Abstract: A bus filter driver and security agent components configured to retrieve and analyze firmware images are described herein. The bus filter driver may attach to a bus device associated with a memory component and retrieve a firmware image of firmware stored on the memory component. The bus filter driver may also retrieve hardware metadata. A kernel-mode component of the security agent may then retrieve the firmware image and hardware metadata from the bus filter driver and provide the firmware image and hardware metadata to a user-mode component of the security agent for security analysis. The security agent components may then provide results of the analysis and/or the firmware image and hardware metadata to a remote security service to determine a security status for the firmware.

Abstract: Embodiments support secure booting of an IHS (Information Handling System) based on validation of the secure assembly and delivery of the IHS. A validation process of the IHS is initialized that delays further booting of the IHS until detected hardware components of the IHS are validated. An inventory certificate is retrieved that was uploaded to the IHS during factory provisioning of the IHS. The inventory certificate includes an inventory that identifies hardware components installed during factory assembly of the IHS. A collected inventory of detected hardware components of the IHS is compared against the inventory from the inventory certificate in order to validate the detected hardware components of the IHS as the same hardware components installed during factory assembly of the IHS. When the comparison validates the detected hardware components of the IHS as only including factory assembled hardware, further booting of the IHS is allowed.

Abstract: Systems and methods for facilitating an analysis of software vulnerabilities are described. The system receives a first request to present software vulnerabilities of a virtual machine on a production machine. The system receives a first request to present software vulnerabilities of a virtual machine on a production machine. The first request includes a first selection including a virtual machine identifier identifying the virtual machine on the production machine. The software vulnerabilities include a first software vulnerability. The system presents a first electronic user interface including software vulnerabilities for the virtual machine. The system receives a second request including a second selection identifying a first software vulnerability. The system presents a second electronic user interface including presenting recovery point identifiers corresponding to snapshot images stored on a database.

Abstract: Systems and methods for preventing vulnerable software assets from being deployed by modifying the underlying source code in such a way that a build of the software asset will fail. In one aspect of the present disclosure, a system for securing software artifacts in a repository comprises a repository interface communicably coupleable to a software repository to retrieve an original artifact usable for building a software asset, and to replace the original artifact in the software repository with a modified artifact. A security scanner is configured to initiate a security scan of the original artifact and produce an output indicating the presence of a security vulnerability in the original artifact. An encoder is configured to reversibly modify the original artifact to produce the modified artifact, the modified artifact unusable for building the software asset.

Abstract: Systems and methods are disclosed that predict whether a configuration item of a service provider cloud infrastructure client instance has a vulnerability, prior to scanning for the client instance for the vulnerability. In particular, operating system and/or application information of the vulnerability may be compared to that of the configuration item, operating system and/or application information of past vulnerabilities may be compared to that of the vulnerability, additional vulnerabilities that are solved by solutions that remedy the vulnerability may be compared to the configuration, and/or a machine-learning model may be trained to determine how similar past vulnerabilities of the configuration item are to the vulnerability. Based on one or more of these comparisons, a predicted vulnerable item may be generated that indicates that the configuration item is subject to the vulnerability.

Abstract: The present disclosure provides a memory test method. The method includes: determining a refresh cycle T, a designed attack resistance frequency F, and a single row read time t of a target repository; determining an attack row quantity N based on the refresh cycle T, the designed attack resistance frequency F, and the single row read time t; determining a group of target attack rows in the target repository based on a value of the attack row quantity N, where the group of target attack rows include N target attack rows, and at least two of the N target attack rows are spaced apart by one row; detecting, after reading the N target attack rows for X consecutive times, whether data exception occurs in all adjacent rows of the target attack rows, to complete one attack test.

Abstract: In some embodiments, a network node for securing physical assets may be provided. The network node may include a processor and a memory storing instructions. The network may be configured to: receive, from a first entity, a cryptographic data structure configured to identify a physical item stored in a secured location; in response to receiving the cryptographic data structure, generate and transmit to the first entity a plurality of fungible cryptographic items; secure the cryptographic data structure on a public data structure, such that the cryptographic data structure cannot be released unless the plurality of fungible cryptographic items are received; receive, from a second entity, the plurality of fungible cryptographic items; and in response to receiving the plurality of fungible cryptographic items, transmit to the second entity the cryptographic data structure.

Abstract: System and methods for synchronizing and encrypting profile information are provided. A method establishes a first browser instance on a first virtual machine being in communication with a first browser profile sync and encrypt agent. The method also establishes a second browser instance on a second virtual machine. The method may use the first browser profile sync and encrypt agent acting through a profile helper service to encrypt profile changes involving the first browser instance on an encrypted master profile and use the second browser profile sync and encrypt agent acting through the profile helper service to encrypt profile changes involving the second browser instance on the encrypted master profile. The method maintains a browser profile persistence for the first browser instance and for the second browser instance, using the encrypted master profile, on a single on-disk profile.

Abstract: A logic circuit for generation of data signatures and/or encryption of data packets to be transferred from an industrial controller snoops data as it is written to an output buffer within the industrial controller. The logic circuit generates a secure signature and/or coordinates encryption of the data packet being transferred between the shared memory location and the output buffer. If encryption of the data is required, an encryption module may both encrypt the data and generate a secure signature. If encryption is not required, the logic circuit generates the secure signature. In either case, the logic circuit controls ownership of the memory address in which the secure signature is to be written to coordinate with the MAC transferring the secure signature to the output buffer, providing a uniform interface between the SPP module and the MAC.

Abstract: A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

Abstract: A computer-implemented method, in which an access request in relation to data is received. There is Error Correcting Code (ECC) data relating to the data, and the ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. The ECC data is configured to enable correction of multiple-bit errors spanning up to a predetermined number of consecutive bits of the data. A first integrity verification verifies the integrity of at least the data. If the first integrity verification procedure fails, an error analysis procedure is performed based on the data and the ECC data. Responsive to generation of corrected data by the error analysis procedure, a second integrity verification verifies the integrity of the corrected data. If the second integrity verification is successful, the access request is allowed using the corrected data.

Abstract: A system includes one or more privacy vaults. At least one of the one or more privacy vaults is associated with at least one individual user, stores contents associated with the associated at least one individual user, and stores specific identification of a plurality of third-party entities, authorized to access at least a portion of the contents stored by the one or more privacy vaults, along with access permissions, one or more of the access permissions defined for each of the plurality of third-party entities. At least one of the access permissions defines accessibility of the contents for at least one of the plurality of third-party entities for which the at least one access permission is defined.

Abstract: Methods and systems for managing and/or processing a blockchain to maintain data security for confidential and/or personal data are provided. According to certain aspects, the disclosed data security techniques may enable access sharing functionality utilizing the blockchain. For example, access sharing may be utilized to share policy information. The policy information may be associated with a smart contract. Accordingly, the policy information may be encrypted using a public key for the smart contract and compiled into a block of the blockchain. In response to a request to provide access to the information to a particular node, the private key for the smart contract may be encrypted using the public key for the particular node and compiled into a block of the blockchain.

Abstract: A method and an apparatus for authority control, a computer device, and a storage medium, and relates to the field of the Internet technologies. The method includes: acquiring a configuration file according to a business scenario when a container is initialized, wherein the configuration file is managed outside the container; validating the configuration file in the container; receiving a user instruction; and identifying a type of the user instruction when the user instruction is an executable instruction. The method further including acquiring script content of a script file when the type of the user instruction indicates that the user instruction is the script file, wherein the script content includes at least one command statement; and performing a validity check on the at least one command statement based on the configuration file.

Abstract: A first entity having a first set of tagged data and a second entity having a second set of tagged data share data that is selected based on a set of common tags present in both the first and second sets of tagged data. The set of common tags is determined using a private set intersection protocol that, in many examples, preserves the privacy of the two entities. In an embodiment, each entity identifies a set of data objects associated with the set of common tags, and another private set intersection protocol is performed to identify a set of common data objects available to both entities. Each entity provides, to the other entity, those data objects associated with the set of common tags that are not in the set of common data objects available to both entities thereby providing a matching set of data objects to both entities.

Abstract: A method for authorizing operation permissions of form data is disclosed in the present invention, including a step of selecting form data, where one or more pieces of form data, operation permissions of which need to be authorized are selected; a step of selecting a grantee, where one or more grantees to which operation permissions need to be authorized are selected; and a step of authorizing operation permissions, where the operation permissions of the selected form data are authorized to the selected grantee.

Abstract: A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.

Abstract: According to some implementations, a data policy compliance service causes the display of a dashboard, wherein the dashboard identifies a first geographic region in which there is a datacenter hosting an organization instance of a customer of a cloud-based software provider. Responsive to user interaction, the data policy compliance service causes the display of the dashboard to reflect information regarding a possible migration of the organization instance from the first geographic region to a second geographic region of the plurality of geographic regions. The information includes a set of one or more compliance assessment metrics reflecting a level of compliance of the organization instance with data privacy and/or data security laws, regulations, and/or policy.

Abstract: One example method of operation may include identifying a code segment accessed during a code access event, scanning code of the code segment to identify a degree of sensitivity of the code, appending a code access annotation to the code segment based on detected actions performed to the code during the code access event, and updating a code log to identify the code access annotation.

Abstract: Entity models are used to evaluate potential risk of entities, either individually or in groups, in order to evaluate suspiciousness within an enterprise network. These individual or aggregated risk assessments can be used to adjust the security policy for compute instances within the enterprise network. A security policy may specify security settings such as network speed, filtering levels, network isolation, levels of privilege, and the like.

Abstract: A method of controlling use of network-connectable devices is provided. First network requests from a first user device executing a first operating system are monitored, and applications operating in the foreground on the first user device during the first network requests are monitored. A model is trained based on the first network requests and based on the applications respectively operating in the foreground on the first user device during the first network requests. Second network requests from a second user device executing a second operating system are monitored, and the model is applied to the second network requests from the second user device to determine a particular application operating in the foreground on the second user device. A function of the second user device is restricted based on the determining of the particular application operating in the foreground on the second user device.

Abstract: A system and a method are disclosed for receiving a request for a user to perform a plurality of activities with respect to a secure document. The system determines requirements for performing each respective activity of the plurality of activities. The system retrieves profile data for the user, and determines based on the profile data a subset of the activities directed to achieving a result that is reflected in the profile data. The system transmits a modified version of the request to the user, the modified version eliminating the subset from the plurality of activities.

Abstract: A computer-implemented method for completing queries propagated across a plurality of datasources that may include receiving a search query comprising a search string via an application user interface. Identity information regarding an end user associated with the search query may also be received. At least one role of the end user may be automatically determined and authorization metadata corresponding to the at least one role may be automatically appended to the search query. A plurality of adapters corresponding to the datasources may be invoked and the appended search query may be passed to the adapters. The appended search query may be translated by the adapters into a plurality of translated search queries according to the syntax and format configurations of the datasources. The translated search queries may be automatically submitted to the corresponding datasources. Responsive results may be automatically received and presented at an end user computing device.

Abstract: Methods, systems, and apparatuses for providing access to records of a database stored on a database server in a cloud database platform are described herein. A data sharing platform may determine a shared view definition for access to the database. The data sharing platform may determine rules that specify criteria that limit access to the records stored by the database. The one or more first rules may be received via a user interface. The data sharing platform may perform, based on the rules, a data access certification process on the records stored by the database to generate a table of certification results. The data sharing platform may generate, based on the table of certification results, and without modifying the records stored by the database, a limited consumer view definition. Based on updates to the records, a new limited consumer view definition may be generated.

Abstract: Aspects of the technology described herein provide for controlled access to a secure computing resource. A first device may receive a child token from a second device having a parent token. The child token may grant the first device access to a subset of data accessible to the second device. Based on a degree of physical proximity between the first device and a third device associated with a user satisfying a threshold proximity, an indication of a user identifier for the user may be received from the third device. A request for access to a secure computing resource associated with the user may be sent to the second device. The request may include the indication of the user identifier and an indication of the secure computing resource. Access to the secure computing resource may be granted based on the child token and the indication of the identifier.

Abstract: Systems and methods include extraction of a plurality of clauses from each of a plurality of electronic documents, determination, for each of the plurality of clauses and using a machine-learned algorithm, an associated clause type, identification of one or more data privacy protection entities present within each of one or more of the plurality of clauses, determination, for each of the one or more of the plurality of clauses, of a weighted frequency for each of the one or more data privacy protection entities present within the clause based on a type of the data privacy protection entity, determination of a weighted frequency associated with each of the plurality of electronic documents based on the determined weighted frequency for each of the one or more data privacy protection entities present within clauses of the plurality of electronic documents, and storage of an identifier of each of the plurality of electronic documents in association with a respective determined weighted frequency.

Abstract: A candidate attribute combination of a first data set is identified, such that the candidate attribute combination meets a data type similarity criterion with respect to a collection of data types of sensitive information for which the first data set is to be analyzed. A collection of input features is generated for a machine learning model from the candidate attribute combination, including at least one feature indicative of a statistical relationship between the values of the candidate attribute combination and a second data set. An indication of a predicted probability of a presence of sensitive information in the first data set is obtained using the machine learning model.

Abstract: Methods and systems are provided for securing access to confidential data using a blockchain ledger. An update to access permissions can be received from a first entity on behalf of a second entity, the update can change access permissions to a confidential data store. A smart contract that validates the update can be called. Upon consensus from a blockchain community, the update to the access permissions for the second entity can be executed. The blockchain community can be a plurality of different organizations that share access to the confidential data store, and the update can be appended to a blockchain ledger that stores access permissions for the blockchain community.

Abstract: Some embodiments enable distributing data (e.g., recorded video, photographs, recorded audio, etc.) to a plurality of users in a manner which preserves the privacy of the respective users. Some embodiments leverage homomorphic encryption and proxy re-encryption techniques to manipulate the respective data so that selected portions of it are revealed according to an identity of the user currently accessing the respective data.

Abstract: Composite biometric authentication is provided to multiple users that share a financial account. The users can enroll the account for composite biometric authentication. The enrollment can include recording multiple biometrics of each user and storing them as a composite to use in authenticating user requests to authorize transactions involving the shared financial account. A unique combination of biometrics can be generated including a biometric of the multiple biometrics of each of the users and stored such that the unique combination must be provided to authenticate a future user request. To proceed with a transaction, a user of the multiple users initiates the transaction and provides their part of the unique combination. The other users provide their part of the unique combination by providing the specific biometric of the multiple biometrics they have previously provided. The transaction proceeds when all shares of the unique combination are provided and authenticated.

Abstract: Disclosed is a method for each party of a group of m parties to be able to learn an Nth smallest value in a combined list. The method includes providing a value Ri to a group of members; computing how many numbers are smaller than Ri in a respective list of values for each respective member of the group of members; computing, a total number of smaller values (Pi); identifying a position of Ri in a combined list of values comprising each respective list of values; when N=Pi+1, returning Ri; when N is greater than Pi+1, removing all values smaller than Ri in their respective list of values and setting N=N?(Pi+1); when N is less than Pi+1, removing all numbers bigger than Ri in their respective list of value; and setting i=i+1.

Abstract: In an embodiment of the present invention, users with the appropriate permission can launch a function inside a system in order to anonymize and export the currently loaded study or studies, or one or more studies identified by a search criteria. The data from the studies that were identified is then anonymized on the system. In an embodiment of the present invention, the data from selected studies is anonymized on a server, and only then transmitted to another network device. In an alternative embodiment of the present invention, the data from selected studies is anonymized on a server, and only then stored to a hard disk or other media.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing network traffic to automatically recognize anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic, and to identify topics relevant to a user of a particular network device so that communications to such a user are more likely to relate to a topic of interest to the user.

Abstract: An information processing apparatus includes: a memory; and a processor coupled to the memory and configured to: receive personal data related to a personal data originator; receive agreement information on a processing method for the personal data agreed between the personal data originator and a personal data user who uses the personal data; process the personal data by the processing method defined in the agreement information; and attach a digital signature to processed data and output the processed data.

Abstract: An apparatus, related devices and methods, having memory to store instructions; and a processor to execute the instructions, and the apparatus is configured to receive, by a remote browser isolation (RBI) proxy from a client device, a transfer request to send data to a destination application, wherein the client device is running an RBI agent and includes a Data Loss Prevention endpoint (DLPe) module, and wherein communications between the client device and the destination application are routed through the RBI proxy; receive a plurality of inputs to the client device associated with the transfer request; create a submission request that includes the plurality of inputs and metadata; send the submission request to the DLPe module; receive a response from the DLPe module, wherein the response includes an instruction to allow, to disallow, or to amend and allow the submission request; and process the submission request according to the instruction.

Abstract: Described herein is a system and method of application container access, the method includes performing a foreground unlock on an application container; creating a copy of a container key of the application container; locking the application container; receiving a background unlock trigger; determining whether a background unlock is authorized; performing the background unlock on at least a portion of the application container using the copy of the container key in response to determining the background unlock is authorized; and storing data in the at least a portion of the application container while the application container is in the background unlock.

Abstract: Methods, systems, devices, and tangible non-transitory computer readable media for configuring and implementing application policies are provided. The disclosed technology can access application policy data associated with implementing an application policy. The application policy data can include rules associated with implementing the application policy by using organizational data associated with a plurality of applications that includes a set of extra-organizational applications that perform operations associated with a different set of extra-organizational applications. Based on the application policy data, organizational records of the organizational data that satisfy the one or more rules can be determined. The plurality of applications associated with the one or more organizational records that satisfy the one or more rules can then be accessed.

Abstract: A method for ensuring integrity of data sent by a vehicle V2X communication device to a control module to ensure operational safety, including: receiving data transferred by vehicle-to-X communication by a first computing apparatus of the V2X communication device, storing the data in a data memory, forwarding the data to a second computing apparatus, receiving the data by the second computing apparatus, establishing whether an action is to be triggered for the data and, in response, transmitting the data to a comparison apparatus, carrying out a comparison test for the data provided by the second computing apparatus with the data stored in the data memory and, in response to the test being passed, outputting the data and/or a control instruction and/or a warning message by the V2X communication device to a control module. Furthermore, a corresponding vehicle-to-X device and the use of the device in a vehicle are disclosed.

Abstract: A method of operation concealment for a cryptographic system includes randomly selecting which one of at least two cryptographic operation blocks receives a key to apply a valid operation to data and outputs a result that is used for subsequent operations. Noise can be added by operating the other of the at least two cryptographic operation blocks using a modified key. The modified key can be generated by mixing the key with a block-unique-identifier, a device secret, a slowly adjusting output of a counter, or a combination thereof. In some cases, noise can be added to a cryptographic system by transforming input data of the other cryptographic operation block(s) by mixing the input data with the block-unique-identifier, device secret, counter output, or a combination thereof. A cryptographic system with operation concealment can further include a distributed (across a chip) or interweaved arrangement of subblocks of the cryptographic operation blocks.

Abstract: A system on a chip (SoC) includes a security processor configured to form a Boolean mask, to form a shifted-row Boolean mask from the Boolean mask, and to add the shifted-row Boolean mask to cipher text to form Boolean-masked cipher text. The SoC includes a decryption engine configured to apply a shift rows operation to the Boolean-masked cipher text to form byte-aligned Boolean-masked cipher text, to apply a product of the Boolean mask and a multiplicative mask to the byte-aligned Boolean-masked cipher text to form multiplicatively masked cipher text, to perform an inverse byte substitution operation on the multiplicatively masked cipher text by applying a product of the Boolean mask and an inverse of the multiplicative mask to the multiplicatively masked cipher text to form Boolean-masked intermediate data, and to apply mix columns logic to the Boolean-masked intermediate data to form byte-shifted Boolean-masked output data.

Abstract: The present invention provides a bit decomposition secure computation system comprising: a share value storage apparatus to store share values obtained by applying (2, 3) type RSS using modulo of power of 2 arithmetic; a decomposed share value storage apparatus to store a sequence of share values obtained by applying (2, 3) type RSS using modulo 2 arithmetic; and a bit decomposition secure computation apparatus that, with respect to sharing of a value w, r1, r2, and r3 satisfying w=r1+r2+r3 mod 2{circumflex over (?)}n, where {circumflex over (?)} is a power operator and n is a preset positive integer, being used as share information by the (2, 3) type RSS stored in the share value storage apparatus, includes: an addition sharing unit that sums two values out of r1, r2 and r3 by modulo 2{circumflex over (?)}n, generates and distributes a share value of the (2, 3) type RSS with respect to the sum; and a full adder secure computation unit that executes addition processing of the value generated by the addition s

Abstract: The present disclosure relates to a terminal device, a method and apparatus for unlocking a screen of the terminal device. The terminal device comprises a touch and display chip; the method is used on the touch and display chip and comprises: when the terminal device is in a dormant state, displaying a screen unlocking interface on the screen if touch information is detected on the screen; acquiring unlocking information for unlocking the screen via the screen unlocking interface; and unlocking the screen when the unlocking information is consistent with corresponding verification information. The terminal device, the method and apparatus for unlocking the screen of the terminal device according to the present disclosure greatly reduce the power consumption of the terminal device, and save battery power. Furthermore, the touch and display chip enables user verification during unlocking process to be securer.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer-storage media, for enforcing policies for computing devices. In some implementations, content for presentation by an electronic device is received. Context data indicating a current context of the electronic device is obtained. Policy data indicating a policy corresponding to at least one of the electronic device, a user of the electronic device, the content for presentation, or data associated with the content is accessed. The policy indicates one or more context-dependent limitations on presentation of the content by the electronic device. Presentation of the content by the electronic device is managed based on a set of actions the policy permits for the current context.

Abstract: An integrated circuit including an input terminal and an output terminal, signal generator circuitry that generates a pseudo-random digital signal provided at the output terminal, and comparator circuitry that compares an input signal received via the input terminal with the pseudo-random digital signal for providing a tamper detection signal indicative thereof. The signal generator circuitry may be a pseudo-random binary sequence generator or may be a linear-feedback shift register with software triggered reloading. The comparator circuitry may include a Boolean logic exclusive-OR gate for comparing the output and input signals. A method of detecting tampering including generating and providing a pseudo-random digital signal at an output terminal and comparing an input signal received via an input terminal with the pseudo-random digital signal for providing a tamper detection signal indicative thereof.

Abstract: The hardware and software properties of a three-dimensional printer can be queried and applied to select suitable directly printable models for the printer, or to identify situations where a new machine-ready model must be generated. The properties may be any properties relevant to fabrication including, e.g., physical properties of the printer, printer firmware, user settings, hardware configurations, and so forth. A printer may respond to configuration queries with a dictionary of capabilities or properties, and this dictionary may be used to select suitable models, or determine when a new model must be created. Similarly, when a printable model is sent to the printer, metadata for the printable model may be compared to printer properties in the dictionary to ensure that the model can be fabricated by the printer.

Abstract: The present invention is a method for accessing a model of a building; selecting a foundation; isolating a plurality of wall panels, wherein the wall panels are comprised of a set of members; selecting a group of the set of members which interface with the foundation, wherein the interface is identified as a connection between a wall member and the foundation; detecting an interface type between the foundation and the wall member, wherein each interface has a predetermined set of requirements; calculating a set of actual values associated with the interface type; comparing the set of actual values with a set of required values and determining the delta of the actual values and the required values; and identifying each interface where the delta is outside a predetermined range.

Abstract: A system is provided that facilitates the building of a structure according to a project architectural design plan. The system provides standardized information to participants associated with a project based on the project design plan. The project architectural design plan can be compliant with one or more standards stored by the system. The project design plan can also incorporate information regarding products that are utilized in the project such as a plurality of prefabricated building modules. The requirements for a product are dictated by the standards established for the product and the project. Information about products used in the project can be embedded in links of the project architectural design plan.

Abstract: Systems and methods for simulating cyber-physical systems are disclosed. A plurality of geographic simulation layers representing respective infrastructure sectors of a real-world environment may be generated, and the layers may be linked together with one another to create a multi-layer simulation. The associations between the layers of the simulation may be adjusted, and characteristics of the simulation layers themselves may be adjusted, to ensure that the simulation conforms to characteristics of the real-world environment being simulated. In some embodiments, a multi-user simulation system allows users at separate terminals to execute attack inputs and defense inputs against the simulation to try to destabilize and stabilize the simulation, respectively. Results of the attack inputs and defense inputs may be simultaneously displayed on a plurality of terminals.

Abstract: A non-transitory processor-readable medium includes code to cause a processor to receive aerial data having a plurality of points arranged in a pattern. An indication associated with each point is provided as an input to a machine learning model to classify each point into a category from a plurality of categories. For each point, a set of points (1) adjacent to that point and (2) having a common category is identified to define a shape from a plurality of shapes. A polyline boundary of each shape is defined by analyzing with respect to a criterion, a position of each point associated with a border of that shape relative to at least one other point. A layer for each category including each shape associated with that category is defined and a computer-aided design file is generated using the polyline boundary of each shape and the layer for each category.

Abstract: A computing device includes a processor and a storage device. A wafer asset modeling module is stored in the storage device and is executed by the processor to configure the computing device to perform acts identifying and clustering a plurality of assets based on static properties of a wafer asset using a first module of the wafer asset modeling module. The clustered plurality of assets is determined based on dynamic properties of the wafer asset using a second module of the wafer asset modeling module. Event prediction is performed by converting a numeric data of the clustered plurality of assets to a natural language processing (NLP) domain by a third module of the wafer asset modeling module. One or more sequence-to-sequence methods are performed to predict a malfunction of a component of the wafer asset and/or an event based on past patterns. Prediction information is stored in the storage device.