Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data-all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: Described is a technology that enables a customer, who uses a payment card in a transaction and further provides an identifier in the same transaction, to use the identifier as a payment mechanism in future transactions. In some embodiments, the technology involves communication between a customer's user device, a payment service system (PSS), and one or more merchant point-of-sale (POS) systems. A merchant POS system collects information in a transaction between the merchant POS system and the customer, including the customer's contact information (e.g., telephone number), and forwards this information to the PSS. The PSS stores the information as an identifier, and the identifier is stored in association with the payment card. In a second transaction, the PSS sends a verification request to the user device based on the identifier (e.g., a text message), and processes the transaction upon confirmation from the customer.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information.

Abstract: A software development infrastructure can enable user developers to select remote hardware devices at a remote datacenter to develop and test software programs, such as web or mobile applications. The developer can remotely install an application on a selected remote device and observe a mirrored display of the remote device on a browser local to the developer. The software development infrastructure can enable the developer to test offline mode workflows of the application by blocking network traffic to and from the application but allowing network transmission to and from a streaming application installed on the remote device.

Abstract: Computer-implemented methods and systems are disclosed for receiving and indexing a plurality of files for later querying, for dynamically generating scripts to be executed during a query of a data store, and for horizontally distributing a query and aggregating results of the distributed query.

Abstract: Computer-implemented methods and systems are disclosed for receiving and indexing a plurality of files for later querying, for dynamically generating scripts to be executed during a query of a data store, and for horizontally distributing a query and aggregating results of the distributed query.

Abstract: An information handling system includes a processor and a memory module. The memory module operates with a base set of functions and is configurable to operate with an expanded set of functions. The memory module includes a data storage location to store expansion capability certificates that specify subsets of the expanded set of functions to enable. The processor creates an expansion capability certificate that includes a first unique identifier of the information handling system, a second unique identifier of the memory module, and a subset of the expanded set of functions, and provides the expansion capability certificate to the memory module. The memory module receives the first expansion capability certificate, stores the expansion capability certificate to the data storage location, and enables the subset of the expanded set of functions in response to storing the expansion capability certificate.

Abstract: A method for personalizing reviews for a user on a social network, comprising the steps of: receiving from at least two or more users a rating and a recommendation for a reviewable item, wherein the rating is numerical value in a rating scale, and wherein a recommendation is a binary endorsement; receiving a request from a user to view the ratings and recommendations for one or more reviewable items; and determining a combined rating and a combined recommendation for all users of the social network at one or more social degrees for the one or more reviewable items.

Abstract: A computer-implemented method includes producing medical information that characterizes a group of individuals from a set of private data representing pre or post-encounter characteristics of the individuals, wherein the individuals have had encounters with a healthcare facility. The identity of the individuals is unattainable from the produced medical information. The method also includes providing the produced medical information to report the pre or post-encounter characteristics of the group.

Abstract: A node is provided that is configured to interact with one or more other nodes to implement a distributed authentication protocol. The node is configured to receive data that is indicative of use of a physical asset, generate a usage fee to be assigned to one or more owners of the physical asset in dependence on the use data and record that usage fee in a data corpus authenticated by the distributed authentication protocol.

Abstract: A method for the organizing, managing, mapping, distributing, transportation and displaying of multi-layered content and/or data in a tactile volumetric (three-dimensional), flat (two-dimensional) and/or multi-dimensional container and/or panel which functions as a macro controller through tactile, sensatory, audible and/or other forms of user control. This includes the means to manipulate content and/or data through a visual and/or multi-sensatory interface that stores content and media in a nested and sub-nested hierarchical container and sub-container array which can give real-time feedback to any involved party. These containers and/or panels provide a means to permanently move and validate content between servers, devices and/or users, while giving a real-time visual and/or multi-sensatory response and representation to that user. This system also provides a means to ingest and convert legacy media formats.

Abstract: Systems and methods are described for connection throttling between peripherals and centrals. Connections may enable bi-directional communication between a peripheral and a central to allow for updates to or configuration of the peripheral. The peripheral can send broadcasts to centrals. The broadcasts may contain metadata indicating a time period since the peripheral last connected to a central, a maximum connection distance, and a transmit power or signal strength indicator. The central may use the transmit power or signal strength indicator to determine a distance from the central to the peripheral and may determine whether the distance is within the maximum connection distance. The central may determine to connect to the peripheral based on time and distance thresholds being satisfied. Upon establishing of a successful connection, the central can update or configure the peripheral.

Abstract: Systems and methods for generating a playlist on a device for a user of a music service are provided. In embodiments, a method includes initiating an online mode of the music service, where the device is connected to a music service server, and storing, in a cache memory of the device, at least one media object accessed by the user using the music service. The method further includes identifying the at least one media object as satisfying a pre-designated condition, and in response, automatically adding the at least one media object to a playlist stored in the cache memory. The method also includes receiving an indication, via a user interface of the device, to initiate an offline mode of the music service, where the device is not connected to the music service server, and upon initiating the offline mode, enabling playback of the playlist from the cache memory.

Abstract: Certain aspects of the technology disclosed involve providing a virtual machine instance with license management data to identify and differentiate various virtual machine instances. A virtual appliance may generate license management data in response to a triggering event of a virtual machine. The triggering event may include any of a migration, clone, snapshot, or request via a representational state transfer endpoint. The virtual machine may provide the license management data to a license server and a licensed application configured to run on the virtual machine. The license management data may be used in resource management systems, such as a license management system, to defeat licensing exploits in a cloud computing environment.

Abstract: A method, an apparatus, and a system for testing a terminal. The method includes: receiving a smart card switching instruction; acquiring a card channel identifier from the smart card switching instruction; switching a connected-card channel to a target card channel corresponding to the card channel identifier when the target card channel corresponding to the card channel identifier is a contactless card channel; receiving a data request for a terminal test; acquiring, through a first relay repeater, response data in response to the data request, from a smart card to be tested within the target card channel; and sending, through a second relay repeater, the response data to the terminal whereby accomplishing the terminal test.

Abstract: An innovative system for transmitting encrypted 1-bit audio over an Ethernet network comprises using an omni-directional micro-electrical-mechanical system acoustic sensor element to provide an analog input signal to a sigma-delta modulator that then creates a pulse density modulated 1-bit data stream, at an audio oversampling rate, to a first input of a first exclusive-or (XOR) logic gate. The second input of the XOR logic gate is simultaneously presented with a first pseudo-random 1-bit data stream, at the same audio oversampling rate, thereby resulting in an encrypted pulse density modulated (PDM) 1-bit data stream at the output of the XOR logic gate. The encrypted PDM 1-bit data stream is clocked into a first-in first-out (FIFO) memory at the audio oversampling rate and is clocked out of the first FIFO memory as Ethernet PDM frame data packages at a predetermined Ethernet PHY transfer rate.

Abstract: In an object tracking device, an object detection unit detects an object from video data using a plurality of object detection programs of different detection accuracy. The object tracking unit tracks the object from the detected position of the object by the object detection unit. The control unit controls the object detection programs used by the object detection unit based on the detection result of the object by the object detection unit and the tracking result of the object by the object tracking unit.

Abstract: According to one aspect of the present disclosure, a print service relays an authentication request and a document acquisition request received from a multi-function printer to a document management service, and transmits authentication information and information of printing result acquired from the document acquisition request to the document management service. The document management service transmits a result of an authentication process, a document, and charge information to the print service based on a request received from the print service, stores and manages the information of print result received from the print service in association with a user account, and performs a process for charging a user for the printing later based on the information of print result.

Abstract: A computer-implemented method of identifying an individual independently of the individual's personally identifying information includes providing independent data stores for elements of personal identifying information for a population and fuzzy searching the data stores independently for the elements. Each data store associates each element value and its known variations with a unique static code. The search returns the unique static code associated with each of the elements found and a new independent code is generated if no code is found. The returned 10 codes are concatenated to form a person code. The person codes link information to produce a relationship between disparate data without a master database of people and PII.

Abstract: Systems, computer program products, and methods are described herein for the convergent distribution of electronic digital certificates. The present invention may be configured to generate electronic digital certificates associated with artifacts, store the electronic digital certificates on a distributed ledger, and record, on the distributed ledger, interests of the users in the electronic digital certificates. The present invention may be configured to receive a request from at least one user of the group of users to combine ownership of the electronic digital certificates. The present invention may be configured to generate, based on the request and based on the electronic digital certificates, a combined electronic digital certificate. The present invention may be configured to store the combined electronic digital certificate on the distributed ledger.

Abstract: An electronic device including a display device configured to render first content. The electronic device is communicably coupled to the display device and controls one or more imaging devices to receive one or more images from the one or more imaging devices. The electronic device further determines a first position of one or more living objects within a pre-defined region from the display device, based on the received one or more images and the rendered first content. The electronic device further controls an orientation of the display device towards the determined first position of the one or more living objects.

Abstract: Systems, computer program products, and methods are described herein for the divergent distribution of electronic digital certificates. The present invention may be configured to generate an electronic digital certificate associated with an artifact, store the electronic digital certificate on a distributed ledger, and record, on the distributed ledger, an interest of the user in the electronic digital certificate. The present invention may be configured to receive a request from the user to divide ownership of the electronic digital certificate amongst a group of users. The present invention may be configured to determine shares in the electronic digital certificate by determining for each user of the group of users a share of the shares. The present invention may be configured to record, on the distributed ledger and based on the shares, interests of the group of users in the electronic digital certificate.

Abstract: In some implementations, a device may receive a request for a plurality of documents that are associated with an individual or entity. The device may perform a search for the plurality of documents in one or more document repositories. The device may store, based on a determination that a first document, of the plurality of documents, is available in a document repository, of the one or more document repositories, information indicating that the first document is available in the document repository. The device may determine, based on a determination that a second document, of the plurality of documents, is not available in the one or more document repositories, a procedure that is to be used for obtaining the second document. The device may perform the procedure for obtaining the second document based on determining the procedure that is to be used for obtaining the second document.

Abstract: Techniques are described for managing communications between multiple intercommunicating computing nodes, such as multiple virtual machine nodes hosted on one or more physical computing machines or systems. In some situations, users may specify groups of computing nodes and optionally associated access policies for use in the managing of the communications for those groups, such as by specifying which source nodes are allowed to transmit data to particular destinations nodes. In addition, determinations of whether initiated data transmissions from source nodes to destination nodes are authorized may be dynamically negotiated for and recorded for later use in automatically authorizing future such data transmissions without negotiation. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: Disclosed are systems and methods for network configuration management systems and methods. In some embodiments, the discloses systems and methods may involve receiving data from one or more nodes within a particular network. The data may include, for example, topology, telemetry, geographical, and other data relating to the nodes, the network, and/or the functionality of the nodes or network. Once received, such data may be cleaned and processing may be performed on the data. Such processing may involve clustering the data into groups based on various parameters and performing forecasting on the data to determine future usage rates and capacity information, for example. The clustering and forecasting results may be fed to a rules engine and/or an optimization engine, which may then determine appropriate actions to take on the network (e.g., changes to various nodes in terms of technology and/or number of nodes).

Abstract: Provided are systems and methods enabling enrollment in promotions via a tokenization platform. In one example, the method may include establishing a network communication channel between a tokenization platform and a digital wallet of a user device, transmitting a promotion from the tokenization platform to the digital wallet on the user device via the established network communication channel, receiving authorization to accept the promotion at the tokenization platform from the digital wallet on the user device, and identifying tokenized payment account information of the digital wallet stored at the tokenization platform and automatically transmitting information about the tokenized payment account information of the digital wallet information from the tokenization platform to a promotion enrollment system associated with the promotion.

Abstract: Described are techniques for generating and employing decentralized asset identifiers for cross-blockchain network asset transfers, the techniques including registering a decentralized asset identifier to an asset with a local asset identifier, where the decentralized asset identifier is immutable. The techniques further include endorsing a proposed transaction for transferring the asset from a first controller associated with a first blockchain network to a second controller associated with a second blockchain network, where the proposed transaction utilizes the decentralized asset identifier. The techniques further include exchanging, in a document associated with the decentralized asset identifier and retrieved from an identity network, the first controller for the second controller.

Abstract: Tracking software usage through the following operations: calculating current digests of common libraries used by software programs and obtaining digital signatures of tracking information of the software programs comprising identifiers of their common libraries and the corresponding current digests; responses are returned to calls for the software programs in association with the corresponding tracking information and digital signatures. A corresponding method under the control of a client comprises receiving a response to a call for a software program in association with the corresponding tracking information and digital signature. The common libraries of the software program are tracked according to a verification of the digital signature and of the current digests against corresponding reference digests. Computer programs and computer program products for performing the methods are proposed. Moreover, corresponding server computing system, client computing system and computing infrastructure are proposed.

Abstract: A system including: a transceiver; a boot processor configured to: capture an image of a container of the system, determine whether the system container image has been modified, and post, to a node of a distributed ledger network, a first attestation based on a determination of whether an anomaly exists in the system container image; a system processor; and a memory storing instructions that instruct the system processor to: receive a request to connect to an external device, request a second attestation from a node of the distributed ledger network as to whether an anomaly exists in the external device container image, determine whether an anomaly exists in the external device container image, and either: establish, in response to determining that an anomaly does not exist, a connection with the external device, or deny the request to connect to the external device in response to determining that an anomaly exists.

Abstract: Described herein are methods, systems, and computer-readable storage media for generation of a secure and dynamically mutable operating system. Techniques include receiving a request to execute an application causing instantiation of an operating system by identifying one or more needed modules that include core kernel modules and operating system service modules that are dynamically plugged-in or unplugged based on the execution of the application. Techniques may further include assigning a separate memory space with a separate virtual address for each of the one or more modules, generating a unique cryptographic key for each of the one or more modules, storing each virtual address and corresponding unique cryptographic key together. Further the operating system generation system encrypts each of the one or more modules using their corresponding unique cryptographic key.

Abstract: A system may include a plurality of camera devices configured to acquire image data associated with a property. The system may also include a processor that receives the image data from the plurality of camera devices, receives insurance policy data associated with the property from a database, and adjusts one or more terms of the insurance policy data based on the image data.

Abstract: This disclosure covers systems and methods that administer a digital survey to respondents who interact with a biometric sensor to collect and convert biometric data into behavioral and physical characteristics of the respondents. In certain embodiments, by converting biometric data into respondent characteristics, the disclosed systems and methods identify various unwritten or nonverbal responses of survey respondents who respond to a digital survey or who interact with a display medium that captures survey data. To facilitate review of respondents' characteristics and responses, in some embodiments, the disclosed systems and methods further categorize the converted respondent characteristics within a response database for the digital survey.

Abstract: A computer-implemented method includes receiving, by a storage system, encrypted data and a set of key identifiers. Each key identifier is associated with information specifying a storage location for which the key identifier is authorized. The method also includes storing, by the storage system, the encrypted data in at least one storage location and receiving, by the storage system, at least one key identifier of the set of key identifiers with a data access request. The method includes determining, by the storage system, whether the data access request is authorized for the at least one key identifier.

Abstract: Embodiments relate to systems and methods for cloud-based brokerage exchange of software entitlements. A user can host on-premise software applications on physical hardware, and extend those applications to the cloud based on a set of entitlements developed in conjunction with the vendor(s) of the software. The set of entitlements enjoyed by the user and/or offered by the vendor(s) can be exposed to a bidding marketplace via a brokerage engine and associated bidding service, which can be hosted on a Web site. Other users, and/or other vendors interesting in consuming or supplying premise or loud-based images of the software, or related services, can be to obtain or supply those resources through the brokerage service. The license terms including usage rates, number of users or images, security constraints, and/or other terms of software delivery and usage can be recorded in a dynamically updated entitlement database.

Abstract: A software development infrastructure can enable user developers to select remote hardware devices at a remote datacenter to develop and test software programs, such as web or mobile applications. The developer can remotely install an application on a selected remote device and observe a mirrored display of the remote device on a browser local to the developer. The software development infrastructure can enable the developer to test offline mode workflows of the application by blocking network traffic to and from the application but allowing network transmission to and from a streaming application installed on the remote device.

Abstract: A digital artwork display device, a digital artwork management method, and an electronic device are provided. The digital artwork display device includes a registration circuit, a transaction circuit, and a file decryption circuit. The registration circuit is configured to apply for a device identifier and a device public-private key pair, and the device public-private key pair includes a device public key and a device private key. The transaction circuit is configured to acquire a use license, and the use license includes the device identifier and a content key ciphertext obtained by encrypting a content key by using the device public key. The file decryption circuit is configured to decrypt the content key ciphertext in the use license by using the device private key to obtain the content key, and decrypt an encrypted file by using the content key to obtain an original file.

Abstract: Methods and systems for network communication are disclosed. Proxy information may be received. The proxy information may facilitate a gateway device communicating as a proxy for a user device.

Abstract: Routing log-based information between production servers and logging servers is disclosed. A log entry for a logging server is generated at a production server. A shard identifier is computed for a shard associated with the logging server based on application of a hashing algorithm to properties associated with the production server. The hashing algorithm and properties are selected to prevent or minimize the likelihood of computing of the same shard identifier by another production server for the same shard associated with the logging server. The log entry is transmitted to the shard associated with the logging server. A determination is made that the logging server has malfunctioned by detecting that the log entry transmitted to the shard is absent. In response, another shard identifier is computed for another shard of another logging server and a subsequent log entry from the production server is transmitted to the another shard of the another logging over. No load balancers are used by the routing system.

Abstract: Aspects of the present disclosure involve a system and a method for performing operations comprising: receiving, by a messaging application, content from a given user; selecting a metric for measuring performance of the content on the messaging application; measuring performance of the content on the messaging application; computing a value of the performance of the content on the messaging application based on the selected metric; and updating a restricted use token wallet stored in a profile for the given user based on the computed value of the performance of the content.

Abstract: Methods and apparatus for secure software defined storage are disclosed. An example apparatus includes memory and a processor to access a read request for data written to a software defined storage location, obtain the requested data from the software defined storage location, perform a classification operation on the requested data to obtain classification data corresponding to the requested data, the classification data to represent whether the requested data includes personally identifiable information, in response to determining that the requested data includes personally identifiable information, apply data loss prevention to the requested data to create response data, determine whether a client requesting the data from the software defined storage location is authorized to access the requested data, and in response to determining that the client requesting data is authorized to access the requested data, transmit the response data to the client.

Abstract: Systems and methods for distribution of enterprise software and compensation for usage of the enterprise software are disclosed. Exemplary implementations may: store information including executable code of software applications; receive user input from administrative users regarding eligibility of individual software applications for different users; facilitate execution of different eligible software applications as selected by the different users; monitor billable execution of the software applications; determine compensation amounts that correspond to monitored billable execution; and presenting information to a given administrative user regarding the determined compensation amounts.

Abstract: Systems, apparatuses, and methods for implementing a metadata tweak for channel encryption differentiation are disclosed. A memory controller retrieves a device-unique identifier (ID) from a memory device coupled to a given memory channel slot. The memory controller uses the device-unique ID to generate a tweak value used for encrypting data stored in the device. In one scenario, the device-unique ID is embedded in the address bits of the tweak process. In this way, the memory device can be migrated to a different memory channel since the data can be decrypted independently of the channel. This is possible since the device-unique ID used for the tweak operation is retrieved from the metadata stored locally on the memory device. In one implementation, the memory device is a persistent dual in-line memory module (DIMM). In some implementations, the link between memory controller and memory device is a compute express link (CXL) compliant link.

Abstract: Techniques and apparatus for managing remote attestation of infrastructure components based on a customer controlled dynamic attestation policy are described. One technique includes receiving a user-specified configuration for managing remote attestation of infrastructure component(s) hosted in a cloud computing environment. The user-specified configuration indicates information related to managing the life-cycle of the infrastructure component(s). For example, the user-specified configuration can indicate attributes associated with the infrastructure component(s), criteria for validating an attestation policy for the infrastructure component(s), criteria for rotating an attestation policy for the infrastructure component(s), etc. An attestation policy for each infrastructure component is generated, based on the user-specified configuration. The attestation policy for each infrastructure component indicates which of the attributes to use during remote attestation of the infrastructure component.

Abstract: Installing and running an application for a terminal are described. A method for installing and running the application includes uploading an application to an application store. The method further includes downloading, by a terminal, the application from the application store, wherein the terminal is connected to the application store by a network. Furthermore, the method includes authorizing, by a terminal management server (TMS) coupled to the terminal and the application store via the network, the terminal to install and run the downloaded application.

Abstract: A method is performed to regulate access to electronic content based on content usage telemetry data. A first computer receives, from a second computer system, a request for access to electronic content. The first computer system determines, based on an access profile associated with the second computer system, that the second computer system is authorized to access the electronic content. A first authorization message indicating that the second computer system is authorized to access the electronic content is transmitted from the first computer system to the second computer system. The first computer system receives, from the second computer system, content usage telemetry data including data items indicating metrics of use of the electronic content by the second computer system. The first computer system modifies the access profile of the second computer system based on the content usage telemetry data.

Abstract: According to embodiments of the present disclosure, there is provided an edge authentication node, a central authentication node, a method implemented in each node, a system including each node, and a corresponding computer-readable storage medium for license authentication. The method implemented in the edge authentication node includes: receiving a license authentication request from a client node, the license authentication request includes client fingerprint information associated with the client node; decrypting, based on the client fingerprint information, a license certificate associated with the client node generated by the central authentication node, so as to obtain license information associated with the client node; and transmitting a license authentication response to the client node based at least partially on the license information obtained.

Abstract: A secondary authentication system and computer-implemented method for obtaining real-time cardholder authentication of a payment transaction associated with a cardholder's payment card includes a memory device for storing data and a processor communicatively coupled to the memory device. The processor is programmed to receive a payment authorization request message including a primary account number corresponding to a payment account of the cardholder for funding the payment transaction. In addition, the processor is programmed to determine whether the payment account requires secondary authentication by the cardholder for the payment transaction, and if, based on the determination, the payment account requires secondary authentication of the payment transaction, place the payment transaction on hold.

Abstract: Consumption of online content is tracked to increase a likelihood that the user is paying attention. A request is received from a remote processing device to begin receiving content, and a block of content is assembled, the block of content having a known content playback duration. Additionally, a post block verification duration is associated with the block of content. The assembled block of content is communicated to the remote processing device for playback thereon, and a perception indicator is collected during playback of the block of content. The collected perception indicator is compared against a perception threshold. Also, a post block verification is performed immediately after playback of the block of content for the post block verification duration. A contingency result is then determined based upon the comparison of the perception indicator to the perception threshold, and whether a valid feedback is received within the post block verification duration.

Abstract: A method for personalizing reviews for a user on a social network, comprising the steps of: receiving from at least two or more users a rating and a recommendation for a reviewable item, wherein the rating is numerical value in a rating scale, and wherein a recommendation is a binary endorsement; receiving a request from a user to view the ratings and recommendations for one or more reviewable items; determining a combined rating and an combined recommendation for all users of the social network at one or more social degrees for the one or more reviewable items; and displaying, by a user interface, the combined rating and combined recommendation for all users of the social network at one or more social degrees for the one or more reviewable items.

Abstract: Systems and methods for text-to-speech audio processing and audio transduction include compiling a digital data collection program to be distributed to computing device(s), the compiling including receiving data collection information that includes textual data of query(s) to be included in the digital data collection program and implementing text-to-speech data processing of the textual data that generates audio data of the query(s). The compiled digital data collection program that includes the generated audio data is distributed to the computing device(s) for execution thereby facilitating displaying, via a user interface of a user device, the query(s) and facilitating providing, via the electroacoustic transducer, an audio output of the audio data corresponding to the displayed query(s). Response data input by a user of the user device and received in response to the query(s) is collected and aggregated with additional response data collected from other user(s) of the computing device(s).