Abstract: A two staged, two output data conversion system synchronizes resources between IAM systems (including CIAM systems). For the first stage of the conversion process, data is obtained for each resource and stored in an interim file. For the second stage of the conversion process, the data is converted twice to create two output files: one output for a source IAM system and one output file for a destination IAM system.

Abstract: A system and method of protecting communication in a mesh network of nodes. The method including receiving a request from a joiner node of the mesh network to join the mesh network. The method including validating permissions for the joiner node responsive to receiving the request. The method including acquiring one or more dictionary objects based on the permissions. The method including granting, by a control node of a mesh network, access rights for the joiner node to join the mesh network by transmitting an access rights message comprising the one or more dictionary objects to the joiner node, wherein the access rights message causes the joiner node to locally store the one or more dictionary objects and use the one or more dictionary objects when communicating with one or more nodes of the mesh network.

Abstract: Systems and methods may involve processing of entity data by machine learning models to produce one or more entity and/aggregate risk scores and/or aggregate anticipated risk scores, which may be compared to one or more thresholds to determine when one or more predefined actions should be taken. The entity data may be collected for various entities related to an exam registration and delivery process, which may include a candidate, an exam, a test center, an exam registration event, a proctor, and an exam delivery event. The exam registration and delivery process may include multiple states—each being associated with a different set of entities. Aggregate risk scores for a given state may be calculated using only entity data for the set of entities associated with that state. The predetermined actions taken may also be dependent on the current state.

Abstract: Embodiments include a search and match computing system configured to: access, from a third party computing system, a query regarding at least one entity; determine if the query is a structured query or an unstructured query; process the query with at least one of an application programming interface configured to receive structured queries or a second application programming interface receive unstructured queries; initiate a search and match application configured to execute queries on at least one of: a relational data scheme or a non-relational data scheme; receive search results from the at least one of: the relational data scheme or the non-relational data scheme; and process the received search results to generate an output data packet for access by the third party computing system.

Abstract: A central computer system transforms identification information of a consumer into an identity code that hides the identification information and stores it with contact information of a consumer's computer system. When a computer system on the network of the central computer system conducts a transaction with a subject who uses the identity code of the consumer, the central computer system contacts the consumer's computer system so that the consumer can stop the transaction if it is not authorized. Because only the identity code is used to protect the consumer, the original identification information of the consumer is fully protected.

Abstract: Systems and methods for providing rewards to a user are provided. Providing rewards to the user may include receiving transaction data associated with a user's purchase, determining a merchant and a category associated with the transaction data, and assigning the transaction data to a merchant icon or a badge icon in a graphical user interface. The merchant icon or the badge icon may comprise a progress bar that indicates the user's progress in reaching a milestone associated with the icon. Based on the transaction data, a number of loyalty points of a number of transaction points may be assigned to the merchant icon or the badge icon, respectively. Further, based on whether a total number of loyalty points exceeds a first threshold or a total number of transaction points exceeds a second threshold, a reward may be generated to the user when the first or second threshold is exceeded.

Abstract: An AI adversary red team configured to pentest email and/or network defenses implemented by a cyber threat defense system used to protect an organization and all its entities. AI model(s) trained with machine learning on contextual knowledge of the organization and configured to identify data points from the contextual knowledge including language-based data, email/network connectivity and behavior pattern data, and historic knowledgebase data. The trained AI models cooperate with an AI classifier in producing specific organization-based classifiers for the AI classifier. A phishing email generator generates automated phishing emails to pentest the defense systems, where the phishing email generator cooperates with the AI models to customize the automated phishing emails based on the identified data points of the organization and its entities. The customized phishing emails are then used to initiate one or more specific attacks on one or more specific users associated with the organization and its entities.

Abstract: Methods and a system of generating a master seed using location-based data. The system includes a pseudo-random number generator configured to generate a random number and a global positioning system module configured to determine a location of the system. The system also includes an encryption module configured to generate a signing request message. The signing request message includes the random number and the location. The system further includes a communication device configured to transmit the signing request message to a location authority for authorization. The communication device further configured to receive a signature from the location authority upon authorization of the signing request message. The system is further configured to generate a master seed based on the signature.

Abstract: USB Timer Boards and methods for backing up digital data from a host system onto storage devices which are automatically selected on an individual basis for digital connection, data exchange, data storage on a scheduled basis, and then digitally disconnected. When the storage devices are not selected and connected for backup data transfer and storage, the storage devices remain offline and not visible to the host system. USB Timer Boards and methods which backup data on one of a number of offline storage devices by connecting a selected storage device, backup data onto it and then disconnecting it, in order to isolate the backed-up data and optionally allow a different storage device to be used for the next back up event. The USB Timer Boards and methods include a real time clock and battery to allow the USB Timer Board to retain the exact date and time settings during power-off events.

Abstract: An electronic device according to various embodiments of the present invention comprises a communication module, a processor, and a memory which stores a control list for a plurality of devices controllable through a communication network and which is operably connected to the processor, wherein the memory that are configured, when executed, to cause the processor to perform authentication for a first terminal in response to a control authority configuration request for controlling at least one device of the plurality of devices in a first terminal, transmit authentication information about the first terminal to the at least one device of the plurality of devices included in the control list, and configure a control right of the first terminal for the at least one device. In addition, embodiments other than the various embodiments of the present invention are possible.

Abstract: A resource server system granting to users access to a resource based on the very fact that the users' computing systems can demonstrate that they heard an audio signal. Specifically, the resource server system detects receipt of a message from a client computing system, and interprets the message as representing that the client computing system heard an audio signal. In response, the resource server system grants a user of the client computing system access to the resource. This may be performed for multiple client computing systems that each demonstrate that they heard the audio signal. Thus, the principles described herein allow for the granting of access to resources to other computing systems within the audible proximity of a computing system that transmitted the audio signal.

Abstract: A method for verifying and validating identifiable attributes of a user includes electronically receiving the attributes of a user and verifying their authenticity. The attributes are also validated by confirming each matches a corresponding evidenced based attribute. An internal unique identity number is assigned in concert with authenticated user attributes. Access to the identifiable attributes having the identifier is only permitted by the user or a designee of the user. A level of confidence is established from a ranking of the validated attributes. An authenticated digital identity is then formed from the identifiable validated attributes, and a level of confidence for the authenticated digital identity is established from the ranking.

Abstract: Described herein are techniques are provided for enabling a security orchestration, automation, and response (SOAR) service to automatically manage apps used to interface with an integrated security operations service and other related devices and services. Further described herein is a SOAR app generator service or application used to automate the creation of apps for a SOAR service based on application programming interfaces (API) specifications for related devices or services, as well as visual playbook editor interfaces for a SOAR service that enable the configuration of complex action input parameters including arrays and objects.

Abstract: User identification with blended response from dual-layer identification service. In one embodiment, a server comprising an electronic processor configured to detect an access request by a user of a user interface device, retrieve a plurality of input profile records from an input profile record repository, perform an identification of the user with one or more passive biometrics models and the plurality of input profile records that are retrieved, generate an identification response and an additional identification request based on an outcome of the identification of the user, control the communication interface to transmit the additional identification request to the second server via the network, receive a second identification response from the second server, and generate a blended response by modifying one or more characteristics of the identification response with the second identification response, the blended response indicating the identification of the user.

Abstract: Systems and Computer Readable Media for enabling methods for multi-party authorization including a security component determining that a request for the performance of an action on a computing device is from a first party. The security component initiates transmissions to the computing device of first and second information indicating knowledge of first and second secrets provisioned on the computing device. The computing device, upon verifying the knowledge of first and second secrets, then permits the requested action.

Abstract: Generally, embodiments of the present invention provide systems and methods that can facilitate delivery and access to an unattended home. A location of the unattended home for a drop off of the item is determined based on information received from a user or information associated with a user profile, the information including permission to enter the unattended home. Location data for a carrier device is determined based on receiving satellite positioning data from the carrier device, the location data of the carrier device indicating that the carrier device corresponds to the location of the unattended home. Information associated with an identifier affixed to the item is also determined. Access to the unattended home is granted based on transmitting a signal to at least one of a home monitoring system and a networked home device at the unattended home when the information corresponds to the location data from the carrier device.

Abstract: The present invention provides systems and methods for providing cross-device native functionality for a native app. More specifically, the invention is directed to a JavaScript Object Notation (JSON) data exchange format for use with a native app running on a user's mobile device, wherein the exchange format is configured to improve user experience and interaction with the app. The present invention may be particularly useful in a mobile-based crowdsourcing platform in which data is continually exchanged between remote user devices and a cloud-based service for collecting and managing user-driven data based on user interaction with native apps on their devices.

Abstract: A cable distribution system includes a head end connected to a plurality of customer devices through a transmission network that includes a remote fiber node, that converts received data to analog data suitable to be provided on a coaxial cable for the plurality of customer devices. The plurality of vCores instantiated on at least one of servers is configured within a container to provide services to the plurality of customer devices through the transmission network, where each of the vCores includes a service endpoint that is accessible from within the container while each of the vCores does not include a service endpoint that is directly accessible from a network address exterior to the container. A gateway instantiated one of the servers within the container provides access to each of the vCores using said service endpoint over a non-encrypted channel, and provides access to the gateway from a network address exterior to the container over an encrypted channel.

Abstract: Various aspects of the subject technology relate to systems, methods, and machine-readable media for geographically local license sharing. The method includes transmitting, from a media server, a shared secret to a licensed client, the licensed client broadcasting a wireless signal comprising a unique identifier associated with the licensed client. The method also includes receiving, at the media server, an access token and the unique identifier of the licensed client from an unlicensed client, the access token and the unique identifier received by the unlicensed client from the licensed client based on a proximity of the unlicensed client to the licensed client. The method also includes validating, by the media server, the access token based on the unique identifier and the shared secret with the licensed client. The method also includes enabling the unlicensed client to access media content of the media server upon validation of the access token.

Abstract: Embodiments determine an eligibility of a request for an operation event from a client using a distributed ledger that comprises a plurality of nodes. Embodiments send the request from the client to a primary node of the distributed ledger, the request comprising a first token. Embodiments validate the node at the primary node with a token provider, broadcast the request to all secondary nodes of the distributed ledger and perform a service by the primary node and the secondary nodes in response to the request. Embodiments send a reply to the client from each of the primary node and the secondary nodes when the service is performed successfully by the respective node, the reply comprising a second token. Embodiments then determine an eligibility of the client for the request based on a count of a number of second tokens received by the client.

Abstract: A method for enhancing dialog systems is disclosed herein. The method comprises maintaining an online marketplace that may include a plurality of dialog system extension elements. Each of the plurality of dialog system extension elements may include at least one of a dialog system plugin, a dialog system add-on, a dialog system update, and a dialog system upgrade. The method may further include receiving a selection of one of the plurality of dialog system extension elements from a software developer. The software developer may be associated with a dialog system. The method may continue with associating the one of the plurality of dialog system extension elements with the dialog system of the software developer.

Abstract: Embodiments are directed to managing data for unified graph representation of skills and acumen. Information associated with one or more subjects may be classified to provide profile information that conforms to a unified schema. Fields of the profile information may be classified as facts, fact-relationships, actions, skills, or skill-relationships based on the unified schema. A plurality of profile graphs may be generated based on map models and the facts, the fact-relationships, the actions, the skills, or the skill-relationships such that the map models include one or more directives for associating the facts, the fact-relationships, the actions, the skills, or the skill-relationships with one or more nodes or one or more edges in the plurality of profile graphs. In response to query information provided by one or more analysis applications, classifying a portion of the plurality of profile graphs based on the query information.

Abstract: A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.

Abstract: Provided are systems and methods for verifying user credentials for performing a search. Verifying user credentials include receiving a search request at a search server, determining, at the search server, whether a set of user credentials of a user has been updated within a threshold period of time. The set of user credentials are received from an identity provider server and cached at the search server. Responsive to determining that the cached set of user credentials have not been updated within the threshold period of time, the identity provider server is queried for a current set of user credentials associated with the user. The current set of user credentials from the identity provider server, and used to determine that the user is authorized to perform the search. The search of the datastore is launched responsive to determining that the user is authorized.

Abstract: A first message is received from a first communication device. The first message comprises an authentication token. For example, the authentication token may be a username/password. A determination is made if the first message also comprises a valid temporary password. The temporary password is used to prevent a Denial-of-Service (DOS) attack. In response to the first message comprising the valid temporary password, a determination is made if the authentication token is valid. In response to the authentication token being valid, the first message is responded to in a normal manner. If the first message does not contain the temporary password, the first message is handled based on a DOS message handling process.

Abstract: A system for controlling access to cluster resources is provided. The system includes one or more processors; and memory operatively coupled to the one or more processors, wherein the one or more processors and the memory form a cluster of computer resources that includes an admission controller configured to receive requests and determine if the request is authorized, a request history database that stores the request information received by the admission controller from a plurality of users, a role design advisor that is configured to adjust permissions for the plurality of users based on a pattern of usage identified from the request history database, and an alert system that communicates an alert to an administrator that a request outside the pattern of requests for the user has been received by the admission controller, wherein the admission controller, request history database, and role design advisor control access to the cluster resources.

Abstract: Systems and methods for multi-modal user device authentication are disclosed. An example electronic device includes a first sensor, a microphone, a first camera, and a confidence analyzer to authenticate a subject as the authorized user in response to a user presence detection analyzer detecting a presence of the subject and one or more of (a) an audio data analyzer detecting a voice of an authorized user or (b) an image data analyzer detecting a feature of the authorized user. The example electronic device includes a processor to cause the electronic device to move from a first power state to a second power state in response to the confidence analyzer authenticating the user as the authorized user. The electronic device is to consume a greater amount of power in the second power state than the first power state.

Abstract: A method of enhancing a performance characteristic of an additive manufacturing apparatus, the method including: (a) dispensing a batch of a light polymerizable resin into the additive manufacturing apparatus, the batch characterized by at least one physical characteristic; (b) determining the unique identity of the batch; (c) sending the unique identity of the batch to a database; then (d) either: (i) receiving on the controller from the database modified operating instructions for the resin batch, which modified operating instructions have been modified based on the at least one physical characteristic, or (ii) receiving on the controller from the database the at least one physical characteristic for the specific resin batch and modifying the operating instructions based on the at least one physical characteristic; and then (e) producing the object from the batch of light polymerizable resin on the additive manufacturing apparatus with the modified operating instructions.

Abstract: A corporate information technology (IT) network can protect sensitive data sent to computers located outside of the IT network. For example, a customer of a company may control who can access his or her sensitive personal information by identifying his or her access preference included in an access control list, where the access preference describes a level of access that at least one remote employee or person may have to the customer's sensitive personal information. A data protection server may containerize the sensitive personal information and the access control list of the person in a data protection container. If a remote employee or a person requests access the customer's sensitive personal information, the data protection server may perform data protection related operations to provide the sensitive personal information to the remote employee or person.

Abstract: Techniques for reducing CPU consumption in a federated search are disclosed. In some example embodiments, a computer-implemented method comprises determining an initial search scope by selecting a subset of searchable resources from a plurality of searchable resources based on interaction data of a user, with the initial search scope being defined by the selected subset of searchable resources, and the interaction data indicating online activity of the user directed towards past search results of past search queries submitted by the user. A federated search for a current search query is then performed using the initial search scope, with the federated search for the current search query being restricted to only the subset of searchable resources, and current search results for the current search query are generated based on the performing of the federated search.

Abstract: Methods and systems for securely sharing files with user devices based on location are described herein. A server may detect an endpoint device in response to receipt, from a user device, of a request to share a file, the endpoint device being proximate to the user device. An identifier indicative of the detected endpoint device may be generated by the server. The identifier may distinguish the detected endpoint device from other endpoint devices proximate to the user device. The server may send the identifier to the user device to enable the user device to share the file with the detected endpoint device.

Abstract: A data anonymization computer system selectively anonymizes data items from data structures prior to forwarding the data structures to a third-party network service. The data anonymization computer system identifies at least a respective data item of the data structure that meets a set of conditions, including at least a first condition in which at least a portion of the respective data item has a format that coincides with the predetermined format and replaces a set of characters of the respective data item having the format with a string of characters of a respective token of a pool of tokens. The data anonymization computer system forwards the data structures to the third-party network service with each of the respective data items having the string of characters of the respective token in place of the replaced set of characters.

Abstract: A system and method for catastrophic event modeling are provided. The method includes generating a cyber event catalog based on a past cyber event, the cyber event catalog including a plurality of cyber events; and simulating a cyber event, of the plurality of cyber events included in the cyber event catalog, to predict whether an organization is affected by a simulated cyber event, wherein the organization is an organization selected from a hazard table.

Abstract: A method of validating an electronic computer model of a building project includes: providing one or more electronic building project databases storing: (i) stakeholder information, (ii) element data; (iii) material data; (iv) specification data; (v) requirement data; (vi) procurement data and a plurality of instance data items are provided by at least one stakeholder of the first subgroup of stakeholders; generating a scope ID associated with each instance data item (c) storing the scope ID; (d) receiving a first electronic computer model including a plurality of existence objects associated with the first building project; (e) validating, the first electronic computer model (f) receiving updated data; (g) repeating step (e)-(f) until no alert is generated; (h) generating and transmitting a certification query; (j) receiving, a certification message from each stakeholder and (k) storing, in immutable form, the plurality of instance data items and respective scope ID of each instance data item.

Abstract: An intelligent-adversary simulator can construct a graph of a virtualized instance of a network including devices connecting to the virtualized instance of the network as well as connections and pathways through the virtualized instance of the network. Running a simulated cyber-attack scenario on the virtualized instance of the network in order to identify one or more critical devices connecting to the virtualized instance of the network from a security standpoint, and then put this information into a generated report to help prioritize which devices should have a priority. During a simulation, the intelligent-adversary simulator calculates paths of least resistance for a cyber threat in the cyber-attack scenario to compromise a source device through to other components until reaching an end goal of the cyber-attack scenario in the virtualized network, all based on historic knowledge of connectivity and behaviour patterns of users and devices within the actual network under analysis.

Abstract: Embodiments discussed herein refer to systems and methods for chatbot interactions. When chatbot derived interactions are detected, the system can prevent those interactions from being further processed. This can be performed by an analysis system operative to engage in a dialog with customers. The system can manage a dialog with a first customer and evaluate the dialog to determine whether any interactions or responses are associated with a chatbot or a human. Interactions or responses determined be associated with a chatbot are dropped and not permitted to be further processed by the analysis system.

Abstract: Disclosed herein at methods and systems for monitoring and analyzing code and identifying a suitable substitute for the identified code. A central server identifies inserted code configured to communicate session data to a second server. The central server then identifies an application having functionality corresponding to the inserted code. The central server then provides an indication of the corresponding application.

Abstract: A central computer system transforms identification information of a consumer into an identity code that hides the identification information and stores it with contact information of a consumer's computer system. When a computer system on the network of the central computer system conducts a transaction with a subject who uses the identity code of the consumer, the central computer system contacts the consumer's computer system so that the consumer can stop the transaction if it is not authorized. Because only the identity code is used to protect the consumer, the original identification information of the consumer is fully protected.

Abstract: A method, apparatus, and computer program product are provided for identifying individuals using electronic fingerprint data, providing residence mapping functionality, resolving conflicts relating to the update of electronic records, and optimizing performance relating to the access of electronic records.

Abstract: A system includes a server configured to store a plurality of imagery configured to be presented in an email template on an electronic device. The server is configured to receive a request to retrieve an imagery of the plurality of imagery for use in the email template. The system also includes a controller configured to perform operations that include monitoring information associated with the request, comparing monitored information associated with the request with expected information associated with the request, and determining unauthorized usage of the email template based on a mismatch between the monitored information and the expected information.

Abstract: A neural processing unit comprises an input module for receiving a transaction from at least one program, each program has an associated program privilege level; and a plurality of delegation pages, each delegation page comprising a delegation management unit associated with a page privilege level. The neural processing unit also comprises at least one resource arranged to be accessed by at least one of the delegation pages; and a processing module arranged to process the transaction. Processing the transactions comprises allocating each transaction to a delegation page based on the program privilege level and page privilege level. The program is arranged to instruct the delegation management unit of a first delegation page, having a first-page privilege level to delegate access to the at least one resource to a second delegation page having a second-page privilege level, and wherein the first-page privilege level is higher than the second-page privilege level.

Abstract: A computer-implemented method of selectively installing an application from an application archive file is disclosed. The method includes receiving an indication to install an application on a computing device, the application being available for download as an archive file storing a manifest file and one or more installation files. The method further includes determining that installation of the application is permissible. The determining includes: without downloading the archive file, downloading at least a portion of the manifest file; and determining, based on the at least a portion of the manifest file, that installation of the application on the computing device would comply with a device management policy for the computing device. After determining that installation of the application is permissible, the archive file is downloaded and the application is installed therefrom. Related computer-readable media and computer systems are also disclosed.

Abstract: In a dataset exchange environment in which datasets are available for exchange or transformation, a dataset validation platform may be configured to update a cryptographically signed record based on each dataset that is available via the data exchange environment. The dataset validation platform may be further configured to control access to the datasets based on whether a request to access a particular dataset is compliant with an availability requirement of the particular dataset. The dataset validation platform may be further configured to update the cryptographically signed record based on requests to access the datasets, transformations that are based on the datasets, or modifications to the availability requirement of the datasets, such as a modification to a privacy limitation or other availability requirement indicating a criteria for usage of the requested dataset.

Abstract: Provided are a system and a method for controlling transaction data access. A system for controlling transaction data access comprising: a transaction management module configured to determine a plurality of security levels for transaction data; a data encryption module configured to perform multiple level encrypting the transaction data according to the plurality of security levels; and a data storage module configured to store the encrypted data as a block, and provide the block to a peer-to-peer (P2P) network.

Abstract: The present invention provides systems and methods for providing cross-device native functionality for a native app. More specifically, the invention is directed to a JavaScript Object Notation (JSON) data exchange format for use with a native app running on a user's mobile device, wherein the exchange format is configured to improve user experience and interaction with the app. The present invention may be particularly useful in a mobile-based crowdsourcing platform in which data is continually exchanged between remote user devices and a cloud-based service for collecting and managing user-driven data based on user interaction with native apps on their devices.

Abstract: A method for detecting malware software in a computer system includes accessing a plurality of hostnames for a malware server from a computer system infected with malware and attempting to communicate with the malware server, each hostname including a plurality of symbols in each of a plurality of symbol positions; training an autoencoder based on each of the plurality of hostnames, wherein the autoencoder includes: a set of input units for each possible symbol and symbol position in a hostname; output units each for storing an output of the autoencoder; and a set of hidden units smaller in number than the set of input units and each interconnecting all input and all output units with weighted interconnections, such that the autoencoder is trainable to provide an approximated reconstruction of values of the input units at the output units; selecting a set of one or more symbol and symbol position tuples based on weights of interconnections in the trained autoencoder; and identifying infected computer systems

Abstract: A pet medical text recognizer may include one or more machine learning classifiers. The one or more machine learning classifiers may be trained using training data to associate raw text with pet clinical event codes. A performance metric may be provided, and the highest performing classifier according to the performance metric may be selected as the model for the pet medical text recognizer. The pet medical text recognizer may accept input text from a veterinary practice management system and generate a pet clinical event code for the text. A set of codes associated with a single pet may be aggregated into a pet health record.

Abstract: Techniques for changing the presentation of information on a user interface based on presence are described. In an example, a computer system determines, based on an image sensor associated with the system, a first presence of a first user relative to a computing device. The computer system also determines an identifier of the first user. The identifier is associated with operating the computing device. The operating comprises a presentation of the user interface by the computing device. The computer system also determines, based on the image sensor, a second presence of a second person relative to the computing device. The computer system causes an update to the user interface based on the second presence.

Abstract: An information processing apparatus includes a processor programmed to: detect a request submitted from a terminal to an external server providing a service; and upon a determination that the detected request is submitted from the terminal located in a base, transmit a validation request for validating a certificate of the terminal to a CRL distribution server in which the certificate of the terminal is invalid.

Abstract: Methods and a system of generating a master seed using location-based data. The system includes a pseudo-random number generator configured to generate a random number and a global positioning system module configured to determine a location of the system. The system also includes an encryption module configured to generate a signing request message. The signing request message includes the random number and the location. The system further includes a communication device configured to transmit the signing request message to a location authority for authorization. The communication device further configured to receive a signature from the location authority upon authorization of the signing request message. The system is further configured to generate a master seed based on the signature.