Abstract: The present disclosure relates generally to techniques for efficiently performing operations associated with artificial intelligence (AI), machine learning (ML), and/or deep learning (DL) applications, such as training and/or interference calculations, using an integrated circuit device. More specifically, the present disclosure relates to an integrated circuit design implemented to perform these operations with low latency and/or a high bandwidth of data. For example, embodiments of a computationally dense digital signal processing (DSP) circuitry, implemented to efficiently perform one or more arithmetic operations (e.g., a dot-product) on an input are disclosed. Moreover, embodiments described herein may relate to layout, design, and data scheduling of a processing element array implemented to compute matrix multiplications (e.g., systolic array multiplication).

Abstract: A recording medium records a management program allowing a computer to execute a process of: obtaining a support request for first software including first individual information identifying a first device used by a user and a product name of the first software implemented in the first device; and referring to a storage storing second individual information identifying a second device in which second software in a support contract for the user is implemented; and in a case where the second individual information coincident with the first individual information in the support request is not stored in the storage and a number of pieces of the second individual information in the storage is smaller than a number of pieces of support indicating a number of pieces of software supportable based on the support contract, storing the first individual information in the support request to the storage as the second individual information.

Abstract: A method and system to manage application package installation in a multi-tenant system is provided. The method includes accessing metadata of an application package for distribution in the multi-tenant system, selecting a component of the application package with a permission guard in the metadata, evaluating permission guard logic to determine wither a target tenant in the multi-tenant system can install the component, and compiling and installing the component in response to the permission guard logic indicating the tenant of the multi-tenant system has met conditions to utilize the component.

Abstract: Systems and methods for redeeming digital files are disclosed. In particular, the systems and methods relate to localized sharing of digital files such that the digital file is degraded when the file is redeemed. The digital file can include a plurality of bits, and bits of the digital file can be removed upon each transfer and/or access of the digital file. When a quantity of bits in the digital file falls below a predetermined threshold, the digital file can be deactivated. The systems can include an application that degrade the digital file. The degradation can include file compression, bitrate reduction, and/or removal of parity bits from the digital file. Security measures, such as private/public encryption keys, are also disclosed herein.

Abstract: A device for validating authorization key obfuscation in a continuous integration (CI) pipeline codebase is presented. The device comprises a transceiver, one or more memories, and one or more processors interfacing with the transceiver and the one or more memories. The one or more processors are configured to receive an update to the CI pipeline codebase. The update may include an authorization key, which the one or more processors store in the one or more memories. The one or more processors may perform a build process to integrate the update into the CI pipeline codebase. The build process may include an obfuscation, which creates an obfuscated CI pipeline codebase. The one or more processors may also scan the obfuscated CI pipeline codebase to determine a presence or an absence of the authorization key.

Abstract: A method for detection of modification of an item of content, the method comprising: obtaining, for the item of content, a respective first value of each attribute in a set of one or more attributes of the item of content, the set of one or more attributes selected such that, for each of one or more predetermined types of modification, said type of modification affects the value of at least one attribute in the set of one or more attributes; performing a watermark decoding operation on the item of content; and in response to the watermark decoding operation producing payload data from the item of content: determining that the one or more predetermined types of modification have not been applied to the item of content if, for each attribute in the set of one or more attributes, the respective first value for that attribute matches a respective second value for that attribute determined using the payload; or determining that a modification has been applied to the item of content if, for at least one attribute i

Abstract: A screen unlocking method and apparatus, and a computer device and a storage medium. The method comprises: obtaining interactive information generated when a user performs a predetermined operation; dynamically updating the generated interactive information to a pre-built interactive information database; upon receiving a screen unlocking request, invoking first interactive information in the database according to a first predetermined mode; generating an unlock tag according to said first interactive information; generating, according to the unlock tag, multiple interference tags that are different from the unlock tag; and sending the unlock tag and the multiple interference tags to a terminal device for display, receiving a user's operation for triggering the unlock tag, and unlocking a screen.

Abstract: A method, system and software for control of data, particularly although not exclusively personal data, through the use of digital fingerprints enables a person to “opt in” to a system containing data about him and secure that data by a biologically-based digital fingerprint (such as of his hand or face). In another case, a user may be automatically (involuntarily) inducted into a system. Either way, the present disclosure enables a user to opt out of the system, again using his digital fingerprint. Upon execution of an opt out process, his digital fingerprint is removed from the system, along with any data solely pertaining to that user.

Abstract: Systems for enhanced security using biometric controls are provided. A user may launch an application on a user device and one or more rules or instructions may be executed activating enhanced security functions for the application. As the user interacts with a touch screen display of the device, user input including biometric data may be captured. The biometric data may be compared to pre-stored biometric data of the user. If the biometric data matches the pre-stored data, the system may capture additional user input and biometric data and analyze that data to verify the user. If the biometric data does not match the pre-stored data, functionality and/or accessibility of the application may be modified. The system may continue to capture user input and/or biometric data and if the registered user's data is again recognized, the functionality and/or accessibility may again be modified to provide access to the registered user.

Abstract: Systems and methods are provided involving a user authentication system. The authentication system may involve a mobile device, computing device and/or server and may grant access to digital systems, applications, and content. The authentication system may also involve a mobile device, interface device, secure system and/or server and may grant access to digital systems, applications including document execution applications and content, computing systems and devices and physical locations using only the user's mobile device and/or a computing device. The authentication system may also be used for establishing symmetric encryption between two devices or may be used to identify and authenticate a customer. The mobile device may run a mobile application that performs the authentication functionality using biometric data, which may be obtained on the mobile device and which may be stored on one or more devices of the authentication system.

Abstract: A method for a protected sharing of data saved in a hearing system, which comprises at least a hearing device used by a hearing device user, with a third party device is presented. The method comprises: storing a definition of a first trusted party and of a second trusted party in the hearing system; providing a sharing request for the data to be shared to a device of the first trusted party and to a device of the second trusted party; generating a first sharing approval by the device of the first trusted party and a second sharing approval by the device of the second trusted party; and sharing the data with the third party device upon generation of the first and the second sharing approval.

Abstract: A method for biometric authentication has the steps of sending a confidential communication to an intended recipient through the system, the intended recipient providing one or more biometric identifiers to view the communication, wherein the one or more biometric identifiers are unique to the intended recipient, the system verifying the one or more biometric identifiers against one or more stored biometric identifiers, the system accepting the one or more biometric identifiers further has the steps of the system displaying the confidential communication on the mobile device, and the user continues to provide the one or more biometric identifiers, the system continuously verifying the one or more biometric identifiers while the communication is displayed wherein when the verification is uninterrupted of fails the communication is hidden.

Abstract: A head-mounted device (HMD) may be used to determine an access request for accessing a device. An identifier identifying the device may be received at the HMD and from the device. By verifying receipt of the identifier at the HMD, and that access rights associated with the HMD enable granting of the access request, the access request may be granted.

Abstract: A method for executing a machine learning (ML) application in a computing environment includes receiving a secret from a trusted execution environment (TEE) of a user computing device into a TEE of a server. The user computing device is authenticated by an identity and access management service. The TEE validates the secret against a time-limited token. The method further receives from a TEE of a model release tool a model encryption key bound to the ML application. The method receives into the TEE of the server, an ML model of the ML applications encrypted with the MEK. The method decrypts using the MEK the ML model. The method receives into the TEE of the server the ML application and a descriptor of the ML application encrypted by a cryptographic key derived from the secret. The method executes the ML application using the ML model and the descriptor.

Abstract: The described technology provides for plural application processes including at least one application in a browser to reliably acquire device information that can be used by other processes to accurately determine whether the plural applications are running on the same client device and/or are associated with aspects of the same client device. The more reliable determination of the devices associated with respective application processes can be used for various purposes such as, for example, user access management capabilities such as improved single sign-on (SSO) capability and/or improved multiple login prevention (MLP) capability.

Abstract: Various systems and methods for implementing reputation management and intent-based security mechanisms are described herein.

Abstract: A method, system, and computer program product for adaptive network provisioning. The method may include storing a plurality of use case records in a use case repository, where each use case record provides a diagnostic definition of a security threat to a SIEM environment. The method may also include storing metadata for a plurality of attributes of subscribers to the SIEM environment. The method may also include storing use cases that the subscribers have deployed from the use case repository. The method may also include setting up a new subscriber, where setting up the new subscriber includes: receiving a set of attributes of the new subscriber; searching a metadata store to identify subscribers with attributes that are similar to the set of attributes; and selecting an initial set of use cases for the new subscriber based on use cases deployed by the identified subscribers.

Abstract: An action plan estimation apparatus 10 includes: an information acquisition unit 11 that acquires an operation log indicating an operation and a context information indicating a status of the operation for each operation performed by a software on a computer system, a group generation unit 12 that divides each of the operation logs into groups based on a similarity between the context information, an action plan estimation unit 13 that executes abduction for each group by applying knowledge data indicating a relationship between an action plan executed by the software and an operation of the software to the operation log included in the group, and uses the result of the abduction to estimate an action plan to reach a preset target state, that is executed by the software from which the operation log is acquired, based on the operation indicated by the operation log included in the group.

Abstract: Responding to incidents includes creating a playbook of tasks based on a first document constituting an authority, such that at least some of the tasks are completed in response to incidents. A new version of the playbook is created based on differences between the first document and a second document constituting a revision of the authority. Responsive to a first incident, the new version of the playbook is used to respond to the first incident. Creating the new version of the playbook includes at least one of excluding a first task of the playbook from the new version, adding an updated task of a second task of the playbook to the new version, or adding a third task to the new version.

Abstract: Machine learning fraud resiliency using perceptual descriptors is described. An example of a computer-readable storage medium includes instructions for accessing multiple examples in a training dataset for a classifier system; calculating one or more perceptual hashes for each of the examples; generating clusters of perceptual hashes for the multiple examples based on the calculation of the one or more perceptual hashes for each of the plurality of examples; obtaining an inference sample for classification by the classifier system; generating a first classification result for the inference sample utilizing a neural network classifier and generating a second classification result utilizing the generated clusters of perceptual hashes; comparing the first classification result with the second classification result; and, upon a determination that the first classification result does not match the second classification result, determining a suspicion of an adversarial attack.

Abstract: Methods, systems and computer programs are presented for classifying malware using audio signal processing. One method includes an operation for converting a non-audio data file to an audio signal. Audio features are extracted from the audio signal and are used to classify the non-audio data file.

Abstract: Malware uses various techniques to detect a sandbox environment so that malicious code can avoid execution in closely monitored contexts that might otherwise trigger detection and remediation. A security system is dynamically updated to exploit these anti-sandbox techniques, e.g., by causing endpoints to mimic sandbox environments in a manner that discourages malware execution on the endpoint, and by updating sandboxes to alter or hide sandbox detection triggers.

Abstract: In an example method, one or more processors determine that a first data storage device has been communicatively coupled to a first computer system, determine that the first computer system is associated with a first geographical location, determine that the first data storage device is associated with a first user, determine that the first user is associated with one or more additional data storage devices, and determine usage data regarding the one or more additional data storage devices. Further, the one or more processors control a transmission of data between the first data storage device and first computer system based on the first geographical location and the usage data.

Abstract: One or more computer processors determine a tolerance value, and a norm value associated with an untrusted model and an adversarial training method. The one or more computer processors generate a plurality of interpolated adversarial images ranging between a pair of images utilizing the adversarial training method, wherein each image in the pair of images is from a different class. The one or more computer processors detect a backdoor associated with the untrusted model utilizing the generated plurality of interpolated adversarial images. The one or more computer processors harden the untrusted model by training the untrusted model with the generated plurality of interpolated adversarial images.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for detecting a malicious process by a selected instance of an anti-malware system. The method includes one or more processors examining a process for indicators of compromise to the process. The method further includes one or more processors determining a categorization of the process based upon a result of the examination. In response to determining that the categorization of the process does not correspond to a known benevolent process and a known malicious process, the method further includes one or more processors executing the process in a secure enclave. The method further includes one or more processors collecting telemetry data from executing the process in the secure enclave. The method further includes one or more processors passing the collected telemetry data to a locally trained neural network system.

Abstract: Disclosed embodiments provide systems and methods that can be used as part of or in combination with autonomous navigation, autonomous driving, or driver assist technology features. As opposed to fully autonomous driving, driver assist technology may refer to any suitable technology to assist drivers in the navigation or control of their vehicles. In various embodiments, the system may include one or more cameras mountable in a vehicle and an associated processor that monitors the environment of the vehicle. In further embodiments, additional types of sensors can be mounted in the vehicle and can be used in the autonomous navigation or driver assist systems. These systems and methods may include the use of a shared cache that is shared by a group of processing units to improve analysis of images captured by the one or more cameras.

Abstract: Provided are systems, methods, and computer-readable medium for identifying security risks in applications executing in a cloud environment. In various implementations, a security monitoring and management system can obtain application data from a service provider system. The application data can include a record of actions performed by an application during use of the application by users associated with a tenant. The application executes in a service platform provided for the tenant by the service provider system. In various implementations, the application data is analyzed to identify an event associated with a security risk, where the event is identified from one or more actions performed by the application. The system can determine an action to perform in response to identifying the event. In various examples, an agent executing on the service platform can add instrumentation codes used by the application, where the instrumentation provides the application data.

Abstract: An information handling system includes a general storage for storing application data of applications hosted by the information handling system. The information handling system also includes a management storage for storing management data used to manage operation of the information handling system. The information handling system further includes a management storage manager that obtains data for storage in the management storage; encrypts the data to obtain encrypted data and authentication data for the encrypted data; generates error correction code data for the encrypted data and the authentication data; and stores, as a new record, the encrypted data, the authentication data, and the error correction code data in the management storage.

Abstract: A method for determining authenticity of a component in an imaging device is disclosed. Embodiments of the present disclosure provide for a method for a device to use an electronic authentication scheme to authenticate a second device while overcoming vulnerabilities associated with sending data over a communication bus when performing authentication, by using information other than that transmitted over the shared bus as authentication parameters. Embodiments utilize the current drawn by a chip from a power source when the chip performs an operation in response to a command as an authentication parameter.

Abstract: A system and computer program product for the unified viewing of roles and permissions includes selecting an end user accessing data in a data processing system and determining an assigned role for the end user. The assigned role may then be deconstructed into a hierarchy of nested roles, and, for each of the nested roles, corresponding permissions may be determined. Thereafter, for each of the corresponding permissions, dependent other permissions may be identified. Finally, a dashboard user interface may be generated and displayed to as to include both the hierarchy of nested roles and also the listing the corresponding permissions along with the identified dependent other permissions.

Abstract: An information system is provided that enables stakeholders to define a secure data object that sets permissions, rules, and rights for an asset. The secure data object may be communicated to entities, such as computer hosts or hardware agents, and the entities are enable to act within the permissions, rules, and rights to conduct transactions and gather information as agents of the stakeholders. The secure data object may be received into a hardware agent attached to an asset, and the agent may have sufficient permission to monitor environmental conditions, adjust pricing, consummate a transaction, or communicate a report.

Abstract: A system for secure sharing of documents via a content management repository is provided. The system includes a content management unit, a filtering unit, a graphical user interface, and a memory communicatively coupled to the content management unit. The content management unit is configured to receive content restriction rules for content stored in the content management repository. The content management unit is further configured to inject the content restriction rules into policy rules. The content management unit is configured to intercept an Application Programming Interface call for the content from a user. The filtering unit is configured to dynamically filter the content based on the content restriction rules. The graphical user interface is configured to render the filtered content to display the filtered content to the user.

Abstract: Systems and methods for encrypting and decrypting data sent to and received from a peripheral device physically coupled to a hardware interface of a user equipment. In some examples, the user equipment may include an encrypting/decryption component that is configured to physically between a hardware interface of the user equipment and the other components of the user equipment. The encrypting/decryption component may be configured to receive a plurality of encryption/decryption schemes from a remote system. The encrypting/decryption component may select and apply one or more of the plurality of encryption/decryption schemes to data being downloaded and/or uploaded to the peripheral device.

Abstract: Embodiments of the present disclosure relate to technical fields of deep learning and intelligent search, and particularly, provide a page processing method and device, an electronic apparatus and a computer-readable medium. The method includes: determining a plurality of layout object nodes of a page, according to an obtained Hypertext Markup Language (HTML) file; filtering the plurality of layout object nodes according to a preset recall rule to obtain a layout object node satisfying the recall rule, after laying out the plurality of layout object nodes of the page; predicting whether the layout object node satisfying the recall rule is a designated target node; and shielding the designated target node, and generating a shielded page based on remaining layout target nodes after the shielding.

Abstract: Examples described herein relate to offload circuitry comprising one or more compute engines that are configurable to perform a workload offloaded from a process executed by a processor based on a descriptor particular to the workload. In some examples, the offload circuitry is configurable to perform the workload, among multiple different workloads. In some examples, the multiple different workloads include one or more of: data transformation (DT) for data format conversion, Locality Sensitive Hashing (LSH) for neural network (NN), similarity search, sparse general matrix-matrix multiplication (SpGEMM) acceleration of hash based sparse matrix multiplication, data encode, data decode, or embedding lookup.

Abstract: A return address of a caller of a software function within an access control component is determined, the caller comprising a software component seeking access to a protected resource protected by the access control component. From the return address, a filename of the caller is determined. Responsive to determining that the filename is included in a set of filenames of components allowed to access the protected resource, the caller is allowed to access the protected resource.

Abstract: In some examples, a system for server-side rendering of password-protected files can receive, from a client device, a request to view a file on the system, determine that the file should be converted to a different format prior to presentation at the client device, and determine that the file is a password-protected file. The system can send a response to the client device indicating the file is a password-protected file. In response to receiving the password from the client device, the system can generate, based on the password, a preview of the password-protected file including at least a portion of the password-protected file rendered in the different format. After generating the preview, the system can store an encrypted copy of the preview in storage for future requests, and send the preview to the client device.

Abstract: The present invention generally relates to mental performance monitoring of brain activity that implements computing using blockchain and artificial intelligence technologies. Specifically, this invention relates to creating a blockchain from data obtained from a mental performance monitoring device that measures in real-time the mental activity and applying artificial intelligence machine-learning for pattern recognition of ‘best performance’ envelope to raise work efficiency, certify cognitive biometric status, detect cerebral microemboli, perform motor, sensory, facial, object and color processing tasks.

Abstract: A first server computing device, including a processor configured to receive, from a first application instance, a first access request for a file. The first access request may include a first modification privilege request and a modification privilege sharing request. The processor may determine that the file is not locked for editing and grant the first application instance access to the file with modification privileges indicated by the first modification privilege request and without modification privilege sharing permissions indicated by the modification privilege sharing request. The processor may set the file to be locked for editing. The processor may receive, from a second application instance, a second access request including a second modification privilege request. The processor may determine that the file is locked for editing and deny the second application instance access to the file.

Abstract: A search index is generated from one or more data records, wherein the one or more data records have contents in a plurality of different fields. Field information of the one or more data records is stored in the search index as specialized indexed elements, wherein the specialized indexed elements overlap with other indexed elements of the one or more data records. A search query is received from a user allowed to access only a portion of the plurality of different fields. The search query is processed within the portion of the plurality of different fields using the search index including the specialized indexed elements.

Abstract: The disclosure relates to a control of a data network with respect to a use of a distributed database. In this case, a capacity of computing resources of a plurality of computing units of the data network is acquired. The operation of the data network with respect to the use of the distributed database is controlled as a function of the capacity of the computing resources.

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes receiving, by a cross-account, a grant to access a share object comprising a secure view and usage functionality associated with a secure user-defined function (UDF) to underlying data. The method includes accessing, by the cross-account, the share object using the grant. The method includes sending a request to a share component to cause the share component to implement the secure view and the usage functionality associated with the secure UDF. The method includes sending a query to the share component to cause the share component to implement the secure UDF.

Abstract: An object of the present invention is to provide a personal information protection apparatus, a personal information protection method, and a program that make it possible to easily control a range of personal information to be provided to an application. The personal information protection apparatus according to the present invention performs machine learning on terms of use, classifications, and access settings of applications installed in a terminal, and holds them as a user policy, and when an attempt is made to change the access settings of a certain application, presents, to the user, recommended settings based on the user policy. When the user changes access settings of an application based on a policy that is different from the prior and existing policy, this personal information protection apparatus performs learning on the user policy again using the changed access settings.

Abstract: Techniques and architectures to manage personal data. Permissions are maintained information for one or more portions of the electronic personal record. Connection information for the one or more portions of the electronic personal record are maintained. At least one of the one or more portions of the electronic personal record information from a static document provided by the user and dynamic information obtained via an integration with an external data source. The one or more processors further to evaluate claims on portions of the electronic record from providers utilizing attribute-based security mechanisms. The corresponding portions of the electronic personal record are selectively provided in response to results of the evaluation.

Abstract: A system and method are disclosed for monitoring rides in a vehicle in which a driver of the vehicle picks up a rider at a pickup location and drives the rider to a drop-off destination. The system includes at least one sensor arranged in the vehicle and configured to capture sensor data during the rides, a transceiver configured to communicate with a personal electronic device of a driver of the vehicle, a non-volatile memory configured to store data; and a processor. The system captures sensor data during a ride, receives a ride identifier from the personal electronic device that uniquely identifies the ride, and stores the sensor data captured during the ride with the ride identifier as metadata.

Abstract: Selectively presenting information by generating a dictionary including information categorized as sensitive according to a participant's characteristic, generating a display matrix including display rules according to the participant's characteristics, detecting sensitive data in a presentation stream, determining display coordinates for the sensitive data, determining a presentation status for the sensitive data according to the participant's characteristics, the dictionary, the decision tree and the display matrix, and masking the presentation of the sensitive information according to the presentation status and the display coordinates.

Abstract: A technology that generates a set of generalization hierarchies that reduces information loss when generalizing any kind of data that does not necessarily have a numerical meaning. Included is a second generation part that generates a second generalization hierarchy set that satisfies a predetermined property with respect to a generalization target data set and a generalization hierarchy set (in which the generalization hierarchy set contains a generalization hierarchy including any of the generalization target data included in the generalization target data set as at least one element), and provided that M is the maximum value of the length of the generalization hierarchies included in the generalization hierarchy set, D is a predetermined integer equal to or greater than 1 and less than or equal to M, and D? is a predetermined integer equal to or greater than D and less than or equal to M.

Abstract: A building system for operating a building and managing private building information includes a processing circuit configured to receive a request for information for a building entity of a building entity database. The processing circuit is configured to select one of the mask templates from the entity database based on access values associated with the requesting device and a relational link between the building entity and the mask templates, retrieve private information for the building entity in response to a reception of the request for the information, and generate a masked information data structure based on the private information and the one of the mask templates.

Abstract: Systems, methods, and computer-readable media are provided for signing and executing graphics processing unit (GPU) commands. In some examples, a method can include receiving, by a GPU, one or more commands including one or more verification signatures generated using a processor, each verification signature of the one or more verification signatures including a first value generated based on the one or more commands; generating, by the GPU, one or more additional verification signatures associated with the one or more commands, wherein each verification signature of the one or more additional verification signatures includes a second value generated by the GPU based on the one or more commands; and determining, by the GPU, a validity of the one or more commands based on a comparison of the one or more verification signatures and the one or more additional verification signatures.

Abstract: A method comprises identifying a sensitive heap allocation for a sensitive data object in memory, and encrypting the data object using a first encryption key, different from a second encryption key used to encrypt one or more non-sensitive data objects in the memory, to provide cryptographic isolation between the sensitive data object and the one or more non-sensitive data objects.