Abstract: Provided is a database archiving method. According to the exemplary embodiment of the present invention, a database archiving method includes: selecting at least one record group including a plurality of records from an original table from which data is archived, based on selection information on at least one of a time and a field value; storing group compression data compressed to be created for every record group and the selection information corresponding to the group compression data in a compression table, with respect to each of at least one selected record group; and deleting a plurality of records included in at least one selected record group from the original table.

Abstract: Systems, methods, and computer-readable media are disclosed for testing a software application. An exemplary method includes storing a control file identifying a test case for testing a software application. A first expected result may be extracted from a device storing expected results of the software application, the first expected result being identified by the control file. A first actual result may be extracted from a device storing actual results output by the software application, the first actual result being identified by the control file. The first expected result may be compared with the first actual result to determine whether the first actual result matches the first expected result. A result file indicating whether the test case passed or failed is generated, and the test case has passed when the first actual result matches the first expected result. The result file may be stored in a storage device.

Abstract: The subject technology receives one or more requests to execute one or more requested transactions on a journal table of a database, the journal table comprising a snapshot and a log table. The subject technology, based on the one or more requests, inserts a new row into the log table for each requested transaction, each new row reflecting a corresponding requested transaction. The subject technology receives, after the one or more requested transactions have been executed, a second request to execute a second requested transaction on the journal table. The subject technology generates, prior to executing the second requested transaction, a second snapshot, the second snapshot comprising a second representation of data in the journal table after the one or more requested transactions have been executed, the second snapshot stored in a third micro-partition different than the first micro-partition and the second micro-partition.

Abstract: The subject technology defines a journal table of a database, the journal table comprising a snapshot and a log table, the snapshot comprising a representation of data in the journal table at a particular time, the log table comprising a listing of requested changes to the journal table since the particular time, the snapshot stored in a first micro-partition, the log table stored in a second micro-partition. The subject technology receives, after at least one first requested transaction has been executed, a request to execute a second requested transaction on the journal table. The subject technology generates, prior to executing the second requested transaction, a second snapshot, the second snapshot comprising a second representation of data in the journal table after the at least one first requested transaction has been executed, the second snapshot stored in a third micro-partition different than the first micro-partition and the second micro-partition.

Abstract: Techniques are disclosed relating to storage of network event information for multiple tenants. In some embodiments, one or more host computer systems are configured to maintain a plurality of containers operable to isolate network event information of a plurality of tenants from others of the plurality of tenants. The plurality of containers includes a first container that includes a first database executable to store network event information for a first of the plurality of tenants, and a second container that includes a second database executable to store network event information for a second of the plurality of tenants. In some embodiments, a management computer system is configured to receive, from the first tenant, a request to access network event information of the first tenant and route the request to a host computer system maintaining the first container to cause the first database to service the request.

Abstract: Approaches to using unstructured input to update heterogeneous data stores include receiving unstructured text input, receiving a template for interpreting the unstructured text input, identifying, using an entity classifier, entities in the unstructured text input, identifying one or more potential parent entities from the identified entities based on the template, receiving a selection of a parent entity from the one or more potential parent entities, identifying one or more potential child entities from the identified entities based on the template and the selected parent entity, receiving a selection of a child entity from the one or more potential child entities, identifying an action item in the unstructured text input based on the identified entities and the template, determining, using an intent classifier, an intent of the action item, and updating a data store based on the determined intent, the identified entities, and the selected child entity.

Abstract: A method to prevent the inadvertent removal of volumes on a storage system is disclosed. In one embodiment, such a method includes receiving a request to remove (e.g., delete, detach, unmask, etc.) a volume on a storage system. In response to receiving the request, the method initiates at least one process to monitor the volume for I/O activity over a specified period of time. In the event the at least one process does not detect I/O activity to the volume during the specified period of time, the method executes the request by removing the volume. In the event the at least one process detects I/O activity to the volume during the specified period of time, the method denies the request to remove the volume. A corresponding system and computer program product are also disclosed.

Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, scanning by another set of security rules. The server then executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system or blocking transmission.

Abstract: Current plagiarism checkers can determine if a document has extensively copied from another but these checkers fail when a document is filled with synonyms. The present invention offers a means of detecting plagiarism involving the use of synonyms or heaving paraphrasing. A source passage from a pertinent corpus is modified by generating augmented tokens which include synonyms for the various terms in the passage. Text analysis may be required to confirm the semantic meaning of a term. The modified passage may be a regular expression. The modified passage can then be compared to a suspect passage using a trigram scorer. If possible plagiarism is detected, an alert message is sent to a reviewer with the passage of interest, the source passage, and an identification of the related corpus.

Abstract: IoT devices within a commercial real-estate or residential building environment may be connected through networks, such as a Building Automation and Control network (BACnet). Systems and methods according to this disclosure provide automatic discovery of IoT devices and relationships in commercial real-estate and residential buildings and integration of the BACnet devices into the digital twin of the building. In some implementations, an IoT gateway is configured to translate the communication received from the BACnet to an IoT cloud platform and configured to normalize the data across the different security platforms into a consistent format which enables integration and interoperability of the different building system platforms that may otherwise be operating in isolation from each other.

Abstract: Application performance can be simulated based on captured application-specific traffic flows through a managed network. Traffic flows may be captured across the managed network and associated with a particular application. The captured flows can be used to generate trend lines and models. The generated trend lines and models may be used to simulate application performance responsive to changes in network characteristics and provided to a user through a graphical user interface as a graph. The user may then adjust simulated network characteristics through the graphical user interface to perform various hypothetical network simulations.

Abstract: An end-to-end data curation system and the various methods used in linking, matching, and cleaning large-scale data sources. The goal of this system is to provide scalable and efficient record deduplication. The system uses a crowd of experts to train the system. The system operator can optionally provide a set of hints to reduce the number of questions sent to the experts. The system solves the problem of schema mapping and record deduplication in a holistic way by unifying these problems into a unified linkage problem.

Abstract: A method for signing a message, comprising performing a first Multi-Party Computation (MPC) process by multiple parties to compute a pseudorandom function, an input of the first MPC process comprises shares of a private signing key, each share is held by each party, the message is an input value to the pseudorandom function. The output of the first MPC process comprises multiple pairs of shares, each party holding a pair of shares, wherein each pair comprises a first value used for the MPC signing process and a second verifying value used for verifying correctness of the values provided by the multiple parties for the MPC signing process, and computing the signature on the message by performing an MPC signing protocol on the message, the MPC signing protocol receives as input shares of the output of the pseudorandom function from the multiple parties, and the message to be signed.

Abstract: A method for performing initial registration is provided. The method includes receiving a server timeout message, the server timeout message including at least a field set to a value equal to a value received during a first registration. The method further includes initiating restoration procedures by performing an initial registration.

Abstract: Example embodiments relate to forecast resource utilization. The example disclosed herein receives the first actual resource utilization, detects its pattern and trend, and determines the first forecasted resource utilization. Furthermore, a second actual resource utilization is received and its pattern is detected. Moreover, it is determined whether to forecast a new resource utilization.

Abstract: A computer-implemented method includes: obtaining, by a data party, a piece of plaintext to be encrypted; generating a ciphertext file including multiple pieces of ciphertext, each piece of ciphertext being derived from a homomorphic encryption algorithm executed on the piece of plaintext; adding a first file identifier of the ciphertext file to a file identifier set corresponding to the piece of plaintext; and in response to a piece of ciphertext derived from the piece of plaintext being needed for a cooperative calculation in which the data party is participating: obtaining the first file identifier from the file identifier set corresponding to the piece of plaintext, reading a first piece of ciphertext from the ciphertext file identified by the first file identifier, and sending the first piece of ciphertext to a partner participating in the cooperative calculation.

Abstract: Techniques for recovering lost clusters are described herein. In particular, this disclosure describes techniques for generating an allocation bitmap. The allocation bitmap may be used to recover lost clusters on a mounted volume.

Abstract: Aspects of the disclosure relate to processing systems using natural language processing with improved dataset filtering and sanitization techniques. A computing platform may receive a dataset file and commands directing the computing platform to sanitize the dataset file. In response to the commands, the computing platform may identify confidential information contained in the dataset file using named entity recognition and one or more dynamic entity profiles, extract the confidential information, and replace the confidential information with non-confidential information to produce a sanitized dataset file. Based on identifying the confidential information contained in the dataset file, the computing platform may update the dynamic entity profiles. The computing platform may send the sanitized dataset file to the target environment host server, causing the target environment host server to use the sanitized dataset file in a testing environment that is prohibited from containing confidential information.

Abstract: In one embodiment, a device in a network receives anomaly data regarding an anomaly detected by a machine learning-based anomaly detection mechanism of a first node in the network. The device matches the anomaly data to threat intelligence feed data from one or more threat intelligence services. The device determines whether to provide threat intelligence feedback to the first node based on the matched threat intelligence feed data and one or more policy rules. The device provides threat intelligence feedback to the first node regarding the matched threat intelligence feed data, in response to determining that the device should provide threat intelligence feedback to the first node.

Abstract: Various embodiments relate to a method and apparatus automated production management, the system including a storage device configured to store data and program instructions; and a processor configured to receive data from a production asset and process the data, detect an event from the data, add a record to an edge blockchain, determine whether an action is required based on the event, communicate the action to the production asset, add a record to the edge blockchain and transmit edge blockchain to an enterprise information system to be stored in a core blockchain.

Abstract: A storage system in one embodiment comprises a plurality of storage devices and a storage controller. The storage controller is configured to scan data pages and associated metadata structures of the storage system, the metadata structures comprising at least a first metadata structure associating unique hash identifiers with physical locations of respective data pages in the storage system and a second metadata structure associating the physical locations of respective data pages with hash digests of the data pages and the unique hash identifiers. The storage controller is further configured to detect an error in one of the first and second metadata structures. Responsive to the detected error, the storage controller recovers a corresponding portion of the metadata based at least in part on one or more entries of the other one of the first and second metadata structures.

Abstract: Embodiments for managing, serving, and applying logging adapters for applications are described. An administrator for an application can establish mappings between the application and adapters that handle log events from the application. When the application executes, it can get these mappings and use them to obtain the corresponding adapters. The adapters can have a configuration function and a logging function. The configuration function can be executed once per-execution of the application to establish a global state for the logging function of that adapter. The configuration function can receive configuration data provided with the mappings. Thereafter, as the application generates log events, they can be passed to the logging functions of the mapped adapters, which execute to perform logging such as analytics functions, on the events, whether locally or by sending the events to third parties.

Abstract: Systems, apparatuses and methods may provide for technology that assumes, by a root of trust located in a trusted region of a system on chip (SOC), control over a reset of the SOC and conducting, by the root of trust, an authentication of an update package in response to an update condition. The root of trust technology may also apply the update package to firmware located in non-volatile memory (NVM) associated with a microcontroller of the SOC if the authentication is successful.

Abstract: Techniques for limiting synchronization conflicts during file synchronization in a computing system are described herein. In one embodiment, a method includes detecting a change to a local copy a computer file on a client device. The local copy is associated with a local token. The method also includes obtaining a server token associated with a server copy of the same computer file on a file server and determining whether the local token matches the server token. If the local and server tokens match each other, the method includes uploading the local copy to the file server to overwrite the server copy even though the server copy contains a change to the computer file that is different than a change to the local copy of the same computer file.

Abstract: A mura detection device includes an XYZ coordinate system conversion unit which receives a photographed image of a display device and converts the photographed image into XYZ image data according to XYZ chromatic coordinates, a background image generation unit which generates background image data obtained by removing a part of the XYZ image data, a color difference calculation unit which generates color difference image data by comparing the photographed image and the background image data, and a mura data generation unit which calculates a color mura index value using the color difference image data.

Abstract: Systems and methods for solid-state storage drive-level failure prediction and health metric are described. A plurality of host-write commands are received at a solid-state storage device. A number of drive-writes per day based on the on the plurality of host-write commands is determined. An aggregated amount of degradation to one or more internal non-volatile memory components based on the number of drive-writes per day is determined. Using a machine-learned model, a probability of failure value based on a set of parameter data and the aggregated amount of degradation to the non-volatile memory component is generated. An alert is generated, based on the probability of failure value or degradation threshold.

Abstract: The present invention provides computer implemented method, system, and computer program product of switching servers without interrupting a client command-response queue.

Abstract: A computer implemented method for initializing a secondary database system includes receiving table state information from a primary database system at a secondary database system. The table state information includes information identifying which tables had an open operation during a savepoint event. Metadata associated with the tables is parsed to identify table state information from the metadata and a lock is created for each table identified as having an open operation during the savepoint event. Afterwards, log transaction information is sequentially parsed. Related apparatus, systems, techniques and articles are also described.

Abstract: Methods and systems for cryptographically secured data validation. The system includes a first validator. The first validator is designed and configured to receive a first instance of an immutable sequential data structure containing at least a first digitally signed textual element containing at least a first physical asset transfer field populated with a at least a first physical asset transfer datum and at least a second digitally signed textual element generated by a second validator. The first validator authenticates the first instance of the immutable sequential data structure. The first validator generates at least a second validity indicating a determination by the first validator as to the accuracy of the at least a first physical asset transfer field. The first validator detects a conflict between the at least a first validity flag and the at least a second validity flag. The first validator transmits to the at least a second validator an indication of the conflict.

Abstract: A computer system and a computer-implemented method is provided for authoring a requirements document for a product or service. The requirements document includes one or more components for the product or service. Each component is described using one or more requirements statements. An online tool is used to provide electronic templates to view and/or modify features of the requirement statements. A common data structure is used to store attributes associated with portions of the requirements statements. The common data structure is accessible by the online tool to author the requirements document.

Abstract: A method, apparatus and computer program product for use in monitoring and controlling network behavior of Internet of Things (IoT) devices connected to a network. According to this approach, a set of network characteristics of an IoT device (e.g., as published by the device manufacturer) are assigned various risk values and then monitored over an initial time period to generate a “fingerprint” of the device's network flow. This flow is then transformed into one or more flow control rules representing “normal” or abnormal behavior of the IoT device. Preferably, the rules are instantiated into a network boundary control system (NBCS), such as an enterprise router, gateway, or the like, and then enforced, e.g., to generate alerts or others actions when the rules are triggered. The approach enables dynamic and automated threat detection and prevention based on anomalous and/or known-bad behavior.

Abstract: Techniques described herein relate to systems and methods of data storage, and more particularly to providing layering of file system functionality on an object interface. In certain embodiments, file system functionality may be layered on cloud object interfaces to provide cloud-based storage while allowing for functionality expected from a legacy applications. For instance, POSIX interfaces and semantics may be layered on cloud-based storage, while providing access to data in a manner consistent with file-based access with data organization in name hierarchies. Various embodiments also may provide for memory mapping of data so that memory map changes are reflected in persistent storage while ensuring consistency between memory map changes and writes. For example, by transforming a ZFS file system disk-based storage into ZFS cloud-based storage, the ZFS file system gains the elastic nature of cloud storage.

Abstract: A system and method to control access to data are disclosed. A request for a subject to perform an action on an object is received. A determination is made whether a policy for the subject limits the action to an object with integrity protection. The action is performed based on determining the object has integrity protection. The request is rejected based on determining the object does not have integrity protection.

Abstract: One of the objects of the present invention is to provide a semiconductor measurement apparatus capable of obtaining a measurement result that appropriately reflects the deformation of a pattern even if plural causes for the deformation of the pattern exist together. In order to attain the above object, the semiconductor measurement apparatus is proposed in the following way. The semiconductor measurement apparatus is capable of measuring the dimensions between plural measurement points of different positions of the edge of a reference pattern and plural corresponding points of the circuit pattern of an electronic device, in which the corresponding points correspond to the plural measurement points.

Abstract: A differentially private security system communicatively coupled to a database storing restricted data receives a database query from a client. The database query includes a relation indicative of data to perform the query upon and at least one privacy parameter indicative of a level of differential privacy with which to perform the query. The differentially private security system determines a noise type for the query. The differentially private security system determines a representation of probabilistic privacy loss for the query based on the determined noise type. The differentially private security system determines a privacy spend for the query using the generated representation of probabilistic privacy loss. The differentially private security system determines whether the determined privacy spend exceeds a privacy budget associated with the client.

Abstract: Systems, methods, and computer-executable instructions for synthesizing programs using a prefix of an output. A specification of a task to synthesize a program in a domain specific language (DSL) is received. The specification includes an input and a corresponding prefix of the output. Programs for the task are synthesized. The synthesizing includes generating sub-goals based on the specification. Each of the synthesized programs include a solved subset of sub-goals and each sub-goal includes a symbol in the DSL. The symbol is transformed based on the DSL. The sub-goals are solved based on the transforming of the symbol using the input and the corresponding prefix of the output to generate the synthesized programs. The prefix of the output matches a prefix of an output from each of the plurality of synthesized programs.

Abstract: The disclosure involves a method comprising clustering a plurality of observation samples related to historical travel demands into one or more clusters; for each cluster, constructing an actual probability distribution of the historical travel demands corresponding to the observation samples in the cluster; for each cluster, inputting observation samples in the cluster into a prediction model for predicting future travel demands to produce a result of prediction; for each cluster, computing a predicted probability distribution of the historical travel demands corresponding to the observation samples in the cluster based on the result of prediction; for each cluster, evaluating a difference between the actual probability distribution and the predicted probability distribution of the cluster; and modifying the prediction model so that a statistical sum of the differences for the one or more clusters is decreased.

Abstract: The subject matter discloses a system for enforcing correctness of a derivation key, comprising multiple computerized nodes, comprising a storage module configured to store a share of a key used as an input of a function generating the derivation key, a communication module configured to exchange information between the multiple computerized nodes, and a processing module configured to receiving a request to create the derivation key, performing an MPC process between the multiple computerized nodes, said MPC process is performed multiple times, in each time the MPC process comprises receiving the key shares as input, randomly selecting a function, outputting the outputs of the selected function to the multiple computerized nodes, the multiple computerized nodes lack access to the selected function, the multiple computerized nodes perform computations on the received outputs and exchange outputs of the computations to estimate correction of the key shares inputted into the MPC process.

Abstract: Systems and methods of improving the operation of a test data provisioning network and test data provisioning network devices is disclosed. A data hub layer comprising an interstitial logic boundary at a periphery of a consumption environment and configured to interact with a production environment whereby test data may be provisioned without direct access by a user to the production environment. In this manner, the efficiency and resiliency of the production environment may be enhanced and the test data may be improved, so that the network more properly functions according to approved parameters.

Abstract: A data management system verifies the accuracy of data retrieved from a primary data store using a checksum tree stored by a secondary data store. A checksum tree is a tree graph that represents a hierarchy of checksums. Leaf nodes of the checksum tree can store checksums for data blocks stored by the primary data store and secondary data store, and parent nodes can represent checksums of their respective child nodes. The data management system can compare reference subtrees within the checksum tree to comparison subtrees that are generated from data retrieved from the primary data store to determine whether the retrieved data is accurate. The data management system can also use the checksum tree to identify which, if any, of the retrieved data blocks are inaccurate.

Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.

Abstract: A system for performing an integrated data quality control is disclosed. The system determines a dataflow path for one or more input data elements. The, the system performs a lineage control check, a timeliness control check, and a variation control check on the dataflow path. If the dataflow path integrated scoring of the three controls is sufficient, the system determines that data related to the dataflow path is fit for use. If the dataflow path fails any one of the three checks, the system determines that data related to the dataflow path is not fit for use.

Abstract: Methods, systems, and computer program products for assessing value of one or more data sets in the context of a set of applications are provided herein. A computer-implemented method includes selecting analytic applications of interest based on a characterization of data attributes of each of the available data sets; automatically determining an impact of each of the data attributes of each of the available data sets on an end value of each of the analytic applications of interest; automatically computing an amount of improvement to the end value of each of the analytic applications of interest based on inclusion of an additional data set; and automatically determining a value attributed to the additional data set based on a comparison of (i) the cost of adding the additional data set to the available data sets to (ii) the computed amount of improvement based on the inclusion of the additional data set.

Abstract: A novel software updating method is provided. A target file is divided into segments, where some segments are updated by patching, while other segments are updated by archiving. The segmentation of the update allows very large files such as DYLD shared caches to be patched in-place, i.e., by using free space available within the file to perform patching rather than requiring enough free space on disk to store both the new version and the old version of the file. The segmentation of the update also allows each segment to be updated individually by the most optimal update method (copy, patch, or archive) so that the size of the update file can be minimized.

Abstract: A computer implemented method is provided for capturing and replaying a database workload by obtaining a workload capture file comprising execution context information generated in a database system and replayable to replicate the workload, generating a modified workload capture file by generating modified execution context information, replaying the modified workload capture file by generating at least one read statement based on the modified workload execution information and issuing at least one read statement to a primary database system having an associated secondary database system, determining that the at least one read statement may be routed to the secondary database system for execution, and routing the read statement to the secondary database system for execution. Related apparatus, systems, techniques and articles are also described.

Abstract: One example method includes discovering an application instance on a host, reporting the existence of the application instance, discovering application components of the application instance, and mapping the application components to information concerning an underlying filesystem and information concerning an underlying physical drive. The example method additionally includes freezing the application instance in response to a first instruction, and then thawing the application instance in response to a second instruction.

Abstract: A testing technique tests and compares malware detection capabilities of network security devices, such as those commercially available from a variety of cyber-security vendors. Testing is conducted on test samples in a “blind” fashion, where the security devices do not know beforehand whether the test samples are “live” malware or benign network traffic. The test samples are received from a remote server and potentially represent malicious attacks against a testing network. Notably, for truly blind testing, embodiments of the testing technique employ a mixture of malware and benign test samples, as well as addressing subterfuge, to prevent the security devices from being able to reliably determine maliciousness of the test samples based on a source of any of the samples.

Abstract: A method, system and computer program product for managing a file system includes a plurality of allocation areas of loaded allocation trees to serve a request per file system drive for a transaction group. The system also includes a module configured to move a loaded allocation tree to an unloading tree in the event the loaded allocation tree will not satisfy the request. The system additionally includes a module configured to select and place in a loading tree queue a most eligible unloaded tree based on a weight of each unloaded tree. The system further includes a module to asynchronously process the loading tree queue and an unloading tree queue threads parallel to a storage pool allocator sync process. Allocation areas are attached in a circular ring of loaded allocation trees. Space map trees are converted into fixed size areas for constant latency loading logs and creating index trees.

Abstract: Systems, methods, and apparatuses described herein are directed to sharing vehicle obstacle data between vehicles and/or between vehicles and a central server. Vehicles may include sensors capturing data including, but not limited to, speed, direction, acceleration, deceleration, LIDAR data, RADAR data, SONAR data, camera data, GPS data, etc. In some implementations, acceleration of a vehicle above a threshold, such as braking or swerving, may trigger the transmission of sensor data to other vehicles and/or infrastructure devices. Vehicles that receive the transmitted data may determine a validity of the data, and may incorporate the data into operations of the receiving vehicle based at least in part on the validity of the data. Validity of the data may be based on sensor type, elapsed time or distance between detection of an obstacle or event and reception of data, a number of retransmissions, duplicative data, independent sources of data, etc.

Abstract: In one example method, which may be performed by a data integrity check entity, a request is received to perform a data integrity check with respect to a backup dataset created by the data protection entity. Next, an information set is accessed that was created by a data protection entity concerning the backup dataset. The backup dataset and information contained in the information set are analyzed and, based on the analysis, a data integrity problem is identified that resulted from a data corruption event involving the backup dataset. Finally, results of the analysis of the backup dataset and the information set are reported to the data protection entity.