on data lines of the protected device and, when a lock or unlock command is received (typically in conjunction with a valid authentication code), the security device physically blocks or allows passage of signals to and from the protected device.

Abstract: An embodiment of restricted command set management permits a storage controller to execute commands of a restricted command set if authorized. A command determined to be within the restricted command set is encrypted by a host prior to sending the encrypted command to a storage controller for execution. The command may be encrypted using a key shared between the host and the storage controller. The shared key may be generated by the host and encrypted by the host using a public key of a public-private key maintained by the storage controller. The encrypted shared key may be decrypted by the storage controller using the private key of the public-private key maintained by the storage controller. Execution of commands of the restricted command set is prevented absent proper decryption of the commands sent by the host. Other features and aspects may be realized, depending upon the particular application.

Abstract: Systems and methods for identifying unknown attributes of web data fragments during operation of a web browser with a web page. A security engine allows for the correct displaying of a web page in a browser when no information is available about the attributes of web data fragments for the web page by identifying the attributes of web data fragments for the web page.

Abstract: The disclosed computer-implemented method for executing decision trees may include (i) executing a security classification decision tree that classifies an input data item, (ii) gathering, simultaneously using a gather instruction, values for both a current threshold at a parent node of the security classification decision tree and a subsequent threshold at a child node of the parent node, (iii) gathering, simultaneously using the gather instruction, values for both a current measurement at the parent node and a subsequent measurement at the child node, (iv) comparing, simultaneously using a comparison instruction, the current threshold at the parent node with the current measurement at the parent node and the subsequent threshold at the child node with the subsequent measurement at the child node, and (v) performing a security action to protect the computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method of storage system operation, and related computer-readable media and storage system are disclosed. One or more processors or storage system controllers monitor accesses of blocks of storage memory of the storage system. The monitoring is to detect one or more characteristics of the accesses of the blocks. From the characteristic(s), it is determined the one or more accesses of the blocks are indicative of a malicious action. In response to such determining, the storage system performs a reaction action.

Abstract: Provided are a computer program product, system, and method for determining whether to destage write data in cache to storage based on whether the write data has malicious data. Write data for a storage is cached in a cache. A determination is made as to whether the write data in the cache comprises random data according to a randomness criteria. The write data in the cache to the storage in response to determining that the write data does not comprise random data according to the randomness criteria. The write data is processed as malicious data after determining that the write data comprises random data according to the randomness criteria.

Abstract: According to one embodiment of the present invention, a system provides security for a device and includes at least one processor. The system monitors a plurality of networked devices for a security risk. Each networked device is associated with a corresponding security risk tolerance. In response to a monitored security risk for one or more of the plurality of networked devices exceeding the corresponding risk tolerance, a network service is initiated to perform one or more actions on each of the one or more networked devices to alleviate the associated security risk. Embodiments of the present invention further include a method and computer program product for providing security to a device in substantially the same manner described above.

Abstract: Systems and methods for detecting replay attacks on a biometric-based authentication system are disclosed herein. In some embodiments, the method includes generating a command set causing a fingerprint sensor to sequentially conduct a scan of pixels in the fingerprint sensor, wherein the command set includes one or more replay attack detection commands causing the fingerprint sensor to capture replay attack detection data, sending the commands to the fingerprint sensor, receiving fingerprint data, and evaluating the fingerprint data for the replay attack detection data. In some embodiments, the one or more replay attack detection commands include repeating the scan of a selected row of pixels, providing insufficient bias to a selected row of pixels, and/or providing too much bias to a selected row of pixels. In some embodiments, the replay attack detection commands are randomly generated for each scan. Various other aspects of the technology are described herein.

Abstract: A computer-implemented method, a computer program product, and a computer system. The computer system installs and configures a virtual imitating resource in the computer system, wherein the virtual imitating resource imitates a set of resources in the computer system. Installing and configuring the virtual imitating resource includes modifying respective values of an installed version of the virtual imitating resource for an environment of the computer system, determining whether the virtual imitating resource is a static imitating resource or a dynamic imitating resource, and comparing a call graph of the evasive malware with patterns of dynamic imitating resources on a database. The computer system returns a response from an appropriate element of the virtual imitating resource, in response to a call from the evasive malware to a real computing resource, return, by the computer system.

Abstract: A code scanning system has a syntax generation component that receives source code and generates an abstract syntax tree file. The system includes a white list of permitted pure functions, and a black list of prohibited impure functions. In addition, the system includes a static code analyzer for performing static analysis of the source code. The static code analyzer includes a function analyzer that receives the AST file and identifies the functions. Each function is compared to the white list, and if it is present, marked as permitted in a static analysis file. If the function is not on the white list, it is compared to the black list. If it is present on the black list, it is marked as prohibited in the static analysis file. If the function is not on the white or black list, it is marked as “unknown” and subjected to manual analysis.

Abstract: An update management apparatus and an update verification apparatus and method of a control system. The update verification apparatus of the control system includes a file type classification unit for classifying one or more input update files into any one file type of a firmware file, a patch file, and another type of file; an integrity verification unit for verifying integrity of the update files based on the file types of the update files; and an update file generation unit for generating a final update file from the update files, the integrity of which has been verified.

Abstract: An example operation may include one or more of intercepting a command from a user to modify a source tree in a source control system, creating a child ledger associated with a master ledger when the intercepted command is destructive, seeking consensus among users of the source tree to approve execution of the intercepted command, merging the child ledger into the master ledger with a transaction describing the intercepted command, a commit tree history, and status of the consensus, and a tree hash, and merging execution results of the intercepted command into a history of the source tree.

Abstract: A method for programming a hearing assistive device includes requesting write access from a programming device to the hearing assistive device, sending, in response to the request, a first message from the hearing assistive device to a programming-rights-management server, generating, in the programming-rights-management server, a programming rights permission list, sending a second message containing the programming rights permission list from the programming-rights-management server to the hearing assistive device, transferring programming data in a programming session from the programming device to the hearing assistive device, writing the received programming data as control data sets permitted according the programming rights permission list received from the programming-rights-management server, and terminating the programming session once data writing has been completed.

Abstract: Various embodiments of methods and systems for a power and performance-optimized secure image load boot flow in a specialty metering device (“SMD”) are disclosed. An exemplary method includes a CPU that transitions into an idle state, such as a WFI state, for durations of time during a boot sequence that coincide with processing by a DMA engine. That is, the CPU may “sleep” while the DMA engine processes workloads in response to instructions it received from the CPU.

Abstract: A method and system for evaluating software tools that detect malicious hardware modifications is provided. In one embodiment, among others, a system comprises a computing device and an application. The application causes the computing device to at least receive hardware description language code that represents a circuit design and calculate a signal probability for one or more nodes in the circuit design. The application also causes the computing device to identify one or more rare nodes in the circuit design and generate a Trojan sample population. The application further causes the computing device to generate a feasible Trojan population and generate a Trojan test instance based at least in part on a random selection from the Trojan feasible population. Additionally, the application causes the computing device to generate modified hardware description code from the Trojan test instance.

Abstract: A method for exporting sensitive information an integrated circuit, the method comprising: fabricating an integrated circuit, the integrated circuit having a register-transfer level “RTL” key fabricated in the integrated circuit, wherein the RTL key is a pre-determined cryptographic key; signing the sensitive information using the RTL key using a signature; and exporting the signed sensitive information and the signature for validation.

Abstract: A semiconductor device for provisioning secure information of a demander includes a device key storage configured to store a device key provisioned by a supplier of the semiconductor device, a master key generator configured to generate, based on the device key and demander data provisioned by the demander, a master key of the demander by using a first operation shared with the supplier and a second operation shared with the demander, and a cryptographic engine configured to perform a cryptographic operation based on the master key.

Abstract: A combined object associated with a data chunk included in a request file is determined. An encryption key associated with the combined object and a corresponding chunk hash value associated with the data chunk are used to determine a corresponding chunk key associated with the data chunk. At least a locator to be used to retrieve the combined object and the corresponding chunk key associated with the data chunk are provided to a requesting system.

Abstract: Secure updating of programmable integrated circuits includes receiving, within the programmable integrated circuit, a configuration bitstream, inserting, using a processor of the programmable integrated circuit, a key into the configuration bitstream resulting in a modified configuration bitstream, encrypting, using the programmable integrated circuit, the modified configuration bitstream using the key resulting in an encrypted configuration bitstream, and storing the encrypted configuration bitstream in a boot memory for the programmable integrated circuit.

Abstract: A network communication stack running on relational processing circuitry performs control and maintenance actions on records from a database server managed by repository control circuitry. The database interaction layer of the communication stack accesses the records on the database server. The database interaction layer passes the accessed records to the data processing layer for parsing and storage as tabular entries. An operator may perform manipulations on the tabular entries using a command interface generated by the command layer of the communication stack using locally-defined interface parameters that are independent of characteristics of the database server. The data processing layer recompiles manipulated entries into an altered record. The database interaction layer sends the altered record back to the database server.

Abstract: A system includes an environment-aware storage drive comprising one or more storage medium with a location-based service wherein the environment-aware storage drive generates a signal containing information about a location of the storage drive relative to a geo-fenced area and updates a ledger unit of an event happening to the storage drive based on the signal, wherein the event is related to the current environment of the storage drive. The ledger unit keeps track of a number of events and/or data received from the environment-aware storage drive. A policy unit determines an expandable set of security policies for the storage drive triggered by the event and/or data, wherein the security policies specify access restrictions to the environment-aware storage drive based on its current environment. The policy unit transmits and enforces the set of security policies on the environment-aware storage drive to prevent data from being theft from the storage drive.

Abstract: A computing device includes a face detection module coupled to a webcam. The face detection module detects faces of viewers within a field of view of the webcam, provides images of the detected faces to a face identification service, and receives user IDs on the detected faces that have been identified. A document viewer module retrieves a document for display, with the document being retrieved based on a link to the document. A policy enforcement module receives the user IDs on the detected faces that have been identified, uses the link to the document to query metadata associated with the document to determine an access control list for the document, and compares the user IDs of the detected faces that have been identified to user IDs on the access control list to determine authorized viewers of the document. The policy enforcement module obscures display of the document if one of the identified faces is not authorized to view the document.

Abstract: The disclosed computer-implemented method for protection of storage systems using decoy data may include identifying an original file comprising sensitive content to be protected against malicious access and protecting the sensitive content. Protecting the sensitive content may include (i) processing the original file to identify a structure of the original file and the sensitive content of the original file, (ii) generating a decoy file using the structure of the original file and using substitute content in a location corresponding to the sensitive content of the original file, and (iii) storing the decoy file with the original file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method of providing a secure inter-domain data management platform based on blockchain technology allows a user to access files of one or more organizations based on the credentials of the user. The system includes at least one remote server and a network of computing nodes. The remote server is used to manage at least one group. The at least one group may be one or more intelligence or government organizations. The at least one group includes a plurality of member accounts. Each member account includes a member access level. The network of computing nodes is used to manage a blockchain system and to store a plurality of files. Each file includes a file access level. A user with a member account can access a file in accordance to the member access level of the member account and the file access level of the file.