Abstract: Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.

Abstract: Systems, methods, and non-transitory computer-readable media are provided for data analysis. A user interface comprising boards corresponding to one or more objects and one or more operations on the input and/or output objects of the boards can be generated for high-scale top-down data analysis.

Abstract: A non-transitory computer-readable medium stores computer-readable instructions executable by a processor of an information processing device communicably connected with an image processing apparatus and a cloud server. The computer-readable instructions realize an application configured to, when executed by the processor, cause the processor to perform, in response to receiving an import instruction to import a workflow, reading, from an export file, workflow information representing the workflow that is a sequence of processes using the image processing apparatus and the cloud server, and selecting one of a plurality of methods to obtain authentication information for accessing the cloud server to perform the workflow represented by the read workflow information, and access, in response to receiving a workflow execution instruction to perform the workflow, the cloud server by using the authentication information obtained in the selected method.

Abstract: Mechanisms for mitigating damage resulting from a website being an intermediary in a cyberattack, comprising: detecting a domain name server query made to the website; making a request to the website; receiving a header in response to the request; inspecting the header to identify a software stack component of the website; cross-referencing the software stack component to a common vulnerabilities and exposures (CVE) database to identify a CVE that applies to the software stack component; applying a rule to determine the impact of the CVE on whether the website is a possible intermediary in a cyberattack; determining that the website is a possible intermediary in a cyberattack; and taking action on the website to mitigate damage resulting from the website being an intermediary in a cyberattack.

Abstract: An active attestation apparatus verifies at runtime the integrity of untrusted machine code of an embedded system residing in a memory device while it is being run/used with while slowing the processing time less than other methods. The apparatus uses an integrated circuit chip containing a microcontroller and a reprogrammable logic device, such as a field programmable gate array (FPGA), to implement software attestation at runtime and in less time than is typically possible with comparable attestation approaches, while not requiring any halt of the processor in the microcontroller. The reprogrammable logic device includes functionality to load an encrypted version of its configuration and operating code, perform a checksum computation, and communicate with a verifier. The checksum algorithm is preferably time optimized to execute computations in the reprogrammable logic device in the minimum possible time.

Abstract: A non-transitory computer-readable medium stores computer-readable instructions executable by a processor of an information processing device communicably connected with an image processing apparatus and a cloud server. The computer-readable instructions realize an application configured to, when executed by the processor, cause the processor to perform, in response to receiving an import instruction to import a workflow, reading, from an export file, workflow information representing the workflow that is a sequence of processes using the image processing apparatus and the cloud server, and selecting one of a plurality of methods to obtain authentication information for accessing the cloud server to perform the workflow represented by the read workflow information, and access, in response to receiving a workflow execution instruction to perform the workflow, the cloud server by using the authentication information obtained in the selected method.

Abstract: A computer platform is disclosed. The computer platform comprises a non-volatile memory to store fuse override data; and a system on chip (SOC), coupled to the non-volatile memory, including a fuse memory to store fuse data and security micro-controller to receive the fuse override data and perform a fuse override to overwrite the fuse data stored in the fuse memory with the fuse override data.

Abstract: In one example, an electronic device may include a power source to supply power to a peripheral device, a sensor circuit to monitor a power consumption of the peripheral device, and a controller coupled to the sensor circuit to detect that the power consumption of the peripheral device is greater than a threshold and generate a popup message on a user interface of the electronic device based on the detection. The popup message may include an option. Further, the controller may direct the power source to continue to provide the power to the peripheral device in response to a determination that the option is selected prior to an expiration of a timer.

Abstract: Disclosed is a method for managing database permissions, the method including: obtaining a login account that successfully logs in to a first database, where the first database is a relational database built in with permission management and is pre-configured with an external table that has a mapping relationship with a second database; ascertaining management permissions of the login account based on pre-configured management permission information; determining whether a management operation on the external table by the login account exceeds the management permissions of the login account; and if the management operation by the login account does not exceed its management permissions, permitting the management operation, and synchronizing the management operation to the second database based on the mapping relationship between the external table and the second database. Further disclosed are a system and a device for managing database permissions, as well as a computer-readable storage medium.

Abstract: A detection circuit, including a first connecting terminal, an SPI bus, and a security component, is provided. The first connecting terminal is configured to be detachably connected to the main board. The security component is coupled to the first connecting terminal and the SPI bus. The security component forms a first loop with the main board, and is configured to detect a loop state of the first loop. The security component locks the SPI bus when the first loop is being detected by the security component to be disconnected.

Abstract: The disclosed technology relates to a system configured to compute a difference between a remote tree data structure representing a server state for content items associated with an account on a content management system and a sync tree data structure representing a known synchronization state between the content management system and the computing system. The system is configured to generate, based on the difference, a set of operations that when performed on the computing system update the content items stored on the client device to converge a file system state on the computing system and the server state.

Abstract: A platform's central instance manager (IM) receives microservice requests issued to a common application shared between various tenants. Embodiments function to co-locate within a same database, the persistence containers of different microservice instances of a specific tenant. The central IM associates a corresponding tenant identifier with microservice request instances created. Referencing this assigned tenant identifier, the central IM maintains an external configuration file comprising a mapping of services (m) and tenants (n), to relevant persistence container service instances. Such mapping permits the allocation of tenant-specific microservice data for storage within persistence containers of a particular database. This co-location of data promotes flexibility, allowing tenants to furnish database structures tailored to their individual needs.

Abstract: The embodiments of the present application provide a permission management system, a permission management method, and an electronic device. First, at least two unlocking passwords are set on the electronic device, and each unlocking password corresponds to a working mode. Then, the user permission for application software on the electronic device is configured for each working mode. Finally, upon receiving the correct input unlock password, the electronic device is unlocked and the working mode corresponding to the input unlock password is started. The embodiments of the present application can protect the personal privacy of a user by means of setting the access permission of the application software of the electronic device.

Abstract: A data analysis system is proposed for providing fine-grained low latency access to high volume input data from possibly multiple heterogeneous input data sources. The input data is parsed, optionally transformed, indexed, and stored in a horizontally-scalable key-value data repository where it may be accessed using low latency searches. The input data may be compressed into blocks before being stored to minimize storage requirements. The results of searches present input data in its original form. The input data may include access logs, call data records (CDRs), e-mail messages, etc. The system allows a data analyst to efficiently identify information of interest in a very large dynamic data set up to multiple petabytes in size. Once information of interest has been identified, that subset of the large data set can be imported into a dedicated or specialized data analysis system for an additional in-depth investigation and contextual analysis.

Abstract: A system receives a media sample. The system then identifies a critical portion of the media sample. The media sample is split into a verification sample comprising the critical portion of the media sample. The verification sample is decomposed into a first and second layer. A first hash value is generated based on the first layer by applying a hash function to a first code element from the verification sample. A second hash value is generated based on the second layer by applying the hash function to a second code element from the verification sample. A blockchain transaction is generated comprising a profile associated with the user. The transaction is stored as a block in a blockchain ledger.

Abstract: A digital brand asset system is provided enabling a brand owner to create, distribute, maintain, manage, merchandise and analyze smart brand assets. The system enables distribution and sharing of smart brand assets across the websites. The websites can host webpages containing codes representing the smart brand assets. When a user device retrieves a webpage from one of the websites and renders the webpage, it executes the codes and requests the content of the smart brand assets from a brand asset server. Through the brand asset server, a brand owner can control the content and the presentation of the smart brand asset hosted by the websites, based on various factors such as previous click through rates, aggregated shopper behaviors, geographical locations of the websites or website visitors, categorized types of websites, blacklist of websites.

Abstract: A system receives a login sample. The login sample is decomposed into first and second layers. A verification media sample is decomposed into first and second layers. The system determines that the first layer of the login sample does not match the first layer of the verification sample, that the second layer of the login sample does not match the second layer of the verification sample, or both. First and second critical portions are extracted from the login sample. A first and second login hash are generated from the first and second critical portions. A first and second ledger hash are retrieved from a blockchain ledger. It's determined that the first login hash does not match the first ledger hash, the second login hash does not match the second ledger hash, or both. The user is flagged.

Abstract: Methods, systems, and media for a platform for collaborative processing of computing tasks. The method includes sending, to client devices, a one or more client applications including program code associated with an interactive application and a machine learning application. When executed, the program code causes the client devices to generate a user interface for the interactive application; request, using the generated user interface, inputs from a user of the client devices; receive the requested inputs; process, using computing resources of the client devices, at least part of the machine learning application; and transmit data associated with results of the received inputs and the processing of at least part of the machine learning application. The method further includes receiving and processing the data associated with the results of the received inputs and the processing of at least part of the machine learning application to process the computing tasks.

Abstract: In accordance with some embodiments, an apparatus for privacy protection is provided. In some embodiments, the apparatus includes a first device including a receiver configured to receive audio signals, a memory configured to store one or more criteria, and a processor configured to process the received audio signals based on the stored criteria in the memory. The apparatus further includes a second device in communication with the first device, wherein the first device, upon detecting one or more audio sound patterns, is configured to send a notification to the second device.

Abstract: An information processing system, a service providing system, and a user creation method. The information processing system creates a second user belonging to a second tenant in response to reception of a request for managing the second tenant from a terminal device operated by a first user, the second tenant being different from a first tenant to which the first user belongs.

Abstract: The provided systems and methods attempt to address possible issues with the use of third party applications with software as a service (SAAS) platforms, namely that lack of performance of third party app hosting infrastructure running the third party applications can affect multiple clients on the SAAS platform. In order to least mitigate this, third party app providers can create and upload their scripts to the SAAS platform for execution on the SAAS platform. The scripts must conform with extension points within SAAS functionality that are predefined. During execution, when the extension point is reached, the script is run on the SAAS platform instead of making an API call to the application on the third party app hosting infrastructure.

Abstract: A storage port receives a login request. The storage port configures an audit mode indicator as enabled in a login response to a host port to enter a security enabled mode to indicate to the host port that Input/Output (I/O) operations are to be transmitted from the host port to the storage port even if authentication or security association negotiation with the storage port cannot be completed successfully.

Abstract: A microcode signature security management system based on a Trustzone technology comprises the steps of: starting a normal operating system; acquiring the signature-encrypted microcode file and outputting the signature-encrypted microcode file and a switching signal by the normal operating system; receiving the switching signal and starting the monitor mode by the microprocessor to start a secure operating system; receiving the signature-encrypted microcode file, performing signature verification on the signature-encrypted microcode file, loading the file when the signature verification passes, otherwise outputting microcode error information when the signature verification fails by the secure operating system. The security of microcode is ensured on the basis of a secure operating system safety environment to which a system layer is inaccessible.

Abstract: At an object storage service, one or more security rules to be implemented for a request directed to an unstructured object are identified, including a content query-based rule. The query-based rule indicates a query predicate and a security enforcement action. A value of an attribute is extracted from the unstructured object using a rule obtained via a programmatic interface, and used to verify that the predicate is satisfied. The security enforcement action is then implemented.

Abstract: Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system having a database management system (DBMS) with a database and a query pre-parser. A processing application is configured to process a request from a tenant system and route the processed request as a query to the query pre-parser. The query pre-parser is configured to decrypt a sensitive data part of the query, generate a modified query including the decrypted sensitive data part, generate a database query using the modified query, and transmit the database query to the database.

Abstract: Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized.

Abstract: A method of controlling use of network-connectable devices is provided. First network requests from a first user device executing a first operating system are monitored, and applications operating in the foreground on the first user device during the first network requests are monitored. A model is trained based on the first network requests and based on the applications respectively operating in the foreground on the first user device during the first network requests. Second network requests from a second user device executing a second operating system are monitored, and the model is applied to the second network requests from the second user device to determine a particular application operating in the foreground on the second user device. A function of the second user device is restricted based on the determining of the particular application operating in the foreground on the second user device.

Abstract: Systems and methods for embodiments of graph based and machine learning artificial intelligence systems for generating access item recommendations in an identity management system are disclosed. Embodiments of the identity management systems disclosed herein may utilize a graph based approach, a machine learning based approach, and hybrid combinations thereof for generating access item recommendations.

Abstract: Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system and the host system includes a key management system (KMS) and a metadata service system (MSS). The KMS and the MSS are communicatively coupled to each other. The system further includes a database management system (DBMS) having a database, a query pre-parser, and a results handler. The query pre-parser and the results handler are communicatively coupled to the KMS and the MSS, and the system also includes a processing application configured to process at least some data received from a tenant system.

Abstract: In an example, a machine-readable medium includes instructions that, when executed by a processor, cause the processor to order, as part of an execution of a trusted process, a plurality of processes into a sequence comprising a first process, at least one intermediate process, and a last process. The machine-readable medium may further comprise instruction to cause the processor to generate, as part of an execution of the first process, a value based on a code portion of the process following the first process in the sequence, and to generate, as part of an execution of each intermediate process, a respective value based on the value generated by the process preceding the intermediate process in the sequence and based on a code portion associated with the process following the intermediate process in the sequence.

Abstract: Systems for performing a security assessment of a target computing resource, such as a virtual machine or an instance of a virtual machine, include a scanning service that facilitates duplication of all or a portion of the target computing resource, and then performs the security assessment on the duplicate computing resource to avoid consuming processing time, processing power, and storage space of the target computing resource. A snapshot of the target computing resource, containing the data necessary to reproduce the portion to be assessed, is captured and used to implement the duplicate computing resource in newly allocated resources. The snapshot can be an image of a logical volume implementing the target computing resource. To reproduce a target virtual machine, the snapshot may include a configuration used to instantiate the target virtual machine; the scanning service may implement a duplicate virtual machine that is instantiated with the same configuration.

Abstract: Provided are systems, methods, and devices for implementing a central platform for enterprise applications and software as a service (SaaS). Methods include retrieving, using one or more processors of a central computing platform, one or more update data objects. Methods also include identifying, using the one or more processors, a configuration of a customer portal interface. Methods further include retrieving, using the one or more processors, current configuration data associated with the customer portal interface, the current configuration data characterizing a configuration and settings of an application program interface (API) an instance of application data associated with a distributed application. Methods also include generating, using the one or more processors, one or more custom input data objects based, at least in part, on the current configuration data associated with the customer portal interface.

Abstract: Control of a prompt for a credential to unlock a computer-readable storage device is provided. Some embodiments permit identifying a component that encrypted the computer-readable storage device and, depending on the identified component, prompting for such a credential. One embodiment can determine that a firmware encrypted the computer-readable storage device and can prompt for a password, for example, to unlock the computer-readable storage device during a boot-up process performed by the firmware. Other embodiments can determine that an operating system encrypted the computer-readable storage device, and can avoid the presentation of a prompt for a password, for example, during a boot-up process performed by the firmware. The computer-readable storage device can be a self-encrypting drive (SED) or another type of disk drive.

Abstract: A mobile computing device includes: a housing having a recess configured to receive a latch of a charging cradle to lock the mobile computing device in the charging cradle; a set of charging contacts configured to engage with corresponding power connectors of the charging cradle; and a processor configured to: responsive to detecting an unlock event, determine whether an unlock condition is satisfied; and when the unlock condition is satisfied, cause the charging cradle to release the latch.

Abstract: A system for providing hardware-based cybersecurity for ‘smart’ devices includes a security device implemented without the use of microprocessors for critical security functions and an electrically separable device for removal or disconnection of certain security functions. The security device acts a security bridge between the microprocessor core(s) of the protected system and the rest of the protected system. The security device controls access to a protected storage area that holds microprocessor code and/or data for the protected system, and blocks or otherwise prevents execution of any code not present in the protected storage area. The electrically separable device is cryptographically matched to a single instance of a protected system and contains circuitry required to load, remove, or alter any information in the protected storage area. The electrically separable device can also be used for secure communication over a public network to and from the protected system.

Abstract: There may be provided a computer-implemented method. It may be implemented at least in part using a blockchain network such as, for example, the Bitcoin network.

Abstract: Code of a particular application is analyzed against a semantic model of a software development kit of a particular platform. The semantic model associates a plurality of application behaviors with respective application programming interface (API) calls of the particular platform. A set of behaviors of the particular application is identified based on the analysis of the code and a particular one of the set of behaviors is identified as an undesired behavior. The particular application can be automatically modified to remediate the undesired behavior. The particular application can be assigned to one of a plurality of device modes, and access to the particular application on a user device can be based on which of the plurality of device modes is active on the user device.

Abstract: A digital assistant includes an extensibility client that interfaces with application extensions that are built by third-party developers so that various aspects of application user experiences, content, or features may be integrated into the digital assistant and rendered as native digital assistant experiences. Application extensions can use a variety of services provided from cloud-based and/or local sources such as language/vocabulary, user preferences, and context services that add intelligence and contextual relevance while enabling the extensions to plug in and operate seamlessly within the digital assistant context. Application extensions may also access and utilize general digital assistant functions, data structures, and libraries exposed by the services and implement application domain-specific context and behaviors using the programming features captured in the extension.

Abstract: A method executed by a voice decoding device includes the following steps: receiving and determining whether an identification data is correct; if the identification data is incorrect, showing a decoding array, including plural characters, wherein positions of the plural characters are randomly distributed; receiving a numerical voice command, wherein the numerical voice command includes plural arranged decoding characters in regular turn; determining whether the numerical voice command corresponds to a preset decoding trace; arranging the plural decoding characters corresponding to the decoding array to form an arranged trace; when the arranged trace is the same as the decoding trace, unlocking the voice decoding device. By randomly displaying the decoding array, the invention permits a user to speak the sequence corresponding to the preset decoding trace so that unauthorized users cannot decode the voice decoding device by eavesdropping the pin, so as to achieve the better anti-theft effect.

Abstract: Passwords are used in various system access applications in order to ascertain that the user seeking access to a system resource is indeed the person with said access. Passwords are usually supposed to be entered through a keyboard and are a combination of alphanumeric values. With the advent of devices equipped with visual displays and touch inputs, it is possible to create a system which utilizes a person's visual memory to authenticate the person. A system and method is described which uses multiple images to perform authentication. This system does not require its user to input a text value as a password. The password is created by user's actions. These actions are in the form of selecting a segment on a displayed image. Few different systems are described. One system is capable of creating variable passwords which by design keep changing from one authentication attempt to another. Another system uses one high resolution image to effectively hide the password in an image with lots of detail.

Abstract: A system includes a secure storage database maintaining a plurality of secure data, a storage access interface, and an access controller. The storage access interface receives a first request to retrieve a first secure data from the secure storage domain. The access controller receives the first request; determines, using a first access module, if the first request satisfies a first access condition based on the first secure data requested to be retrieved; extracts, from the first request, an indication of a role of a user associated with the first request; initializes, responsive to receiving the first request, a second access module; determines, using the second access module, if the first request satisfies a second access condition based on the indication of the role of the user; and outputs the first secure data responsive to the first request satisfying the first access condition and the second access condition.

Abstract: Systems and methods for authenticating access to multiple data stores substantially in real-time are disclosed. The system may include a server coupled to a network, a client device in communication with the server via the network and a plurality of data stores. The server may authenticate access to the data stores and forward information from those stores to the client device. An exemplary authentication method may include receipt of a request for access to data. Information concerning access to that data is stored and associated with an identifier assigned to a client device. If the identifier is found to correspond to the stored information during a future request for access to the store, access to that store is granted.

Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.

Abstract: The systems and methods of distributed backup on a private network, comprising: establishing a secure and encrypted private network with one or more profile computing devices; establishing a whitelist of trusted profiles on a first profile computing device; selecting two or more profiles from the whitelist to backup information from the first profile computing device; tracking any updates to the network address of the selected profiles for backup; tracking information on remote profile computing devices that originated from the first profile computing device; sending differential information for backup that does not exist on other remote profile computing devices to the selected profile computing devices.

Abstract: According to one embodiment, an electronic device includes a first cursor button, a second cursor button, and a processor. The processor prompts a user to select a first direction by selecting one of the first cursor button or the second cursor button, and assigns the first direction to the first cursor button and a second direction to the second cursor button when the first cursor button is selected.

Abstract: A method of dynamic adaptive authentication includes receiving a request from a user to access a resource of a network and determining whether the resource is protected. In response to determining that the resource is protected, a dynamic authentication chain is generated. The dynamic authentication chain includes a plurality of authentication schemes that are arranged in a particular order. The method also includes challenging the user with the dynamic authentication chain and receiving a set of credentials from the user based at least in part on the particular order of the dynamic authentication chain. The method includes determining whether the set of credentials satisfies the dynamic authentication chain. In response to determining that the set of credentials satisfies the dynamic authentication chain, the user is authenticated.

Abstract: The present disclosure provides a mobile terminal and a radio frequency fingerprint identification apparatus and method thereof. The apparatus comprises a plurality of fingerprint identification units disposed under the touch screen, a power supply control module and a fingerprint identification control module. The touch screen of the mobile terminal is configured for obtaining area information of a finger touching area when receiving a touch operation instruction. The fingerprint identification control module is configured to generate a fingerprint identification area according to the received area information. The fingerprint identification area corresponds to at least part of the plurality of fingerprint identification units, and the at least part of the plurality of the fingerprint identification units are defined as target fingerprint identification units. The power supply control module is triggered to supply power to the target fingerprint identification units so as to collect fingerprint information.

Abstract: An apparatus and a method for detecting a touch input to a touchscreen and distinguishing between different types of touch inputs are provided. The method includes detecting the input to a touch screen of the terminal, and determining an input type that is input to the touch screen based on characteristics of the input.

Abstract: Embodiments described herein disclose methods and systems for authorizing transactions received from client applications. The transaction request can include a first access token. After validating the first access token, the system can determine whether additional authentication is needed to authorize the transaction. If additional authentication is needed, the system can determine the authentication requirements. Once the additional authentication is received and verified, the system can generate a second access token and authorize the transaction by releasing the first access token.

Abstract: The disclosed embodiments relate to systems and methods for secure and efficient resource access using distributed directory caching techniques. Techniques include obtaining, from a directory service, client directory data associated with a client; providing the client directory data to a computing device associated with the client for caching on the computing device; identifying a request from the client; receiving, from the computing device, the client directory data that was cached on the computing device; and evaluating the request based on the received client directory data.