Abstract: A resource server system granting to users access to a resource based on the very fact that the users' computing systems can demonstrate that they heard an audio signal. Specifically, the resource server system detects receipt of a message from a client computing system, and interprets the message as representing that the client computing system heard an audio signal. In response, the resource server system grants a user of the client computing system access to the resource. This may be performed for multiple client computing systems that each demonstrate that they heard the audio signal. Thus, the principles described herein allow for the granting of access to resources to other computing systems within the audible proximity of a computing system that transmitted the audio signal.

Abstract: A method for verifying and validating identifiable attributes of a user includes electronically receiving the attributes of a user and verifying their authenticity. The attributes are also validated by confirming each matches a corresponding evidenced based attribute. An internal unique identity number is assigned in concert with authenticated user attributes. Access to the identifiable attributes having the identifier is only permitted by the user or a designee of the user. A level of confidence is established from a ranking of the validated attributes. An authenticated digital identity is then formed from the identifiable validated attributes, and a level of confidence for the authenticated digital identity is established from the ranking.

Abstract: Described herein are techniques are provided for enabling a security orchestration, automation, and response (SOAR) service to automatically manage apps used to interface with an integrated security operations service and other related devices and services. Further described herein is a SOAR app generator service or application used to automate the creation of apps for a SOAR service based on application programming interfaces (API) specifications for related devices or services, as well as visual playbook editor interfaces for a SOAR service that enable the configuration of complex action input parameters including arrays and objects.

Abstract: User identification with blended response from dual-layer identification service. In one embodiment, a server comprising an electronic processor configured to detect an access request by a user of a user interface device, retrieve a plurality of input profile records from an input profile record repository, perform an identification of the user with one or more passive biometrics models and the plurality of input profile records that are retrieved, generate an identification response and an additional identification request based on an outcome of the identification of the user, control the communication interface to transmit the additional identification request to the second server via the network, receive a second identification response from the second server, and generate a blended response by modifying one or more characteristics of the identification response with the second identification response, the blended response indicating the identification of the user.

Abstract: Generally, embodiments of the present invention provide systems and methods that can facilitate delivery and access to an unattended home. A location of the unattended home for a drop off of the item is determined based on information received from a user or information associated with a user profile, the information including permission to enter the unattended home. Location data for a carrier device is determined based on receiving satellite positioning data from the carrier device, the location data of the carrier device indicating that the carrier device corresponds to the location of the unattended home. Information associated with an identifier affixed to the item is also determined. Access to the unattended home is granted based on transmitting a signal to at least one of a home monitoring system and a networked home device at the unattended home when the information corresponds to the location data from the carrier device.

Abstract: Systems and Computer Readable Media for enabling methods for multi-party authorization including a security component determining that a request for the performance of an action on a computing device is from a first party. The security component initiates transmissions to the computing device of first and second information indicating knowledge of first and second secrets provisioned on the computing device. The computing device, upon verifying the knowledge of first and second secrets, then permits the requested action.

Abstract: A cable distribution system includes a head end connected to a plurality of customer devices through a transmission network that includes a remote fiber node, that converts received data to analog data suitable to be provided on a coaxial cable for the plurality of customer devices. The plurality of vCores instantiated on at least one of servers is configured within a container to provide services to the plurality of customer devices through the transmission network, where each of the vCores includes a service endpoint that is accessible from within the container while each of the vCores does not include a service endpoint that is directly accessible from a network address exterior to the container. A gateway instantiated one of the servers within the container provides access to each of the vCores using said service endpoint over a non-encrypted channel, and provides access to the gateway from a network address exterior to the container over an encrypted channel.

Abstract: Various aspects of the subject technology relate to systems, methods, and machine-readable media for geographically local license sharing. The method includes transmitting, from a media server, a shared secret to a licensed client, the licensed client broadcasting a wireless signal comprising a unique identifier associated with the licensed client. The method also includes receiving, at the media server, an access token and the unique identifier of the licensed client from an unlicensed client, the access token and the unique identifier received by the unlicensed client from the licensed client based on a proximity of the unlicensed client to the licensed client. The method also includes validating, by the media server, the access token based on the unique identifier and the shared secret with the licensed client. The method also includes enabling the unlicensed client to access media content of the media server upon validation of the access token.

Abstract: The present invention provides systems and methods for providing cross-device native functionality for a native app. More specifically, the invention is directed to a JavaScript Object Notation (JSON) data exchange format for use with a native app running on a user's mobile device, wherein the exchange format is configured to improve user experience and interaction with the app. The present invention may be particularly useful in a mobile-based crowdsourcing platform in which data is continually exchanged between remote user devices and a cloud-based service for collecting and managing user-driven data based on user interaction with native apps on their devices.

Abstract: Embodiments determine an eligibility of a request for an operation event from a client using a distributed ledger that comprises a plurality of nodes. Embodiments send the request from the client to a primary node of the distributed ledger, the request comprising a first token. Embodiments validate the node at the primary node with a token provider, broadcast the request to all secondary nodes of the distributed ledger and perform a service by the primary node and the secondary nodes in response to the request. Embodiments send a reply to the client from each of the primary node and the secondary nodes when the service is performed successfully by the respective node, the reply comprising a second token. Embodiments then determine an eligibility of the client for the request based on a count of a number of second tokens received by the client.

Abstract: A method for enhancing dialog systems is disclosed herein. The method comprises maintaining an online marketplace that may include a plurality of dialog system extension elements. Each of the plurality of dialog system extension elements may include at least one of a dialog system plugin, a dialog system add-on, a dialog system update, and a dialog system upgrade. The method may further include receiving a selection of one of the plurality of dialog system extension elements from a software developer. The software developer may be associated with a dialog system. The method may continue with associating the one of the plurality of dialog system extension elements with the dialog system of the software developer.

Abstract: Embodiments are directed to managing data for unified graph representation of skills and acumen. Information associated with one or more subjects may be classified to provide profile information that conforms to a unified schema. Fields of the profile information may be classified as facts, fact-relationships, actions, skills, or skill-relationships based on the unified schema. A plurality of profile graphs may be generated based on map models and the facts, the fact-relationships, the actions, the skills, or the skill-relationships such that the map models include one or more directives for associating the facts, the fact-relationships, the actions, the skills, or the skill-relationships with one or more nodes or one or more edges in the plurality of profile graphs. In response to query information provided by one or more analysis applications, classifying a portion of the plurality of profile graphs based on the query information.

Abstract: A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.

Abstract: Provided are systems and methods for verifying user credentials for performing a search. Verifying user credentials include receiving a search request at a search server, determining, at the search server, whether a set of user credentials of a user has been updated within a threshold period of time. The set of user credentials are received from an identity provider server and cached at the search server. Responsive to determining that the cached set of user credentials have not been updated within the threshold period of time, the identity provider server is queried for a current set of user credentials associated with the user. The current set of user credentials from the identity provider server, and used to determine that the user is authorized to perform the search. The search of the datastore is launched responsive to determining that the user is authorized.

Abstract: A first message is received from a first communication device. The first message comprises an authentication token. For example, the authentication token may be a username/password. A determination is made if the first message also comprises a valid temporary password. The temporary password is used to prevent a Denial-of-Service (DOS) attack. In response to the first message comprising the valid temporary password, a determination is made if the authentication token is valid. In response to the authentication token being valid, the first message is responded to in a normal manner. If the first message does not contain the temporary password, the first message is handled based on a DOS message handling process.

Abstract: A system for controlling access to cluster resources is provided. The system includes one or more processors; and memory operatively coupled to the one or more processors, wherein the one or more processors and the memory form a cluster of computer resources that includes an admission controller configured to receive requests and determine if the request is authorized, a request history database that stores the request information received by the admission controller from a plurality of users, a role design advisor that is configured to adjust permissions for the plurality of users based on a pattern of usage identified from the request history database, and an alert system that communicates an alert to an administrator that a request outside the pattern of requests for the user has been received by the admission controller, wherein the admission controller, request history database, and role design advisor control access to the cluster resources.

Abstract: Systems and methods for multi-modal user device authentication are disclosed. An example electronic device includes a first sensor, a microphone, a first camera, and a confidence analyzer to authenticate a subject as the authorized user in response to a user presence detection analyzer detecting a presence of the subject and one or more of (a) an audio data analyzer detecting a voice of an authorized user or (b) an image data analyzer detecting a feature of the authorized user. The example electronic device includes a processor to cause the electronic device to move from a first power state to a second power state in response to the confidence analyzer authenticating the user as the authorized user. The electronic device is to consume a greater amount of power in the second power state than the first power state.

Abstract: A corporate information technology (IT) network can protect sensitive data sent to computers located outside of the IT network. For example, a customer of a company may control who can access his or her sensitive personal information by identifying his or her access preference included in an access control list, where the access preference describes a level of access that at least one remote employee or person may have to the customer's sensitive personal information. A data protection server may containerize the sensitive personal information and the access control list of the person in a data protection container. If a remote employee or a person requests access the customer's sensitive personal information, the data protection server may perform data protection related operations to provide the sensitive personal information to the remote employee or person.

Abstract: A method of enhancing a performance characteristic of an additive manufacturing apparatus, the method including: (a) dispensing a batch of a light polymerizable resin into the additive manufacturing apparatus, the batch characterized by at least one physical characteristic; (b) determining the unique identity of the batch; (c) sending the unique identity of the batch to a database; then (d) either: (i) receiving on the controller from the database modified operating instructions for the resin batch, which modified operating instructions have been modified based on the at least one physical characteristic, or (ii) receiving on the controller from the database the at least one physical characteristic for the specific resin batch and modifying the operating instructions based on the at least one physical characteristic; and then (e) producing the object from the batch of light polymerizable resin on the additive manufacturing apparatus with the modified operating instructions.

Abstract: Techniques for reducing CPU consumption in a federated search are disclosed. In some example embodiments, a computer-implemented method comprises determining an initial search scope by selecting a subset of searchable resources from a plurality of searchable resources based on interaction data of a user, with the initial search scope being defined by the selected subset of searchable resources, and the interaction data indicating online activity of the user directed towards past search results of past search queries submitted by the user. A federated search for a current search query is then performed using the initial search scope, with the federated search for the current search query being restricted to only the subset of searchable resources, and current search results for the current search query are generated based on the performing of the federated search.

Abstract: Methods and systems for securely sharing files with user devices based on location are described herein. A server may detect an endpoint device in response to receipt, from a user device, of a request to share a file, the endpoint device being proximate to the user device. An identifier indicative of the detected endpoint device may be generated by the server. The identifier may distinguish the detected endpoint device from other endpoint devices proximate to the user device. The server may send the identifier to the user device to enable the user device to share the file with the detected endpoint device.

Abstract: A system and method for catastrophic event modeling are provided. The method includes generating a cyber event catalog based on a past cyber event, the cyber event catalog including a plurality of cyber events; and simulating a cyber event, of the plurality of cyber events included in the cyber event catalog, to predict whether an organization is affected by a simulated cyber event, wherein the organization is an organization selected from a hazard table.

Abstract: A data anonymization computer system selectively anonymizes data items from data structures prior to forwarding the data structures to a third-party network service. The data anonymization computer system identifies at least a respective data item of the data structure that meets a set of conditions, including at least a first condition in which at least a portion of the respective data item has a format that coincides with the predetermined format and replaces a set of characters of the respective data item having the format with a string of characters of a respective token of a pool of tokens. The data anonymization computer system forwards the data structures to the third-party network service with each of the respective data items having the string of characters of the respective token in place of the replaced set of characters.

Abstract: A method of validating an electronic computer model of a building project includes: providing one or more electronic building project databases storing: (i) stakeholder information, (ii) element data; (iii) material data; (iv) specification data; (v) requirement data; (vi) procurement data and a plurality of instance data items are provided by at least one stakeholder of the first subgroup of stakeholders; generating a scope ID associated with each instance data item (c) storing the scope ID; (d) receiving a first electronic computer model including a plurality of existence objects associated with the first building project; (e) validating, the first electronic computer model (f) receiving updated data; (g) repeating step (e)-(f) until no alert is generated; (h) generating and transmitting a certification query; (j) receiving, a certification message from each stakeholder and (k) storing, in immutable form, the plurality of instance data items and respective scope ID of each instance data item.

Abstract: Disclosed herein at methods and systems for monitoring and analyzing code and identifying a suitable substitute for the identified code. A central server identifies inserted code configured to communicate session data to a second server. The central server then identifies an application having functionality corresponding to the inserted code. The central server then provides an indication of the corresponding application.

Abstract: Embodiments discussed herein refer to systems and methods for chatbot interactions. When chatbot derived interactions are detected, the system can prevent those interactions from being further processed. This can be performed by an analysis system operative to engage in a dialog with customers. The system can manage a dialog with a first customer and evaluate the dialog to determine whether any interactions or responses are associated with a chatbot or a human. Interactions or responses determined be associated with a chatbot are dropped and not permitted to be further processed by the analysis system.

Abstract: An intelligent-adversary simulator can construct a graph of a virtualized instance of a network including devices connecting to the virtualized instance of the network as well as connections and pathways through the virtualized instance of the network. Running a simulated cyber-attack scenario on the virtualized instance of the network in order to identify one or more critical devices connecting to the virtualized instance of the network from a security standpoint, and then put this information into a generated report to help prioritize which devices should have a priority. During a simulation, the intelligent-adversary simulator calculates paths of least resistance for a cyber threat in the cyber-attack scenario to compromise a source device through to other components until reaching an end goal of the cyber-attack scenario in the virtualized network, all based on historic knowledge of connectivity and behaviour patterns of users and devices within the actual network under analysis.

Abstract: A central computer system transforms identification information of a consumer into an identity code that hides the identification information and stores it with contact information of a consumer's computer system. When a computer system on the network of the central computer system conducts a transaction with a subject who uses the identity code of the consumer, the central computer system contacts the consumer's computer system so that the consumer can stop the transaction if it is not authorized. Because only the identity code is used to protect the consumer, the original identification information of the consumer is fully protected.

Abstract: A method, apparatus, and computer program product are provided for identifying individuals using electronic fingerprint data, providing residence mapping functionality, resolving conflicts relating to the update of electronic records, and optimizing performance relating to the access of electronic records.

Abstract: A system includes a server configured to store a plurality of imagery configured to be presented in an email template on an electronic device. The server is configured to receive a request to retrieve an imagery of the plurality of imagery for use in the email template. The system also includes a controller configured to perform operations that include monitoring information associated with the request, comparing monitored information associated with the request with expected information associated with the request, and determining unauthorized usage of the email template based on a mismatch between the monitored information and the expected information.

Abstract: A computer-implemented method of selectively installing an application from an application archive file is disclosed. The method includes receiving an indication to install an application on a computing device, the application being available for download as an archive file storing a manifest file and one or more installation files. The method further includes determining that installation of the application is permissible. The determining includes: without downloading the archive file, downloading at least a portion of the manifest file; and determining, based on the at least a portion of the manifest file, that installation of the application on the computing device would comply with a device management policy for the computing device. After determining that installation of the application is permissible, the archive file is downloaded and the application is installed therefrom. Related computer-readable media and computer systems are also disclosed.

Abstract: A neural processing unit comprises an input module for receiving a transaction from at least one program, each program has an associated program privilege level; and a plurality of delegation pages, each delegation page comprising a delegation management unit associated with a page privilege level. The neural processing unit also comprises at least one resource arranged to be accessed by at least one of the delegation pages; and a processing module arranged to process the transaction. Processing the transactions comprises allocating each transaction to a delegation page based on the program privilege level and page privilege level. The program is arranged to instruct the delegation management unit of a first delegation page, having a first-page privilege level to delegate access to the at least one resource to a second delegation page having a second-page privilege level, and wherein the first-page privilege level is higher than the second-page privilege level.

Abstract: In a dataset exchange environment in which datasets are available for exchange or transformation, a dataset validation platform may be configured to update a cryptographically signed record based on each dataset that is available via the data exchange environment. The dataset validation platform may be further configured to control access to the datasets based on whether a request to access a particular dataset is compliant with an availability requirement of the particular dataset. The dataset validation platform may be further configured to update the cryptographically signed record based on requests to access the datasets, transformations that are based on the datasets, or modifications to the availability requirement of the datasets, such as a modification to a privacy limitation or other availability requirement indicating a criteria for usage of the requested dataset.

Abstract: Provided are a system and a method for controlling transaction data access. A system for controlling transaction data access comprising: a transaction management module configured to determine a plurality of security levels for transaction data; a data encryption module configured to perform multiple level encrypting the transaction data according to the plurality of security levels; and a data storage module configured to store the encrypted data as a block, and provide the block to a peer-to-peer (P2P) network.

Abstract: The present invention provides systems and methods for providing cross-device native functionality for a native app. More specifically, the invention is directed to a JavaScript Object Notation (JSON) data exchange format for use with a native app running on a user's mobile device, wherein the exchange format is configured to improve user experience and interaction with the app. The present invention may be particularly useful in a mobile-based crowdsourcing platform in which data is continually exchanged between remote user devices and a cloud-based service for collecting and managing user-driven data based on user interaction with native apps on their devices.

Abstract: A pet medical text recognizer may include one or more machine learning classifiers. The one or more machine learning classifiers may be trained using training data to associate raw text with pet clinical event codes. A performance metric may be provided, and the highest performing classifier according to the performance metric may be selected as the model for the pet medical text recognizer. The pet medical text recognizer may accept input text from a veterinary practice management system and generate a pet clinical event code for the text. A set of codes associated with a single pet may be aggregated into a pet health record.

Abstract: A method for detecting malware software in a computer system includes accessing a plurality of hostnames for a malware server from a computer system infected with malware and attempting to communicate with the malware server, each hostname including a plurality of symbols in each of a plurality of symbol positions; training an autoencoder based on each of the plurality of hostnames, wherein the autoencoder includes: a set of input units for each possible symbol and symbol position in a hostname; output units each for storing an output of the autoencoder; and a set of hidden units smaller in number than the set of input units and each interconnecting all input and all output units with weighted interconnections, such that the autoencoder is trainable to provide an approximated reconstruction of values of the input units at the output units; selecting a set of one or more symbol and symbol position tuples based on weights of interconnections in the trained autoencoder; and identifying infected computer systems

Abstract: Techniques for changing the presentation of information on a user interface based on presence are described. In an example, a computer system determines, based on an image sensor associated with the system, a first presence of a first user relative to a computing device. The computer system also determines an identifier of the first user. The identifier is associated with operating the computing device. The operating comprises a presentation of the user interface by the computing device. The computer system also determines, based on the image sensor, a second presence of a second person relative to the computing device. The computer system causes an update to the user interface based on the second presence.

Abstract: Methods and a system of generating a master seed using location-based data. The system includes a pseudo-random number generator configured to generate a random number and a global positioning system module configured to determine a location of the system. The system also includes an encryption module configured to generate a signing request message. The signing request message includes the random number and the location. The system further includes a communication device configured to transmit the signing request message to a location authority for authorization. The communication device further configured to receive a signature from the location authority upon authorization of the signing request message. The system is further configured to generate a master seed based on the signature.

Abstract: An information processing apparatus includes a processor programmed to: detect a request submitted from a terminal to an external server providing a service; and upon a determination that the detected request is submitted from the terminal located in a base, transmit a validation request for validating a certificate of the terminal to a CRL distribution server in which the certificate of the terminal is invalid.

Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.

Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from receiving external communications from an external source. The one or more mechanisms may be configured to prevent control of the malware by the external source. The one or more mechanisms may be configured to prevent the malware from establishing a command channel with the external source.

Abstract: Techniques are described herein that are capable of using security event correlation to describe an authentication process. Multiple events may describe a common (i.e., same) attempt to authenticate the user. For instance, a first event may include a first description of the attempt, a second event may include a second description of the attempt, and a third event may include a third description of the attempt. The first, second, and third events may be correlated based at least in part on the first, second, and third descriptions. The first, second, and third events may be aggregated to provide an aggregated event that includes an aggregation of the first, second, and third descriptions. An authentication report may be generated to include the aggregation of the first, second, and third descriptions to describe the authentication process.

Abstract: A device for wireless terminal authentication may include at least one processor configured to receive, from a wireless terminal device, a request for user information, the request comprising a certificate corresponding to the wireless terminal device. The at least one processor may be further configured to verify the certificate based at least in part on a public key stored on the electronic device. The at least one processor may be further configured to, when the certificate is verified, determine whether the certificate indicates that the wireless terminal device is authorized to receive the requested user information. The at least one processor may be further configured to transmit, to the wireless terminal device, the requested user information when the certificate indicates that the wireless terminal device is authorized to receive the requested user information.

Abstract: Access permissions are set for different requesting circuits on a control bus. The access permissions can be set by the level 1 manager and the level 2 manager, allowing two layers of security to be added. The level 1 manager has priority, allowing it to add access permissions that cannot be removed by the level 2 manager.

Abstract: At least some embodiments are directed to a system that receives a profile values associated from new user profiles of a computer network or system. A machine learning system determines a set of existing profiles that share at least one common profile value with the new user profile. A second machine learning model determines a set of existing user entitlements associated with the set of existing profiles. The new user profile is processed by a natural language processing engine to determine a set of new user entitlements from the set of existing user entitlements. The system provides the new user with access to electronic resources of the computer network. The system tracks the new user computer network or system activities and updates the new user profile based on the set of new user entitlements and the new user activity on the computer network or system.

Abstract: An information processing apparatus includes circuitry; and a memory storing computer-executable instructions that cause the circuitry to generate a password for connecting to a communication relay apparatus based on an operation to use the communication relay apparatus; transmit, to the communication relay apparatus, an addition request signal representing a request to add an identifier for identifying the communication relay apparatus, the addition request signal including the identifier and the generated password for connecting to a network that is set in association with the identifier on a per-identifier basis; and transmit, to the communication relay apparatus, a deletion request signal, which includes the identifier, representing a request to delete the identifier upon determining that an elapsed time from when the communication relay apparatus has added the identifier has exceeded a possible usage time of using the network.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A patient monitor (8) includes a display (10). Patient values (38) are obtained for one or more known variables of a risk prediction function (30). One or more unknown variables of the risk prediction function are determined, and at least one hyperplane (40) is defined as values assumable by the one or more unknown variables. Values of the risk prediction function are computed over the at least one hyperplane using the obtained patient values. A visualization template is selected from a database of visualization templates (50) using template selection indices including the risk prediction function and the one or more unknown variables. Using the visualization template, a visualization (52) of the computed values of the risk prediction function over the at least one hyperplane is displayed.

Abstract: An example operation may include one or more of authenticating a user, by a first system node, based on a first set of user credentials, computing, by the first system node, a second set of user credentials for a second system node, determining, by the first system node, if the second system node has a user with the second set of the user credentials, and responsive to the second system node not having the user with second set of the user credentials, deleting, by the first system node, an existing user of the second system node.