Abstract: Embodiments of the present invention relate to apparatuses, systems, methods and computer program products for security analysis and validation during construction and deployment of dynamic network components. Specifically, the system is typically structured for identifying and remediating defects in a first resource program code being built at an internal network layer of the first distributed network, in real-time, and validating the first resource program code at both a lower deployment environment and a higher deployment environment. In some aspects, the system, in response to the successful first validation of the first resource program code, stores the first resource program code at an artifactory system. In response to a successful second validation, the system then typically allows deployment of the first resource program code to the lower deployment environment.

Abstract: A method, computer program product, and computer system for clustering data objects. Data objects are accessed. The data objects are sorted. The data objects are transformed into binary words. The binary words are encoded into blocks, using the sorted data objects. Block clusters are generated from the blocks. The block clusters are converted into word clusters. For each word cluster, the word cluster is reconfigured into L word clusters in a manner that minimizes a total number of binary word deviations in the L word clusters, wherein L is at least 1.

Abstract: An approach is provided for securing a secret for usage by an application utilizing a client to retrieve secrets. A request is sent from a client in a workload container within a trusted execution environment (TEE) to retrieve an encrypted secret from an application programming interface (API) server outside the TEE. The request is hooked and sent to the API server by a proxy or a secret proxy plugin within the TEE. The secret is received from the API server by the proxy or secret proxy plugin. An agent within the TEE is called to request a private key. The agent obtains the private key. The secret is decrypted by using the private key. The decrypted secret is returned to the client by the proxy or secret proxy plugin, which ensures that a plain text version of sensitive information in the decrypted secret is not accessible outside the TEE.

Abstract: According to one embodiment, a method, computer system, and computer program product for performing data synchronization between a source DBMS, comprising a trusted database, and a target DBMS, comprising an untrusted datastore and a trusted datastore, is disclosed. The present invention may include upon the source DBMS performing an update to an object in the trusted source database, sending the object change to a trusted data replication engine, encrypting the object change, sending the encrypted object change with a related decryption key to the target DBMS, upon receiving the encrypted object change and the related decryption key at the target DBMS, searching an object related to the object change in the untrusted target data store, identifying a decryption key for the searched object, replacing the identified decryption key by the received decryption key, and integrating the encrypted object change in encrypted form into the untrusted target data store.

Abstract: Systems and techniques are provided for providing microarchitectures for secure computing systems. For example, a process can include obtaining a first instruction associated with a security operation, and, based on the first instruction associated with the security operation, executing, by first one or more computation modules of a plurality of computation modules, the security operation and executing, by second one or more computation modules of the plurality of computation modules, first one or more dummy operations in parallel with the security operation.

Abstract: A computer-implemented method enforces data security constraints in a data pipeline. The data pipeline takes one or more source datasets as input and performs one or more data transformations on them. The method includes using data defining one or more data security constraints to configure the data pipeline to perform a data transformation on a restricted subset of entries of the source datasets. The restriction is defined by the data defining one or more data security constraints. The method further includes performing the data transformation according to the configuration to produce one or more transformed datasets. The method further includes using the data defining one or more data security constraints to perform a verification on one or more of the transformed datasets to ensure that entries in the one or more of the transformed datasets are restricted as defined by the one or more data security constraints.

Abstract: A data providing system (1) according to the present disclosure includes: an optical fiber sensing unit (10) configured to acquire sensing data by performing optical fiber sensing; a processing unit (21) configured to generate processed data by performing processing on the sensing data; a level imparting unit (22) configured to impart an access level according to a processing stage to each piece of data being included in the sensing data and the processed data; and a data providing unit (24) configured to provide each piece of the data to a customer related to the access level.

Abstract: Aspects of the disclosure relate to dynamically controlling access to linked content in electronic communications. A computing platform may receive, from a user computing device, a request for a uniform resource locator associated with an email message and may evaluate the request using one or more isolation criteria. Based on evaluating the request, the computing platform may identify that the request meets at least one isolation condition associated with the one or more isolation criteria. In response to identifying that the request meets the at least one isolation condition associated with the one or more isolation criteria, the computing platform may initiate a browser mirroring session with the user computing device to provide the user computing device with limited access to a resource corresponding to the uniform resource locator associated with the email message.

Abstract: A system and method for system and method for monitoring data before it is input into a machine learning model is provided. Generally, the system and methods of the present disclosure are designed to allow for the secure use of machine learning modules in virtual team environments. A chat module may be used to allow a user to control the use of one or more machine learning modules by inputting commands. The chat module may be incorporated into an existing user interface to add machine learning module functionality to said existing user interface. In some embodiments, a security module may monitor input data entered into the chat module by a user to prevent sensitive information from being distributed to the machine learning module.

Abstract: A system and method for system and method for monitoring data before it is input into a machine learning model is provided. Generally, the system and methods of the present disclosure are designed to allow for the secure use of machine learning modules in virtual team environments. A chat module may be used to allow a user to control the use of one or more machine learning modules by inputting commands. The chat module may be incorporated into an existing user interface to add machine learning module functionality to said existing user interface. In some embodiments, a security module may monitor input data entered into the chat module by a user to prevent sensitive information from being distributed to the machine learning module.

Abstract: Arrangements for dynamic variable determination and labeling are provided. In some aspects, a computing platform may receive historical user data from a plurality of data sources. The computing platform may train, using the historical user data, a machine learning model to generate a plurality of dynamic variable profiles and evaluate data to detect potential unauthorized activity. One or more dynamic variable profiles of the generated plurality of dynamic variable profiles may be associated with a user. User specific data may be received and may include user identifying data and a request for a user event. The user specific data may be input to the machine learning model and, upon execution of the model, the model may output a determination of whether an anomaly exists in the user specific data. If an anomaly is detected, a mitigating action may be identified and transmitted to one or more computing devices for execution.

Abstract: Environments for permission-based cloud storage and file sharing include a cloud-based computing network with interconnected computing devices collectively programmed to interoperate based on a computing environment coordination protocol, where at least a portion of the interconnected computing devices and related systems are configured to store location-specific files associated with worksite location(s), where the worksite location(s) include a construction site, and determine that a user is attempting to access, based on the user scanning a digital image via a user device and providing authentication credentials via the user device, the location-specific files associated with the worksite location(s).

Abstract: In one embodiment, a method includes generating a security policy and converting the security policy into a chaos hypothesis. The method also includes initiating execution of the chaos hypothesis across a plurality of microservices within a technology stack. The method further includes receiving metrics associated with the execution of the chaos hypothesis across the plurality of microservices within the technology stack.

Abstract: Systems and methods utilize a data change repository that supplements existing data in a database by storing various data labels for each record. Each data label comprises a first data characteristic comprising a stateless value and a second data characteristic that comprises a modification characteristic of the stateless value. The systems and methods may then use these additional labels to identify and/or validate the underlying data. As the labels are used for the identification and/or validation (as opposed to the underlying data itself), the systems and methods do not affect, and function despite, security protocols, access restrictions, and/or viewing rights.

Abstract: A host system is configured to upload data files to a cloud system and provide another layer of security to the access controls provided by the cloud system. The host system includes a communication interface for communicating with a storage device and a network interface for communicating with a the cloud system. The host system includes a processors configured to obtain a 2D barcode based on an identifier of the storage device and a network address of an authorizing device associated with an owner of the storage device. The processor is further configured to, responsive to a request to upload a data file to the cloud system, embed the 2D barcode into the data file (the 2D barcode configured to cause a client device attempting to access the data file to send an access request to the authorizing device) and transmit the data file to the cloud system.

Abstract: A system receives, from a first provisioning entity, a request for first secure device data related to a semiconductor device. The first secure device data is associated with one or more provisioning operations performed, on the semiconductor device, by a second provisioning entity. Based on determining that the first provisioning entity has permission to access the first secure device data, the first secure device data is provided to the first provisioning entity. Second secure device data associated with one or more provisioning operations performed by the first provisioning entity on the semiconductor device is received from the first provisioning entity.

Abstract: In general, this disclosure describes a multi-zone secure AI exchange. The multi-zone secure AI exchange may be implemented in a multi-cloud, multi-data center environment, where each zone may be in a different cloud or data center. The multi-zone secure AI exchange may include a data repository, a data exchange, and shared services. The data repository may be configured to store algorithms and datasets, each having a respective owning user. The data exchange may receive datasets and algorithms from the data repository, and may perform the algorithms to produce output data. Each of the data repository, data exchange, and shared services may have a different level of security. The data repository may implement the highest level of security, allowing the owner user, and only the owning user, to control how their data and algorithms move in and out of the data repository, or are changed while in the data repository.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for allowing suitable digital components to be automatically selected and provided to a client device. Methods can include generating a universal identifier for a digital component that is presented in the application. The application updates a set of universal identifiers that has been created for digital components presented by the application over a specified time period. The application identifies digital components and the corresponding universal identifiers that are blocked and generates a probabilistic data structure representing the set of blocked universal identifiers. The application creates multiple shares of the probabilistic data structure and transmits different shares to different servers.

Abstract: Systems and methods for managing column hiding are provided. The systems and methods receive, from a client device, a query associated with a table. The systems and methods determine an access restriction associated with the client device. The systems and methods identify a column of the table that is restricted by the access restriction associated with the client device. In response to identifying the column of the table that is restricted by the access restriction associated with the client device, the systems and methods provide a result of the query that excludes data corresponding to the column.

Abstract: Embodiments of the present disclosure provide techniques for associating use case data with data listings in a structured manner. A processing device provides a listing creation interface that is used to assign a set of use cases to a first data listing and publish the data listing on a data exchange. The data listing is one of a plurality of data listings published on the data exchange and the processing device provides a data listing interface for displaying the plurality of data listings and an interactable menu including a selectable indication of each of the plurality of use cases. In response to receiving a selection of one or more of the plurality of use cases via the interactable menu, the processing device displays in the data listing interface, each of the plurality of data listings that have been assigned any of the selected one or more use cases.

Abstract: An information computer system is provided for securely releasing time-sensitive information to recipients via a blockchain. A submitter submits a document to the system and a blockchain transaction is generated and submitted to the blockchain based on the document (e.g., the document is included as part of the blockchain transaction). An editor may edit the document and an approver may approve the document for release to the recipients. Each modification and/or approval of the document is recorded as a separate transaction on the blockchain where each of the submitter, editor, approver, and recipients interact with the blockchain with corresponding unique digital identifiers—such as private keys.

Abstract: An example operation includes one or more of determining that data stored on a vehicle is sensitive, removing the sensitive data from the vehicle, based on an amount of time until the data is needed to be accessed by the vehicle, and accessing the removed sensitive data, by the vehicle, at a time prior to an end of the amount of time.

Abstract: The technology described herein provides a system and method for securely managing information provided to a machine-learning system. In particular, the machine-learning system may determine that additional user data will improve the accuracy of a task being performed for a user. Security is improved by only requesting access to additional user data after determining that already available data may produce a task response that does not meet quality criteria. Further, the technology determines and requests a limited amount of user data and/or access needed to complete a task successfully. Several methods of determining whether additional user information will improve the task response are contemplated.

Abstract: A method is provided. The method is implemented by an engine to provide private and autonomous control of digital information and services of a user. The engine is executed by a processor within a decentralized platform. The engine, by implementing the method, generates a cryptographically secure and reusable distributed identity for the user and stores the digital information and services on behalf of the user within the decentralized platform. The engine also enables independent, anonymous, and secure management of the digital information and services via the cryptographically secure and reusable distributed identity. The independent, anonymous, and secure management provides direct and private control over the digital information and services to the user. The independent, anonymous, and secure management includes assigning user categories to other digital identities to control access the digital information and services.

Abstract: An endpoint in an enterprise network is instrumented with sensors to detect security-related events occurring on the endpoint. Event data from these sensors is augmented with contextual information about, e.g., a source of each event in order to facilitate improved correlation, analysis, and visualization at a threat management facility for the enterprise network.

Abstract: A method includes receiving, by a data processing apparatus and from a content distribution system, a message comprising a probabilistic data structure representing a set of content items that should not be provided to a user device, content item data for content items available to be provided, and a request to determine whether any content item data is invalid, determining that the content item data for a given content item is invalid because the given content item may be in the set of content items represented by the probabilistic data structure, including removing the content item data for the given content item that was determined to be invalid; and preventing distribution of content items including the given content item.

Abstract: An information processing device receives first data related to travel from a vehicle. The information processing device acquires a predetermined condition that is set by the user and indicates a range of the first data that is permitted to be provided to a third party or a range of the first data that is not permitted to be provided to a third party. Then, the information processing device sends, to the third party server, the data permitted to be provided to the third party extracted based on the predetermined condition among the first data.

Abstract: Embodiments described herein provide techniques for managing sensitive data within maintenance reports. A first maintenance report comprising an instance of text data describing a maintenance event for a first physical apparatus is retrieved and is processed using a trained Named Entity Recognition model to identify instances of one or more words that are associated with a respective real-world name(s). Embodiments determine whether a first identified instance of one or more words represents sensitive data, using a data anonymization rules ontology that describes a plurality of different ways to identify sensitive data within maintenance reports. If the first maintenance report is determined to include sensitive data, the first maintenance report is flagged as a potentially sensitive maintenance report that requires further review.

Abstract: Described systems and techniques enable anonymous collection of sensor data related to vehicle driving events of a vehicle. A start event of the vehicle may be detected, and an anonymous name may be generated, based on the start event. A subset of the sensor data related to a start-specific event of the vehicle may be extracted. The subset of the sensor data may be stored in an event file for the start-specific event that is designated using the anonymous name, and the event file may be uploaded from the vehicle to an external network.

Abstract: The present disclosure provides a method and an electronic apparatus for masking data on an electronic document. The method is performed by the electronic apparatus and includes: displaying the electronic document on a user interface; causing at least one analysis module to perform at least one analysis on the electronic document and a plurality of strings of the electronic document and output a first string among the plurality of strings and first position information associated with the first string according to a result of the at least one analysis; obtaining the first string and the first position information from the at least one analysis module; and generating, based on the first position information and the first string, a first masking object to mask the first string on the electronic document.

Abstract: Techniques for implementing a differentially private variational autoencoder for data obfuscation are disclosed. In some embodiments, a computer system performs operations comprising: encoding input data into a latent space representation of the input data, the encoding of the input data comprising: inferring latent space parameters of a latent space distribution based on the input data, the latent space parameters comprising a mean and a standard deviation, the inferring of the latent space parameters comprising bounding the mean within a finite space and using a global value for the standard deviation, the global value being independent of the input data; and sampling data from the latent space distribution; and decoding the sampled data of the latent space representation into output data.

Abstract: A computer-implemented method for data processing includes obtaining, by each secure multi-party computation (MPC) computation party of a system including a data provider and n secure MPC computation parties, a data message sent by the data provider, where n is an integer greater than 3. As an obtained data message, a first data component is obtained based on the data message. Each MPC computation party, by using the first data component, performs arithmetic sharing processing to obtain a second data component, so as to perform MPC processing, where n data messages received by the n MPC computation parties include: a data message sent after the data provider splits private data into m data components and m data messages each are used to carry one data component, where m is greater than 1 and is less than or equal to n, and m is a positive integer.

Abstract: A processing system uses a residue code-based mechanism to verify data integrity while storing check bits generated using Message Authentication Codes (MACs) at memory locations that traditionally store error correcting code data. Cache data is received from a cache line. Check bits are generated from the cache data and the cache data and check bits are stored at a memory device. Subsequently, the cache data and check bits are retrieved from the memory device. A first MAC hash value is generated from the previously stored cache data and second check bits are generated from the first MAC hash value. A second MAC hash value is generated from the previously stored check bits. The second MAC hash value is compared to the second check bits to verify data integrity of the previously stored cache data. In some implementations, the previously stored check bits are additionally used as error correcting code data.

Abstract: The present invention relates generally to a method and corresponding computer-based devices for securing the integrity of the data for operating a service (8). In particular, the invention relates to a method for generating an intended state (3) of data that can be stored or secured in a medium or system (1), for transferring the intended state of the data to a further system (7), for securing the integrity of the data on the further system and for enabling subsequent analysis after undesired tampering with the data. The invention also relates to computer-based devices, a computer system and a computer network which execute or enable the execution of this method or the individual steps therein, as well as a computer-readable medium with computer-executable instructions.

Abstract: A method of securing data stored in a data storage system using a blockchain is disclosed. The data storage system may be separate from the blockchain. The method comprises: receiving, at a storage interface, data to be stored in the data storage system; computing validation data for validating integrity of the data; creating a storage record comprising the data and writing the storage record to the data storage system; and creating a validation record comprising the validation data and writing the validation data to the blockchain. Also disclosed are a method for validating data using validation data stored in a blockchain, and a method of controlling an energy supply system using a control system and control information for the energy supply system stored in a blockchain.

Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. The nonvolatile memory includes storage areas each configured to store user data. The controller acquires first information related to the number of program/erase cycles for at least one of the storage areas. In response to acquisition of the first information, the controller executes a data erase operation on each of the storage areas. In response to completion of the data erase operation, the controller acquires second information related to the number of program/erase cycles for the at least one of the storage areas. The controller generates an erase certificate that includes the first information and the second information.

Abstract: Methods, systems, and computer program products are presented herein for obfuscating analog circuits using switched phase circuits. In particular, methods, systems, and computer program products using a Switch Mode Time Domain Locking (SMDL) scheme, presented herein, may be used to protect analog circuits. A first input signal to an analog circuit is generated. The first input signal comprises a reference phase. The analog circuit is adapted to perform a predetermined function. A second input signal to the analog circuit is generated. The second input signal comprises a provided phase. Enablement of the predetermined function of the analog circuit is toggled based on alignment of the reference phase and the provided phase.

Abstract: Various embodiments of the present disclosure provide fault injection attack mitigation for an integrated circuit. In one example, an embodiment provides for providing a sampling clock signal to both high voltage threshold (HVT) cells and low voltage threshold (LVT) cells of a fault-to-time converter sensor of an integrated circuit, providing output of the HVT cells and the LVT cells to an encoder stage of the fault-to-time converter sensor, and detecting one or more fault injection attacks with respect to the integrated circuit based on output of the encoder stage.

Abstract: This document describes methods and systems that use an undefined lifecycle state identifier to manage security of a system-on-chip (SoC) integrated circuit (IC) device. As part of the described techniques, the SoC IC device may include a first set of logic integrated circuitry that determines that a first combination of bit values fails to correspond to a known lifecycle state identifier. The first set of logic integrated circuitry may then provide, to a second set of logic integrated circuitry, a second combination of bit values that corresponds to the undefined lifecycle state identifier. The second set of logic integrated circuitry may then place the SoC IC device into an undefined lifecycle state.

Abstract: A system includes a graphics card comprising a first storage area accessible by an operating system and a second storage area inaccessible by the operating system. A processing device coupled to the graphics card can cause, via one or more drivers associated with the operating system, a first screen to be presented in a graphical user interface (GUI) at a user device based on data read from the first storage area. The processing device can also cause, via one or more drivers associated with the graphics card, a second screen to be presented in the GUI based on data read from the second storage area, wherein the second screen overlays a portion of the first screen and presents one or more selectable inputs for authentication.

Abstract: The present invention relates to the management of the execution of resource-intensive operations within a secure element. The operation is formed of a plurality of elementary operations. In order to prevent the operation from monopolizing resources over a long period while high responsiveness of the secure element is sought, in particular in 5G-related technologies, provision is made, upon receipt of an APDU command from a host equipment, to trigger a time counter in order to determine an actual processing duration to process the APDU command. If this duration proves to be less than a predefined duration allocated to the APDU command, one or more of said elementary operations may be executed during the remaining time of said allocated duration. Upon expiry of this allocated duration, the secure element sends a response to the APDU command. The operation may thus be executed gradually without preventing the secure element from being highly responsive to received APDU commands.

Abstract: An electronic device configured for retail display includes a persistent memory on which boot instructions are stored, a storage device on which security monitoring instructions are stored, and a processor configured to execute the boot instructions during a boot sequence to initiate execution of the security monitoring instructions. The processor is further configured, via the execution of the security monitoring instructions, to monitor the retail display of the electronic device for a security trigger event and, upon detection of the trigger event, lock a user interface of the electronic device.

Abstract: A method for inverse modeling of a part includes: importing a first electronic file comprising a three-dimensional reference design of a part; manufacturing the part based on the first electronic file; collecting metrology data for the part and creating a second electronic file comprising the collected metrology data; comparing the first electronic file and the second electronic file and determining a deviation based on the comparison; determining whether the deviation is acceptable; and in the event the deviation is determined not to be acceptable, revising the three-dimensional reference design of the part or modifying a manufacturing process for the part.

Abstract: Disclosed herein are systems and methods for sharing and synchronizing virtual content. A method may include receiving, from a host application via a wearable device comprising a transmissive display, a first data package comprising first data; identifying virtual content based on the first data; presenting a view of the virtual content via the transmissive display; receiving, via the wearable device, first user input directed at the virtual content; generating second data based on the first data and the first user input; sending, to the host application via the wearable device, a second data package comprising the second data, wherein the host application is configured to execute via one or more processors of a computer system remote to the wearable device and in communication with the wearable device.

Abstract: An automotive body weight reduction method includes: acquiring an automotive body model including automotive parts modeled by a plurality of elements and joining points; obtaining sensitivity of each element; determining a dividing position of the automotive parts and/or the automotive parts to be integrated based on the sensitivity of each element; dividing and/or integrating the automotive parts, and generating an optimization analysis model; setting an objective regarding a body mass of the optimization analysis model and a constraint regarding automotive body performance of the optimization analysis model, and setting a load and constraint condition given to the optimization analysis model; and performing the optimization analysis of the sheet thickness under the load and constraint condition and the optimization analysis condition set in the sheet thickness optimization analysis condition setting step, and obtaining an optimized sheet thickness of each of the automotive parts in the optimization analysis

Abstract: A method and a transport system transports unit loads from a source position to a target region by autonomous guided vehicles. In this process, a unit load is transported in accordance with a transport order from a source position to a waiting location by a guided vehicle, which waiting location is assigned to the target region in accordance with the order. If the target region is free from another guided vehicle, the unit load is deposited at one of the storage locations of the target region. Here, an assignment of a unit load to a vacant storage location is derived from the arrival of the autonomous guided vehicles in the target region.

Abstract: A strength prediction system for a multilayer material with n films stacked includes an input portion where one or more values are entered. The values include the elastic modulus of each layer, Poisson's ratio, Young's modulus, thickness, stacking angle, principal stress direction strength, and the total thickness of the multilayer material. The strength prediction system also includes a control portion that calculates the strength of a multilayer material by applying the values entered in the input portion, a display connected to the control portion, and a storage portion connected to the control portion. The control portion defines a strength value of a multilayer material. A method for predicting the strength of a multilayer material having two or more films stacked thereto is also provided.

Abstract: Disclosed herein is a method for calculating a time to establish a phase change of a material in a predetermined container arrangement subject to a heating arrangement.

Abstract: A computer-implemented method to insert components into a process graphic of an industrial automation system, the method including: receiving a data signal indicating a drawing input in a working area of a graphical platform shown on a computer display; identifying the working area of the drawing input; identifying at least one characteristic of the drawing input, predicting at least one candidate component from a list of available components stored in a data storage that best matches the at least one characteristic of the drawing input, and providing a list of the at least one candidate component on the computer display.

Abstract: Disclosed are an intelligent simulation device for bottom sediment pollution process and control as well as an experimental method. The device includes an experimental flume to which a water inlet tank and a water return tank are connected; a wave-making system, an illumination system, a dosing system and an aeration system; an environmental condition parameter online monitor capable of determining water environmental parameters online; an online water quality index analyzer for monitoring water quality indexes in real time; a water automatic sampling device for automatically collecting water samples in a single or cycle mode; an offline analyzer capable of determining water quality indexes of the collected water samples or physical-chemical indexes of sediments; and an automatic control module for automatically controlling various devices. Further disclosed is an experimental method based on the intelligent simulation device for bottom sediment pollution process and control.