Abstract: A device may receive a machine learning model, training data, and test data, and may perform a unit test on the machine learning model to generate unit test results. The device may perform regression tests on the machine learning model, with the training data and the test data, to calculate model scores, create graphs, determine inference delays, and identify missing points for the machine learning model. The device may perform scale and longevity tests on the machine learning model, with the training data and the test data, to identify additional missing points and calculate a resource utilization for the machine learning model. The device may update the machine learning model, to generate an updated machine learning model, based on the unit test results, the model scores, the graphs, the inference delays, the missing points, the additional missing points, or the resource utilization.

Abstract: A system converts a first input idea vector representing an idea into a first contracted vector. The system generates one or more second contracted vectors in a multivariate space to which the first contracted vector belongs, based on a value of a first predetermined component of the first contracted vector in the multivariate space. The system generates, respectively from the one or more second contracted vectors, one or more first output idea vectors representing a candidate idea to be proposed to a user. The multivariate space is configured to maintain a similarity between an input idea vector for generating a contracted vector and an output idea vector generated from the contracted vector and a similarity between the first predetermined component of the contracted vector and a first predetermined index value.

Abstract: Apparatus, systems and methods are provided that create an improved forensic investigation graph. Nodes of connected data are clustered according to a maximal nearest neighbor algorithm to create maximal nearest neighbor clusters. A first node of data is directly connected to at least a second node of data and indirectly connected to a third node of data through the second node. The nearest neighbor includes only sets of nodes that are directly connected. A cluster of data includes combinations of connected nodes. A cluster of nearest neighbors only includes combinations of nodes that are directly connected to each other. The maximal nearest neighbor clusters are created by determining all clusters or nearest neighbors and removing all nearest neighbor clusters that are subsets of another nearest neighbor cluster. The maximal nearest neighbor clusters re then displayed on a display. The maximal nearest neighbor clusters represent data acquired in the performance of a forensic investigation.

Abstract: Methods and systems are presented for imputing missing data items within a first dataset based on data associated with a second dataset that is the nearest neighbor of the first dataset. A first mapping model is configured to map data subsets corresponding to a first data source to first positions in a multi-dimensional space. A second mapping model is configured to map data subsets corresponding to a second data source to second positions in the multi-dimensional space. The first and second mapping models are trained together to reduce a distance between positions mapped by the first and second mapping models based on corresponding data subsets that belong to the same entity. A nearest neighbor dataset to the first dataset is identified based on the first and second mapping models. Data associated with the nearest neighbor dataset is used to impute the missing data items of the first dataset.

Abstract: A device for authenticating ownership of media includes a storage case configured to store and protect a media product. The media product includes unique content. An identification module is associated with the storage case. The identification module stores a unique identification code used to identify the media product and an owner of the media product. A transmitter transmits the unique identification code. The transmission of the unique identification code is used to authenticate ownership of the media product to allow the owner to access the unique content of the media product without removing the media product from the storage case.

Abstract: A system and method for creating secure software code. Original code is processed to determine memory states, which are dynamic during execution of the code. Selected functions of the code are duplicated and placed in parallel alternative control paths in order to create protected code with increased path diversity. The state of the memory, or a variable derived therefrom is used to select one of the alternative paths during execution of the protected code.

Abstract: An apparatus, system, or method for authentication, authorization, and access-control is disclosed. The method includes receiving identity information from one or more sources regarding a user attempting to access a resource. The method also includes consolidating the received identity information into a contextualized identity for the user and determining whether to authenticate the user based on the contextualized identity. The method further includes receiving at least one piece of contextual information related to the user and determining whether to enforce a policy based on the authentication of the contextualized identity and at least one piece of contextual information.

Abstract: An example methodology includes, by a computing device, determining that a reset of credentials associated with one or more service accounts is to be performed. The method also includes, by the computing device, responsive to a determination that the reset of the credentials is to be performed, shutting down instances of applications in which the one or more service accounts are used and resetting the credentials associated with the one or more service accounts, wherein resetting the credentials updates current credentials associated with the one or more service accounts to new credentials. The method further includes, by the computing device, propagating the new credentials to the applications in which the one or more service accounts are used and starting the instances of the applications in which the one or more service accounts are used, wherein the started instances of the applications use the new credentials.

Abstract: A system for secure data transfer in a virtual environment receives a request to initiate a virtual interaction session between an avatar and an entity within the virtual environment. The avatar is operated by a user using a user device. The system presents a virtual data reader to the avatar. The virtual data reader comprises a screen to display data. The system receives user input from the user device. The user input includes user information and data object to be transferred to the entity. The user input is transferred from the user input to the virtual data reader. The system receives a security token from the avatar. The system verifies that the user input belongs to the user. The system also determines that the security token is valid. In response, the system transfers the data object to the entity and concludes the virtual interaction session.

Abstract: This information processing device comprises a processor. The processor receives a setting of a job that is processing for the device to execute a function. When the job has been executed using the received setting, if an operation is being performed continuously by an unauthenticated user that is a user who is not authenticated, the processor causes an operator associated with the setting of the job that has been executed to be displayed on a display unit. If an operation is not being performed continuously by the unauthenticated user, the processor hides the operator.

Abstract: The present teaching relates to method, system, medium, and implementations for biometric-based authentication. When an input image representing biometric information of a person to be authenticated is received, a feature vector of the input image is generated based on the biometric information captured in the input image via a convolution neural network (CNN) that is realized using one or more linear activation functions. The person is authenticated based on the feature vector in accordance with a biometric-based recognition model.

Abstract: In one embodiment, a set of feature vectors can be derived from any biometric data, and then using a deep neural network (“DNN”) on those one-way homomorphic encryptions (i.e., each biometrics' feature vector) can determine matches or execute searches on encrypted data. Each biometrics' feature vector can then be stored and/or used in conjunction with respective classifications, for use in subsequent comparisons without fear of compromising the original biometric data. In various embodiments, the original biometric data is discarded responsive to generating the encrypted values. In another embodiment, the homomorphic encryption enables computations and comparisons on cypher text without decryption. This improves security over conventional approaches. Searching biometrics in the clear on any system, represents a significant security vulnerability. In various examples described herein, only the one-way encrypted biometric data is available on a given device.

Abstract: Systems and methods may be used for operation of a hardware fingerprint processing device. A method may include receiving an update including a fingerprint authentication algorithm, verifying a digital signature of the fingerprint authentication algorithm, and in response to verifying the digital signature, loading the fingerprint authentication algorithm into the memory. The loaded fingerprint authentication algorithm may be sued to authenticate a user. For example, a verification method may include receiving information corresponding to an image of a fingerprint, determining whether the fingerprint is authenticated using the fingerprint authentication algorithm, and optionally outputting an indication of whether the fingerprint is authenticated.

Abstract: A secure access token device includes a portable housing, a battery carried by the portable housing, a biometric input device carried by the portable housing and configured to generate biometric data of a user, a status visual indicator carried by the portable housing, an RF antenna carried by the portable housing, a memory carried by the portable housing, and a processor. The processor is carried by the portable housing and coupled to the battery, the biometric input device, the status visual indicator, the RF antenna, and the memory. The processor is configured to store unique tokens in the memory for accessing respective different secured resources, determine a selected unique token from the unique tokens based upon an additional input on the biometric input device, and transit via the RF antenna an RF signal based upon the selected unique token when the biometric data matches an authentic biometric data template.

Abstract: Systems and methods include providing virtual certification number (VCN) authorizations to an external entity by receiving a plurality of secure entity global authorizations comprising global VCN authorizations and global primary account number (PAN) authorizations, identifying the global VCN authorizations, identifying a subset of the global VCN authorizations, each of the subset of the global VCN authorizations corresponding to an external entity authorization, comparing the subset of global VCN authorizations to previously provided VCN authorizations, to identify an unsent VCN authorization, storing a transmittable unsent VCN authorization based on the unsent VCN authorization, providing an unsent authorization indication to the external entity, receiving, from the external entity, a request for the unsent VCN authorization based on providing the unsent authorization indication to the external entity, and providing the transmittable unsent VCN authorization to the external entity, based on storing the tran

Abstract: Methods and systems for mobile cardholder authentication are provided. An access device can obtain interaction data produced during an interaction between a user and the resource provider computer in which the user attempts to obtain a resource from a resource provider and user device data comprising a cryptogram and supplemental data from the user device or another user device operated by the user. The cryptogram of the user device can be validated and the interaction data and user device data can be compared to determine that the user interacting with the access device is the same user as the user that interacted with the resource provider computer. The access device can provide an indication that the resource will be provided to the user responsive to determining that the user interacting with the access device is the same user as the user that interacted with the resource provider computer.

Abstract: Provided is an authentication method, the method comprising sending, by an entity, to a chip, at least one request for getting data; receiving, by the entity, from the chip, data; and, authenticating, by the entity, based on the received data, a family relating to the chip. Other embodiments disclosed.

Abstract: A method for generating a secure, self-authenticating digital document capable of independent and portable authentication of contents, signatures and key meta data associated with key execution events allows a document author to validate new content or accept as correct existing content within any form of media. The method removes dependency upon the contents of a document and any associated signature to demonstrate provenance. The document includes a portable, persistent, and immutable record that becomes self-validating so long as the document can access cloud based resources. The method uses blockchain technology to enable a permanent ledger to verify, serialize and securely store information relating to the execution of those documents in a manner that supports the immutability, persistence and integrity. The portable document determines its own stateless provenance and authenticity by communication with the cloud based elements of the invention.

Abstract: The present invention relates to an apparatus for reinforcing security of a mobile trusted execution environment, and relates to an apparatus for reinforcing security of a mobile trusted execution environment for constructing a general-purpose trusted execution environment. According to an embodiment of the present invention, a technology available for a general purpose in a mobile device operating on the basis of an ARM architecture has effects of configuring a trusted execution environment for guaranteeing safe execution of an application without depending on an existing commercial security technology, and of configuring a mobile trusted execution environment by using a write area execution prevention function and a debugging watchpoint, which are general-purpose hardware functions.

Abstract: Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.

Abstract: Systems and methods for monitoring a plurality of vehicles are provided. The method involves operating at least one processor to: determine, based on cyber risk data corresponding to a plurality of ECU models, a cyber risk score for each ECU model; receive, from each of the vehicles, one or more security logs; map, for each security log, i.) the ECU model of the ECU that recorded the security log, and ii.) the cyber risk score of the ECU model corresponding to the security log; detect a cybersecurity threat in at least some of the vehicles based on i.) at least one event in at least one security log, and ii.) at least one cyber risk score corresponding to the at least one security log; and in response to detecting the cybersecurity threat, transmit an alert indicating at least one vehicle corresponding to the at least one security log.

Abstract: Events of a calendar are identified and evaluated for confidentiality due to an explicit tag, location, participants, or subject matter. In response, permissions of applications on a device are dynamically reduced. Permissions may include permissions to access sensors such as a microphone and camera. Sensors of other devices such as a voice-processing device or Bluetooth device may be disabled. The risk associated with applications on a device may be evaluated based on permissions, usage, collected data, cloud service provider, location, permissions and usage of other users of the application, and other attributes of the application. The risk may be represented as a risk score used to determine whether to perform a mitigation action.

Abstract: A method includes: receiving, by a storage device, a plurality of read commands generated by a tenant from a host; calculating, based on the plurality of read commands satisfying a predetermined condition, each latency of the plurality of read commands and obtaining the calculated plurality of latencies; calculating a uniformity of the plurality of latencies; and determining, based on the uniformity that is within a predetermined ratio range, that there is an attack from the tenant.

Abstract: Infection by viruses and rootkits from data memory devices, data messages and data operations are rendered impossible by construction for the Simultaneous Multi-Processor (SiMulPro) cores, core modules, Programmable Execution Modules (PEM), PEM Arrays, STAR messaging protocol implementations, integrated circuits (referred to as chips herein), and systems composed of these components. Greatly improved energy efficiency is disclosed. A system implementation of an Application Specific Integrated Circuit (ASIC) communicating with a DRAM controller interacting with a DRAM array is presented with this resistance to virus and rootkit infection, and simultaneously capable of 1 Teraflop (Tflop) FP16, 1 TFlop FP32 and 1 Tflop FP64 performance while accessing 1 Tbyte of DRAM with a power budget comparable to today's desktop or notebook computers accessing 8 Gbytes of DRAM.

Abstract: Systems and methods for detecting and configuring imaging optimization settings during a collaboration session in a heterogenous computing platform are described. In some embodiments, an Information Handling System (IHS) may include a heterogeneous computing platform having a plurality of devices and a memory coupled to the heterogeneous computing platform, where the memory includes a plurality of sets of firmware instructions, where each set of firmware instructions, upon execution by a respective device, enables the respective device to provide a corresponding firmware service, and where at least one of the plurality of devices operates as an orchestrator configured to receive telemetry data and change an imaging optimization setting during a collaboration session, at least in part, based upon the telemetry data.

Abstract: A system for providing usage model context aware power management in secure systems with embedded hardware security modules is disclosed. The system determines a context associated with a transaction with a memory device that is initiated by a host device. Based on the context, the system sets conditions within its internal data structures and state machines. The context may indicate that the transaction is a secure transaction requiring cryptographic services of the memory device. Flags are set in firmware of the memory device indicating a need for context aware power management and for cryptographic services. If a power management function to reduce power to the memory device is to be executed, the firmware rejects the transaction until the memory device reenters a functional mode. If the function is not to be executed, the firmware provides the host with a notification of an impending power state change for the memory device.

Abstract: A booting system includes a firmware release server, an electronic device configured to execute a boot loader and first firmware distributed from the firmware release server, the electronic device including at least one processor, a first storage unit configured to store a secret value shared with the firmware release server, a read-only memory (ROM) configured to store a ROM code executable in booting, a second storage unit configured to store the boot loader and the first firmware, where the ROM code, when executed, causes the at least one processor to perform a verification operation on the boot loader based on the secret value and a first endorsement image received from the firmware release server, and where the boot loader is configured to perform a verification operation on the first firmware based on a second endorsement image received from the firmware release server.

Abstract: An electronic device includes at least one processor, a first storage unit configured to store a secret value set by a host, a second storage unit configured to store a boot loader code, a first firmware code, and a second firmware code, and a read-only memory (ROM) configured to store a ROM code executable in a booting operation. The ROM code, when executed, may cause the at least one processor to generate a first booting value based on the secret value and a first hash value for the boot loader code, the boot loader code, when executed, may cause the at least one processor to generate a second booting value based on the first booting value and a second hash value for the first firmware code, and the first firmware code, when executed, may cause the at least one processor to generate a third booting value based on the second booting value and a third hash value for the second firmware code.

Abstract: An electronic device and a method of applying secure booting to the electronic device are provided. The electronic device executes a boot loader, identifies whether a private key is stored in an eFuse, identifies whether the boot loader is a secure system that executes secure booting by using the private key, determines a booting mode based on a result of the identification, and records an encryption key in the eFuse by using a special system loaded from an external memory card, according to the determined booting mode.

Abstract: A computerized machine learning anomaly detection model trained on a plurality of samples of one or more source domains (optionally, one or more source domains and the target domain) is accessed. Using online deep sets, one or more domain vectors are computed for each target domain sample at an observation point, each target domain sample corresponding to a given target domain, where the one or more domain vectors represent a similarity and difference among the source and target domains. The target domain sample is processed using the anomaly detection model trained on the plurality of samples of the source to generate an anomaly score, the processing being based on the computed one or more domain vectors.

Abstract: Provided is an eBPF-based hot patch engine device for protecting kernel vulnerabilities. The eBPF-based hot patch engine device comprises a container-aware code generating unit for generating a container-aware code for identifying a target container, to which a hot patch is attached; and a hot patch configuring unit for configuring an eBPF-based hot patch code for attaching a hot patch to the target container based on the container-aware code. Accordingly, it is possible to prevent attacks based on CVEs, which are known vulnerabilities for container systems, by hot patching kernel-related CVEs at runtime without rebooting and freezing.

Abstract: Disclosed is a method and apparatus for detecting anomalies in a system log on the basis of self-supervised learning, using a language model. The method comprises performing preprocessing on the system log, generating a normal token sequence having a preset length by concatenating tokenized log lines of the system log, generating an abnormal token sequence using the normal token sequence, calculating an anomaly score for a determination target token sequence using a sentence classification model, and determining the token sequence as an abnormal system log when the calculated anomaly score is greater than a threshold value.

Abstract: Techniques for integrating a trusted execution platform with a function-based service framework are disclosed. For example, a method comprises reading configuration information identifying at least one data providing party and at least one function providing party, and generating, based at least in part on the configuration information, an enclave comprising a circuit configured to execute a function. The method further comprises receiving in the enclave and via at least a first secure communication channel, the function from the at least one function providing party, and receiving in the enclave and via at least a second secure communication channel, data from the at least one data providing party. The function and the data are sent to the circuit, wherein the circuit executes the function to compute at least one output based at least in part on the data.

Abstract: The present disclosure relates to a memory system capable of encrypting and storing data, and a memory controller. The memory controller may include a first interface configured to perform data Communication with a first external device, a second interface configured to generate a signal for controlling an operation of a second extern& device and transmit the signal; and a processor configured to receive, from the first external device, a data write command to write data to the second external device, encrypt the data by using one of a plurality of keys stored in a key area provided in the first external device in response to the data write command, and then control the encrypted data to be written to the second external device.

Abstract: An apparatus comprises counter tree circuitry configured to store, in a first node of a counter tree, a representation of a parent counter value and in a second node of the counter tree, wherein the second node is a child node of the first node, an encrypted representation of two or more counter values. The encryption operation for forming the encrypted representation of the two or more counter values takes as an input the parent counter value. The apparatus also comprises integrity checking circuitry to check the integrity of an item of data retrieved from memory based on a comparison between a stored authentication code and a generated authentication code generated based on the item of data and a decrypted counter value determined from an encrypted representation of a counter value retrieved from the second node, decrypted using a parent counter value retrieved from the first node.

Abstract: A method for fast access to a data resource in a blockchain network is provided. The method includes opening a dedicated socket in a server to receive a datum from a data source and authenticating a signature of the data source to verify that the data source is a reliable data source. The method also includes storing the data in a dedicated memory space in the server, allowing a blockchain application to access the data in the dedicated memory space using a function that has accessibility to the dedicated memory space, and writing the data in a blockchain block when a block producer reads the data from the blockchain application. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.

Abstract: Techniques for managing an application token may include providing, by a first service provider application on a communication device to a first service provider computer, a first request for a first application token, receiving, by an account management application on the communication device from a token service computer in communication with the first service provider computer, the first application token, and storing the first application token in a token container in the account management application.

Abstract: An apparatus and method are described for providing a trusted execution environment. The apparatus comprises processing circuitry to execute program code, and interrupt controller circuitry, responsive to receipt of one or more interrupt requests, to select a given interrupt request from amongst the one or more interrupt requests, and to issue an interrupt signal to the processing circuitry identifying a given interrupt service routine providing program code to be executed by the processing circuitry to service the given interrupt request. The interrupt controller circuitry is responsive to the given interrupt request being a trusted execution environment (TEE) interrupt request, to issue the interrupt signal to identify as the given interrupt service routine a TEE interrupt service routine, and to inhibit issuance of any further interrupt signal until the TEE interrupt service routine has been executed by the processing circuitry.

Abstract: Protecting a fragment of a document includes automatically detecting the fragment without user intervention based on the content of the fragment and/or the context of the fragment within a set of documents, selectively encrypting the fragment to prevent unauthorized access, and providing an alternative view of the fragment that prevents viewing and access of content corresponding to the fragment unless a decryption password is provided. Automatically detecting the fragment may include detecting numbers and alphanumeric sequences of sufficient length that do not represent commonly known abbreviations, detecting generic terms, detecting proper names, detecting terms signifying a type of content, detecting mutual location of terms and sensitive content, and/or detecting user defined terms. The generic terms may correspond to password, passcode, credentials, user name, account, ID, login, confidential, and/or sensitive. The proper names may be names of financial organizations and security organizations.

Abstract: A system is provided for controlling resources using parallel computing devices. In particular, the system may comprise one or more applications installed across one or more computing devices, where the one or more applications may be configured to control resource transfers. Certain applications may be configured such that one application, such as a primary application, may implement one or more controls or restrictions on resource transfers that may be executed by another application, or a secondary application. The primary application may further be configured to monitor the secondary application to retrieve various types of data from the secondary application, such as resource transfer metrics data. The system may be configured to, based on the data associated with the secondary application, generate one or more resource-related projections with respect to the secondary application. In this way, the system provides an efficient way to control resource transfers across parallel computing devices.

Abstract: Various embodiments relate generally to data science and data analysis, computer software and systems, and control systems to provide a platform to facilitate implementation of an interface, among other things, and, more specifically, to a computing and data platform that implements logic to facilitate transfer of an exchange of electronic messages to a secure messaging channel having configurable states of synchronicity based on one or more message-related attributes. In some examples, a method may include detecting an electronic message via a first data channel, transmitting an invitation message to transfer an exchange of electronic messages to a secure data channel, establishing a secure data channel, identifying an attribute to initiate routing of an electronic message to generate an automatic response or data representing an agent-assisted response, or both, transmitting an electronic response message as a function of availability of a first data channel, and the like.

Abstract: A method and apparatus for log files of data compression are disclosed. The method comprising: classifying each of a plurality of lines in a plurality of the log files of data with at least two levels hierarchy clustering comprising identifying a plurality of strings repeated in the plurality of lines of the plurality of log files of data. Creating a table matching each of the plurality of strings to a unique value. Creating a vector encoding the unique value matched to each of the plurality of strings using the table. Assigning each of the encoded unique values in the vector, a security relevance score according to the classification of the plurality of lines; and selecting a subset of the encoded unique values such that the encoded unique values in the vector are filtered according to the security relevance score of each unique value.

Abstract: Systems and methods for providing temporary guest access to a media playback system are disclosed. An example implementation involves a computing device configured to generate, after receiving a request from a control device, a guest account operative for a particular period of time. During the particular period of time, the guest account has access to at least one functionality in the media playback system. After the particular period of time and based on one or more messages received from the control device, the commuting device stores the set of data in association with the guest identifier. Based on receiving a request to generate a user account associated with the guest identifier, the computing device generates the user account using the set of data, wherein the user account is associated with the same user as the guest profile and dissociated from the host media playback system.

Abstract: This disclosure describes methods and systems for a biometric identity management system capable of being deployed incrementally one organization at a time, and also reversibly, such that any organization can unsubscribe at any time. A biometric processing engine can perform biometric matching between records from a first database and a second database, whereby the databases have been established independently of each other. Each record comprises a biometric record and a corresponding identifier unique across databases. If a biometric record of a first record and a biometric record of a second record are from a same individual, the first record comprising a first unique identifier and the second record comprising a second unique identifier are linked. Using the first or second unique identifiers, access to information about the individual linked to both the first record in the first database and the second record in the second database is provided.

Abstract: A method and system of masking, redacting, filtering, and encrypting data retrieved from or stored into a database using policies in an information management system. The system comprises application, data protection, and database components. A data protection component is placed between an application component and a database component to provide protection to data in a database by applying data access policies to requests sent from the application component to the database component.

Abstract: Disclosed herein are system, method, and computer program product embodiments for vaultless tokenization. Alphanumeric values may be determined based on numeric values generated from a hash of numeric user information shuffled through a plurality of randomly generated alphanumeric tables. The numeric user information and the alphanumeric values may be used to generate a table index. Shuffled numeric user information may be generated based on the table index and a plurality of randomly generated numeric tables, and transformed to alphanumeric user information (e.g., via format-preserving encryption, additive cipher, etc.). Each character of the alphanumeric user information may be shuffled through a different alphanumeric table of the plurality of alphanumeric tables identified for the character based on the table index. Moreover, an alphanumeric token may be generated based on the shuffled characters of the alphanumeric user information.

Abstract: Aspects of the present disclosure provide systems, methods, apparatus, and computer-readable storage media that support improved watermarking and fingerprinting of a shared dataset. To illustrate, clustering may be performed on the dataset using initial clustering parameters (e.g., a secret key) to assign each record (e.g., attribute) of the dataset to one of multiple clusters. The secret key may be selected by a user or determined automatically based on the clustering algorithm. After the clustering, the records of each cluster may be selected for embedding a portion of fingerprint data based on one or more security parameters (e.g., a hash function, priority values, even/or selection, etc.). The selected records (or portions thereof) may be replaced with corresponding portions of the fingerprint data to embed the fingerprint data within different records as watermarking. Aspects also include analyzing a dataset to verify whether watermarking is present and to extract a fingerprint.

Abstract: Various methods, apparatuses/systems, and media for automatically protecting sensitive information data entering application logs, events, metrics, traces, or other outputs are disclosed. A processor receives source code associated with an application being developed; parses the source code and identifies variables or fields in the source code that include sensitive information data; applies artificial intelligence or machine learning algorithm to the source code to automatically identify variables that contain the sensitive information data based on the identified variables or fields and annotating accordingly. Each annotation is a hint that data associated with corresponding annotation is confidential and sensitive information that should not be published, logged, or printed.

Abstract: Exemplary embodiments for data security include a data access proxy coupled with a database, further coupled with a server configured to operate the data access proxy to: identify a user and request to access a data item; validate the user and request, including inspecting the user's identity, evaluating the user's history, and evaluating permissions and restrictions associated with the user and the data item; access the database to retrieve the data item; inspect security attributes related to the data item; and transform the data item based on one or more privacy rules, including redacting the at least one data item, deleting information from the at least one data item, substituting information from the at least one private data item with other information, adding information to the at least one data item, providing synthetic data as a private data item, or providing proxy data for the data item.

Abstract: Embodiments of this specification provide computer-implemented methods, apparatuses, and computer-readable storage media for interface invocation request processing. In an example interface invocation request processing method, an invocation request for a first interface of an operating system is received from a client application, and the first interface is configured to obtain privacy data. First scenario information is obtained, where the first scenario information is description information of a use scenario of the first interface declared when the client application applies for an invocation permission of the first interface. Current scenario information of the client application is obtained. The invocation request is executed in response to at least that the current scenario information matches the first scenario information.