Abstract: Sequential hypothesis testing in a digital medium environment is described using continuous data. To begin, a model is received that defines at least one data distribution. Testing data is also received that describes an effect of user interactions with the plurality of options of digital content on achieving an action using continuous non-binary data. Values of parameters of the model are then estimated for each option of the plurality of options based on the testing data. In one example. A variance estimate is then generated based on the estimated values of the parameters of the model for each option of the plurality of options. From this, a determination is made as to a decision boundary based on the variance estimate and an estimate for a mean value of each option of the plurality of options based on the testing data.

Abstract: Systems, apparatus, and methods are disclosed for foreline diagnostics and control. A foreline coupled to a chamber exhaust is instrumented with one or more sensors, in some embodiments placed between the chamber exhaust and an abatement system. The one or more sensors are positioned to measure pressure in the foreline as an indicator of conductance. The sensors are coupled to a trained machine learning model configured to provide a signal when the foreline needs a cleaning cycle or when preventive maintenance should be performed. In some embodiments, the trained machine learning predicts when cleaning or preventive maintenance will be needed.

Abstract: A system is provided for training an inferential model based on selected training vectors. During operation, the system receives training data comprising observations for a set of time-series signals gathered from sensors in a monitored system during normal fault-free operation. Next, the system divides the observations into N subgroups comprising non-overlapping time windows of observations. The system then selects observations with a local minimum value and a local maximum value for all signals from each subgroup to be training vectors for the inferential model. Finally, the system trains the inferential model using the selected training vectors. Note that by selecting observations with local minimum and maximum values to be training vectors, the system maximizes an operational range for the training vectors, which reduces clipping in estimates subsequently produced by the inferential model and thereby reduces false alarms.

Abstract: Provided are aspects relating to methods and computing devices for allocating computing resources and selecting hyperparameter configurations during continuous retraining and operation of a machine learning model. In one example, a computing device configured to be located at a network edge between a local network and a cloud service includes a processor and a memory storing instructions executable by the processor to operate a machine learning model. During a retraining window, a selected portion of a video stream is selected for labeling. At least a portion of a labeled retraining data set is selected for profiling a superset of hyperparameter configurations. For each configuration of the superset of hyperparameter configurations, a profiling test is performed. The profiling test is terminated, and a change in inference accuracy that resulted from the profiling test is extrapolated. Based upon the extrapolated inference accuracies, a set of selected hyperparameter configurations is output.

Abstract: A data processing method and device are provided. The method includes: extracting a plurality of data sets from unlabeled data; and for each data set, creating a plurality of sample sets by assigning labels to data samples in the data set, respectively training, for each sample set created from the data set, a classifier by using the sample set and labeled data, obtaining a sample set that corresponds to a trained classifier with the highest performance, and adding the obtained sample set to a candidate training set. Each sample set includes the first preset number of data samples with respective labels, the labels of the data samples in each sample set constitutes a label combination, and label combinations corresponding to different sample sets are different from each other. The method also includes adding a second preset number of sample sets in the candidate training set to the labeled data.

Abstract: Techniques for performing visual clustering with a hierarchical graph neural network framework including a joint linkage prediction and density estimation graph model are described. Embodiments herein recurrently run the joint linkage prediction and density estimation graph model to generate intermediate clusters in multiple iterations (e.g., until convergence) to obtain a final clustering result. In certain embodiments, for each iteration, the input graph contains nodes that are merged from nodes assigned to intermediate clusters from the previous iteration. By using a small and fixed bandwidth k in each iteration, embodiments herein alleviate the sensitivity to the k selection for different clustering applications. Certain embodiments herein remove the tuning of a different k (e.g., k-bandwidth) for k-nearest neighbor graph construction over different clustering applications.

Abstract: The present disclosure provides an early warning method and an early warning system for a detection device located at an energy metering point of natural gas, comprising: obtaining a first detection data set collected by the detection device located at the energy metering point of the natural gas, determining a first cluster center set through clustering a first historical detection data set, determining a first vector corresponding to the first detection data set based on the first detection data set, determining a first target cluster center based on the first vector and the first cluster center set; and determining whether the detection device is abnormal based on a distance between the first vector and the first target cluster center.

Abstract: Techniques for collecting, synchronizing, and displaying various types of data relating to a road segment enable, via one or more local or remote processors, servers, transceivers, and/or sensors, (i) enhanced and contextualized analysis of vehicle events by way of synchronizing different data types, relating to a monitored road segment, collected via various different types of data sources; (ii) enhanced and contextualized analysis of filed insurance claims pertaining to a vehicle incident at a road segment; (iii) advantageous machine learning techniques for predicting a level of risk assumed for a given vehicle event or a given road segment; (iv) techniques for accounting for region-specific driver profiles when controlling autonomous vehicles; and/or (v) improved techniques for providing a GUI to display collected data in a meaningful and contextualized manner.

Abstract: A method and related system detail a split of an architecture of a monolithic application into an architecture of a micro service application. The method receives source code for the monolithic application, and maps the source code into a directed graph. The graph is split into subgraphs and optimized. The method further provides the detailing of the micro service application split, based on the subgraphs.

Abstract: A computing system captures markerless motion data of a user via a camera of the computing system. The computing system retargets the first plurality of points and the second plurality of points to a three-dimensional model of an avatar associated with the user, wherein the avatar is associated with an identity non-fungible token that uniquely represents the user across Web2 environments and Web3 environments, and wherein retargeting the first plurality of points and the second plurality of points animates the three-dimensional model of the avatar. The computing system renders a video local to the computing system, wherein the video comprises the markerless motion data of the user retargeted to the three-dimensional model of the avatar causing hands, face, and body of the avatar to be animated in real-time. The computing system causes a non-fungible token to be generated, the non-fungible token uniquely identifying ownership of the video.

Abstract: A peer to peer (P2P) system and method for sharing encrypted digital content may be used in a content delivery network system.

Abstract: A data privacy protecting tool operates on behalf of a user to watermark or otherwise fingerprint selected data provided to a digital service provider (DSP) sites/apps. The watermarked data can then be used to monitor a DSP's compliance with distribution or access rules for the user data.

Abstract: A non-transitory computer readable storage medium with instructions executed by a processor maintains different digital identities for different internet browsing personas associated with a real user. Persona selection rules are invoked to automatically designate a selected digital identity for a current internet browsing session. Browser state for the selected digital identity is loaded.

Abstract: A user of a device is authenticated after providing a pass code or other data confirming the user can access data on the device. While the user uses the device, behaviometric data is recorded which includes measures of how the user uses the device. Additional data, however, can only be accessed with a biometric and/or second authentication after collecting at least some behaviometric data, in embodiments of the disclosed technology. Depending on how close of a match the behaviometric data received is to previously recorded behaviometric data for the particular user, a threshold minimum is set for the biometric match in order to grant stepped up authentication and authorization to view the additional data. In this manner, a legitimate user often requires less time to authenticate compared to the prior art and a fraudulent user is rejected from access to sensitive data more accurately.

Abstract: A method and an electronic device for authentication is provided. When a user performs a touch operation on an icon of a first application, a biological feature of the user is directly collected without displaying an authentication screen, the collected biological feature is compared with a biological feature bound to the first application, and when a comparison result indicates that the collected biological feature matches the biological feature bound to the first application, the first application is logged in to. Based on the foregoing process, authentication can be implemented through only one interaction between the user and the electronic device, so that user operations are simplified.

Abstract: The purpose of the present invention is to provide a portable terminal and an application software start-up system whereby the application software that is started up is limited depending on the state of a user, thereby providing an improved ease of use. For this purpose, an application software start-up method for an information processing device comprises: performing identity authentication based on static biological information; determining the state of the user by comparing dynamic biological information acquired from the body of the user with previously measured dynamic biological information; and limiting the application software that is started up in accordance with the determined state of the user and on the basis of a permission level that is set in advance for each application software item.

Abstract: A method and system for a one-time authentication interaction to conduct electronic financial transactions using a wearable smart ring device is described. In one embodiment, a method includes detecting, by a mobile device, that a wearable smart ring device is being worn by a user. The method also includes receiving, by the mobile device, authentication information associated with the user, and comparing the received authentication information with stored authentication information associated with the user. Upon determining that the received authentication information matches the stored authentication information, the wearable smart ring device is authorized to conduct electronic financial transactions. Additionally, the wearable smart ring device remains authorized to conduct electronic financial transactions as long as it is worn by the user. Once removed from the user's finger, the wearable smart ring device is de-authorized.

Abstract: Machine-based verification is minimized by presenting a web page to a user that includes a number of objects in a verification image, and then instructing the user to click on the objects in the verification image in a particular order. The user selected order is then compared to a known correct order, and verification is complete when the user selected order matches the known correct order.

Abstract: A system for link device authentication includes a computing device configured to acquire, from an originating device, an identifier of an endpoint device, obtain an endpoint device authentication code corresponding to the identifier, determine, as a function of the identifier, a location of the endpoint device, identify a plurality of link devices, select, from the plurality of link devices, at least a probabilistically verified link device as a function of the location of the endpoint device, and transmit, to the at least a probabilistically verified link device, the endpoint device authentication code.

Abstract: An information processing apparatus includes a controller that, in response to capturing of an operation target and an authentication object by an image capturing unit, controls notification of information used for operating the operation target.

Abstract: A System Platform establishes a Genuine User ID (“GUID”) (based upon input received from an Identity Management Source), creates a user profile for an Intended User, generates a unique data set based upon input associated with the user profile and a digital device it has registered to the Intended User, which is securely provisioned on the digital device. The output of the GUID in combination with the output of an algorithm in a provisioning application enables the digital device to respond to Access Requests at an Access Point. The response from the genuine Intended User's application on their genuine digital device produces a unique data package which combines the GUID, a device ID for the digital device and the output of the algorithm using the payload obtained from one or more data management sources.

Abstract: A method of operating an electronic device includes generating scramble control codes. The scramble codes are generated by generating a random number, shifting the random number to produce a shifted random number, generating control signals by selecting different subsets of the shifted random number, and generating scramble control words by selecting different subsets of the random number based upon the control signals. The method further includes receiving a password comprised of sub-words and scrambling those sub-words according to the scramble control codes, retrieving a verification word comprised of sub-words and scrambling those sub-words according to the scramble control codes, and comparing the scrambled sub-words of the password to the scrambled sub-words of the verification word to thereby authenticate an external device that provided the password.

Abstract: A computer implemented method to detect anomalous behavior of a software container having a software application executing therein, the method including receiving a sparse data representation of each of a: first set of container network traffic records; a first set of application traffic records; and a first set of container resource records, and training an hierarchical temporal memory (HTM) for each first set, wherein the container network traffic records correspond to network traffic communicated with the container, the application traffic records correspond to network traffic communicated with the software application, and the container resource records correspond to the use of computer resources by the container; receiving a sparse data representation of each of a: second set of container network traffic records; a second set of application traffic records; and a second set of container resource records; executing the trained HTMs based on each respective second set to determine a degree of recognition o

Abstract: A method to implement traceability and provability on a particular project in software development based on blockchain-recorded transactions of assigned developer time, the method comprising of the following steps: setting up a blockchain network comprised of a distributed, redundant, and tamper-resistant ledger; issuing each user an attestable pre-fabricated and signed virtualized environment on approved hardware that comes with functionality required for the user's role implemented as one of a set of virtual machine templates fashioned from a signed and approved pre-fabricated image; and verifying that assigned developer time is valid, and if so, record each development action on the ledger to enable extensive tracking and auditing of end-to-end software development process.

Abstract: Embodiments described herein provide for virtual machine (VM) based exploit mitigation techniques that can be used to harden web content frameworks and JavaScript Engines. Some embodiments described herein are also generally applicable to other system frameworks, libraries, and program code that executes on a processor that is vulnerable to an attack using a security exploit. Program code that implements the techniques described herein can prevent the use of security exploit attacks to bypass security properties within the program code.

Abstract: Methods and apparatus are disclosed for attesting integrity of a program. A method may comprise: sending to a second device a first request for validating integrity of a program on the second device; receiving a first response from the second device, wherein the first response comprises information regarding one or more tags collected during operation of the program; and attesting integrity of the program based on the first response and an expected response.

Abstract: Methods and systems are provided to determine when a first electronic device is emulating a second electronic device. The first electronic device may be operated through indirect inputs such as through a mouse and keyboard. The second electronic device may be operated through direct inputs such as inputs received through a touchscreen. Interaction data received from the first electronic device may be used to determine that the first electronic device is operating an emulator. Interaction data may include data associated with scrolling on the electronic device and such data may allow a determination that the electronic device received indirect inputs and, thus, is operating an emulator.

Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.

Abstract: A memory system includes a first memory and a second memory that share common addresses received from a memory controller, wherein the first memory includes a first scrambling circuit suitable for scrambling a common address to generate a first scrambled address designating a word line to be activated in the first memory, and the second memory includes a second scrambling circuit suitable for scrambling the common address to generate a second scrambled address designating a word line to be activated in the second memory, and the first scrambling circuit and the second scrambling circuit perform a scrambling operation in such a manner that neighboring word lines, adjacent to a word line selected by a first common address, are selected a most in one memory among the first memory and the second memory by a second common address other than the first common address.

Abstract: A computer-implemented method, computer program product and computing system for: a computer-implemented method is executed on a computing device and includes: obtaining object information concerning one or more initial objects within a computing platform in response to a security event; identifying an event type for the security event; and executing a response script based, at least in part, upon the event type.

Abstract: Systems and methods for correlating access-system primitives generated by an access control system and semantic primitives generated by a sensor data comprehension system.

Abstract: Certain aspects of the present disclosure provide techniques for identifying fraudulent user identifiers in a software application. An example method generally includes generating a vector representation of a user identifier. Using a first machine learning model and the vector representation of the user identifier, a fingerprint representative of the user identifier is generated. Using the first machine learning model and the generated fingerprint, a score is generated. The score generally describes a likelihood that the user identifier corresponds to a fraudulent user identifier. One or more similar user identifiers are identified based on the generated fingerprint and a second machine learning model. One or more actions are taken within a computing system relative to a user associated with the user identifier based on the generated score and the identified one or more similar user identifiers.

Abstract: A first computing device on a first network establishes a secure communications channel with a second computing device on a second network. The first computing device receives, via the secure communications channel from the second computing device, a first software product and a first software product identifier that identifies a previously manufactured first software product. The first computing device obtains first validation information that uniquely identifies the previously manufactured first software product. The first computing device analyzes the first validation information and the first software product to determine whether the first software product is different from the previously manufactured first software product. The first computing device, in response to determining that the first software product is different from the previously manufactured first software product, sends a first message to the second computing device indicating that the first software product is not validated.

Abstract: Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or data isolation. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a rootkit defense mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or prevention of malicious code, for example, in a manner/context that is isolated and not able to be corrupted, detected, prevented, bypassed, and/or otherwise affected by the malicious code.

Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.

Abstract: Techniques for detecting container threats are described. A method of detecting container threats includes receiving, by a scanning agent on a scanner container on a host in a provider network, event data from a plurality of collection agents corresponding to a plurality of customer containers on the host, determining, by the scanning agent, the event data matches at least one known threat, and generating, by the scanning agent, event findings associated with the event data.

Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.

Abstract: An apparatus to facilitate permissions at a computing system platform is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent and attestation hardware to detect an update at the computing system platform, generate a cryptographic key associated with each of the plurality of agents, perform an attestation with a relying party using the generated cryptographic keys and receive a tuple associated with each of the plurality of agents, wherein a tuple includes one or more permissions indicating platform resources an agent is permitted to access.

Abstract: An integrated circuit can include a communication endpoint configured to maintain a communication link with a host computer, a queue configured to receive a plurality of host commands from the host computer via the communication link, and a processor configured to execute a device runtime. The processor, responsive to executing the device runtime, is configured to perform validation of the host commands read from the queue and selectively execute the host commands based on a result of the validation on a per host command basis. The host commands are executable by the processor to manage functions of the integrated circuit. The queue is implemented in a region of memory that is shared by the integrated circuit and the host computer.

Abstract: Described herein is a framework for secure boot process. In accordance with one aspect, in response to detecting a power signal, a first boot software component according to a boot sequence is loaded. In response to determining no event has occurred, at least one additional boot software component is successively loaded according to the boot sequence in an uninterrupted boot process. In response to determining the end of the boot sequence is reached, the operating system may then be loaded.

Abstract: A method provides the capability to maintain integrity of a data image stored by computing a hash value (“digest”) of the data image and comparing the hash value computed for the data image with a hash value computed for the data image and kept in a non-volatile area of memory. Bit flips in the data image that are a result of memory hardware errors reveal themselves as differences in the digest computed for the data image and the computed digest for the data.

Abstract: Systems and methods are provided for the classification of identified security vulnerabilities in software applications, and their triage based on automated decision-tree triage and/or machine learning. The disclosed system may generate a report listing detected potential vulnerability issues, and automatically determine whether the potential vulnerability issues are exploitable using automated triage policies containing decision trees or by extracting vulnerability features from the report and processing the extracted vulnerability features using machine learning models.

Abstract: According to one or more embodiments, an electronic device comprises: a display device; a memory for storing at least one source code and a comparison file including any one of a modification and a vulnerability, in which each of at least one character string included in a patch file corresponding to the at least one source code is classified; and a processor functionally connected to the memory and the display device, wherein the processor can be set to load the at least one source code stored in the memory, compare a character string included in the comparison file corresponding to the at least one source code with a character string included in the source code, and provide, through an output device, at least one piece of information from among pieces of information about whether the identified source code is patched, the probability that the source code is patched, and a vulnerability in the source code, on the basis of the result of the comparison.

Abstract: Apparatus, methods, and articles of manufacture or disclosed for implementing risk scoring systems used for vulnerability mitigation in a distributed computing environment. In one disclosed example, a computer-implemented method of mitigating vulnerabilities within a computing environment includes producing a risk score indicating at least one of: a vulnerability component, a security configuration component, or a file integrity component for an object within the computing environment, producing a signal score indicating a factor that contributes to risk for the object, and combining the risk score and the signal score to produce a combined risk score indicating a risk level associated with at least one vulnerability of the computing system object. In some examples, the method further includes mitigating the at least one vulnerability by changing a state of a computing object using the combined risk score.

Abstract: Generation of a first prediction model is caused based on first training data, where the first prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack. For each training instance in the first training data, the first prediction model is used to generate a score. Each training instance is added to second training data if the score is greater than a threshold value. The second training data is a subset of the first training data. Generation of a second prediction model is caused based on the second training data, where the second prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: receiving, from a first application, a request to obtain first account data for a user account associated with a protected data resource; generating fake data for at least a portion of the requested first account data; providing, to the first application, a first data set in response to the request, the first data set including at least the generated fake data; monitoring use of the first data set by the first application; detecting a trigger condition indicating misuse of account data based on monitoring use of the first data set by the first application; in response to detecting the trigger condition, generating a notification identifying the misuse of account data; and transmitting the notification to a computing device associated with an application user.

Abstract: A method and system of applying a security vulnerability assessment of a software program. The method comprises directing, from a security assessing server, to a software program under execution, a plurality of attack vectors, diagnosing a set of results associated with the software program under execution as comprising a security vulnerability, the set of results produced based at least in part on the plurality of attack vectors, and assessing a monetary premium of a risk insurance policy merited by an enterprise based at least in part on a level of control ceded to an attacker in accordance with the set of results.

Abstract: A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.

Abstract: An apparatus includes a processor, persistent memory coupled to the processor, and a memory protection logic. The processor may include multiple processing engines. The persistent memory may include a persistent storage portion and a memory expansion portion. The memory protection logic is to: obtain a first ephemeral component associated with the persistent storage portion; generate a persistent key using the first ephemeral component; obtain a second ephemeral component associated with the memory expansion portion; and generate a non-persistent key using the second ephemeral component. Other embodiments are described and claimed.

Abstract: A digital artwork display device, a digital artwork management method, and an electronic device are provided. The digital artwork display device includes a registration circuit, a transaction circuit, and a file decryption circuit. The registration circuit is configured to apply for a device identifier and a device public-private key pair, and the device public-private key pair includes a device public key and a device private key. The transaction circuit is configured to acquire a use license, and the use license includes the device identifier and a content key ciphertext obtained by encrypting a content key by using the device public key. The file decryption circuit is configured to decrypt the content key ciphertext in the use license by using the device private key to obtain the content key, and decrypt an encrypted file by using the content key to obtain an original file.