Abstract: A corporate information technology (IT) network can protect sensitive data sent to computers located outside of the IT network. For example, a customer of a company may control who can access his or her sensitive personal information by identifying his or her access preference included in an access control list, where the access preference describes a level of access that at least one remote employee or person may have to the customer's sensitive personal information. A data protection server may containerize the sensitive personal information and the access control list of the person in a data protection container. If a remote employee or a person requests access the customer's sensitive personal information, the data protection server may perform data protection related operations to provide the sensitive personal information to the remote employee or person.

Abstract: Techniques for reducing CPU consumption in a federated search are disclosed. In some example embodiments, a computer-implemented method comprises determining an initial search scope by selecting a subset of searchable resources from a plurality of searchable resources based on interaction data of a user, with the initial search scope being defined by the selected subset of searchable resources, and the interaction data indicating online activity of the user directed towards past search results of past search queries submitted by the user. A federated search for a current search query is then performed using the initial search scope, with the federated search for the current search query being restricted to only the subset of searchable resources, and current search results for the current search query are generated based on the performing of the federated search.

Abstract: Methods and systems for securely sharing files with user devices based on location are described herein. A server may detect an endpoint device in response to receipt, from a user device, of a request to share a file, the endpoint device being proximate to the user device. An identifier indicative of the detected endpoint device may be generated by the server. The identifier may distinguish the detected endpoint device from other endpoint devices proximate to the user device. The server may send the identifier to the user device to enable the user device to share the file with the detected endpoint device.

Abstract: A system and method for catastrophic event modeling are provided. The method includes generating a cyber event catalog based on a past cyber event, the cyber event catalog including a plurality of cyber events; and simulating a cyber event, of the plurality of cyber events included in the cyber event catalog, to predict whether an organization is affected by a simulated cyber event, wherein the organization is an organization selected from a hazard table.

Abstract: A data anonymization computer system selectively anonymizes data items from data structures prior to forwarding the data structures to a third-party network service. The data anonymization computer system identifies at least a respective data item of the data structure that meets a set of conditions, including at least a first condition in which at least a portion of the respective data item has a format that coincides with the predetermined format and replaces a set of characters of the respective data item having the format with a string of characters of a respective token of a pool of tokens. The data anonymization computer system forwards the data structures to the third-party network service with each of the respective data items having the string of characters of the respective token in place of the replaced set of characters.

Abstract: A method of validating an electronic computer model of a building project includes: providing one or more electronic building project databases storing: (i) stakeholder information, (ii) element data; (iii) material data; (iv) specification data; (v) requirement data; (vi) procurement data and a plurality of instance data items are provided by at least one stakeholder of the first subgroup of stakeholders; generating a scope ID associated with each instance data item (c) storing the scope ID; (d) receiving a first electronic computer model including a plurality of existence objects associated with the first building project; (e) validating, the first electronic computer model (f) receiving updated data; (g) repeating step (e)-(f) until no alert is generated; (h) generating and transmitting a certification query; (j) receiving, a certification message from each stakeholder and (k) storing, in immutable form, the plurality of instance data items and respective scope ID of each instance data item.

Abstract: An intelligent-adversary simulator can construct a graph of a virtualized instance of a network including devices connecting to the virtualized instance of the network as well as connections and pathways through the virtualized instance of the network. Running a simulated cyber-attack scenario on the virtualized instance of the network in order to identify one or more critical devices connecting to the virtualized instance of the network from a security standpoint, and then put this information into a generated report to help prioritize which devices should have a priority. During a simulation, the intelligent-adversary simulator calculates paths of least resistance for a cyber threat in the cyber-attack scenario to compromise a source device through to other components until reaching an end goal of the cyber-attack scenario in the virtualized network, all based on historic knowledge of connectivity and behaviour patterns of users and devices within the actual network under analysis.

Abstract: Disclosed herein at methods and systems for monitoring and analyzing code and identifying a suitable substitute for the identified code. A central server identifies inserted code configured to communicate session data to a second server. The central server then identifies an application having functionality corresponding to the inserted code. The central server then provides an indication of the corresponding application.

Abstract: Embodiments discussed herein refer to systems and methods for chatbot interactions. When chatbot derived interactions are detected, the system can prevent those interactions from being further processed. This can be performed by an analysis system operative to engage in a dialog with customers. The system can manage a dialog with a first customer and evaluate the dialog to determine whether any interactions or responses are associated with a chatbot or a human. Interactions or responses determined be associated with a chatbot are dropped and not permitted to be further processed by the analysis system.

Abstract: A central computer system transforms identification information of a consumer into an identity code that hides the identification information and stores it with contact information of a consumer's computer system. When a computer system on the network of the central computer system conducts a transaction with a subject who uses the identity code of the consumer, the central computer system contacts the consumer's computer system so that the consumer can stop the transaction if it is not authorized. Because only the identity code is used to protect the consumer, the original identification information of the consumer is fully protected.

Abstract: A system includes a server configured to store a plurality of imagery configured to be presented in an email template on an electronic device. The server is configured to receive a request to retrieve an imagery of the plurality of imagery for use in the email template. The system also includes a controller configured to perform operations that include monitoring information associated with the request, comparing monitored information associated with the request with expected information associated with the request, and determining unauthorized usage of the email template based on a mismatch between the monitored information and the expected information.

Abstract: A method, apparatus, and computer program product are provided for identifying individuals using electronic fingerprint data, providing residence mapping functionality, resolving conflicts relating to the update of electronic records, and optimizing performance relating to the access of electronic records.

Abstract: A computer-implemented method of selectively installing an application from an application archive file is disclosed. The method includes receiving an indication to install an application on a computing device, the application being available for download as an archive file storing a manifest file and one or more installation files. The method further includes determining that installation of the application is permissible. The determining includes: without downloading the archive file, downloading at least a portion of the manifest file; and determining, based on the at least a portion of the manifest file, that installation of the application on the computing device would comply with a device management policy for the computing device. After determining that installation of the application is permissible, the archive file is downloaded and the application is installed therefrom. Related computer-readable media and computer systems are also disclosed.

Abstract: A neural processing unit comprises an input module for receiving a transaction from at least one program, each program has an associated program privilege level; and a plurality of delegation pages, each delegation page comprising a delegation management unit associated with a page privilege level. The neural processing unit also comprises at least one resource arranged to be accessed by at least one of the delegation pages; and a processing module arranged to process the transaction. Processing the transactions comprises allocating each transaction to a delegation page based on the program privilege level and page privilege level. The program is arranged to instruct the delegation management unit of a first delegation page, having a first-page privilege level to delegate access to the at least one resource to a second delegation page having a second-page privilege level, and wherein the first-page privilege level is higher than the second-page privilege level.

Abstract: In a dataset exchange environment in which datasets are available for exchange or transformation, a dataset validation platform may be configured to update a cryptographically signed record based on each dataset that is available via the data exchange environment. The dataset validation platform may be further configured to control access to the datasets based on whether a request to access a particular dataset is compliant with an availability requirement of the particular dataset. The dataset validation platform may be further configured to update the cryptographically signed record based on requests to access the datasets, transformations that are based on the datasets, or modifications to the availability requirement of the datasets, such as a modification to a privacy limitation or other availability requirement indicating a criteria for usage of the requested dataset.

Abstract: Provided are a system and a method for controlling transaction data access. A system for controlling transaction data access comprising: a transaction management module configured to determine a plurality of security levels for transaction data; a data encryption module configured to perform multiple level encrypting the transaction data according to the plurality of security levels; and a data storage module configured to store the encrypted data as a block, and provide the block to a peer-to-peer (P2P) network.

Abstract: The present invention provides systems and methods for providing cross-device native functionality for a native app. More specifically, the invention is directed to a JavaScript Object Notation (JSON) data exchange format for use with a native app running on a user's mobile device, wherein the exchange format is configured to improve user experience and interaction with the app. The present invention may be particularly useful in a mobile-based crowdsourcing platform in which data is continually exchanged between remote user devices and a cloud-based service for collecting and managing user-driven data based on user interaction with native apps on their devices.

Abstract: A method for detecting malware software in a computer system includes accessing a plurality of hostnames for a malware server from a computer system infected with malware and attempting to communicate with the malware server, each hostname including a plurality of symbols in each of a plurality of symbol positions; training an autoencoder based on each of the plurality of hostnames, wherein the autoencoder includes: a set of input units for each possible symbol and symbol position in a hostname; output units each for storing an output of the autoencoder; and a set of hidden units smaller in number than the set of input units and each interconnecting all input and all output units with weighted interconnections, such that the autoencoder is trainable to provide an approximated reconstruction of values of the input units at the output units; selecting a set of one or more symbol and symbol position tuples based on weights of interconnections in the trained autoencoder; and identifying infected computer systems

Abstract: A pet medical text recognizer may include one or more machine learning classifiers. The one or more machine learning classifiers may be trained using training data to associate raw text with pet clinical event codes. A performance metric may be provided, and the highest performing classifier according to the performance metric may be selected as the model for the pet medical text recognizer. The pet medical text recognizer may accept input text from a veterinary practice management system and generate a pet clinical event code for the text. A set of codes associated with a single pet may be aggregated into a pet health record.

Abstract: Techniques for changing the presentation of information on a user interface based on presence are described. In an example, a computer system determines, based on an image sensor associated with the system, a first presence of a first user relative to a computing device. The computer system also determines an identifier of the first user. The identifier is associated with operating the computing device. The operating comprises a presentation of the user interface by the computing device. The computer system also determines, based on the image sensor, a second presence of a second person relative to the computing device. The computer system causes an update to the user interface based on the second presence.

Abstract: An information processing apparatus includes a processor programmed to: detect a request submitted from a terminal to an external server providing a service; and upon a determination that the detected request is submitted from the terminal located in a base, transmit a validation request for validating a certificate of the terminal to a CRL distribution server in which the certificate of the terminal is invalid.

Abstract: Methods and a system of generating a master seed using location-based data. The system includes a pseudo-random number generator configured to generate a random number and a global positioning system module configured to determine a location of the system. The system also includes an encryption module configured to generate a signing request message. The signing request message includes the random number and the location. The system further includes a communication device configured to transmit the signing request message to a location authority for authorization. The communication device further configured to receive a signature from the location authority upon authorization of the signing request message. The system is further configured to generate a master seed based on the signature.

Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.

Abstract: Techniques are described herein that are capable of using security event correlation to describe an authentication process. Multiple events may describe a common (i.e., same) attempt to authenticate the user. For instance, a first event may include a first description of the attempt, a second event may include a second description of the attempt, and a third event may include a third description of the attempt. The first, second, and third events may be correlated based at least in part on the first, second, and third descriptions. The first, second, and third events may be aggregated to provide an aggregated event that includes an aggregation of the first, second, and third descriptions. An authentication report may be generated to include the aggregation of the first, second, and third descriptions to describe the authentication process.

Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from receiving external communications from an external source. The one or more mechanisms may be configured to prevent control of the malware by the external source. The one or more mechanisms may be configured to prevent the malware from establishing a command channel with the external source.

Abstract: A device for wireless terminal authentication may include at least one processor configured to receive, from a wireless terminal device, a request for user information, the request comprising a certificate corresponding to the wireless terminal device. The at least one processor may be further configured to verify the certificate based at least in part on a public key stored on the electronic device. The at least one processor may be further configured to, when the certificate is verified, determine whether the certificate indicates that the wireless terminal device is authorized to receive the requested user information. The at least one processor may be further configured to transmit, to the wireless terminal device, the requested user information when the certificate indicates that the wireless terminal device is authorized to receive the requested user information.

Abstract: Access permissions are set for different requesting circuits on a control bus. The access permissions can be set by the level 1 manager and the level 2 manager, allowing two layers of security to be added. The level 1 manager has priority, allowing it to add access permissions that cannot be removed by the level 2 manager.

Abstract: At least some embodiments are directed to a system that receives a profile values associated from new user profiles of a computer network or system. A machine learning system determines a set of existing profiles that share at least one common profile value with the new user profile. A second machine learning model determines a set of existing user entitlements associated with the set of existing profiles. The new user profile is processed by a natural language processing engine to determine a set of new user entitlements from the set of existing user entitlements. The system provides the new user with access to electronic resources of the computer network. The system tracks the new user computer network or system activities and updates the new user profile based on the set of new user entitlements and the new user activity on the computer network or system.

Abstract: An information processing apparatus includes circuitry; and a memory storing computer-executable instructions that cause the circuitry to generate a password for connecting to a communication relay apparatus based on an operation to use the communication relay apparatus; transmit, to the communication relay apparatus, an addition request signal representing a request to add an identifier for identifying the communication relay apparatus, the addition request signal including the identifier and the generated password for connecting to a network that is set in association with the identifier on a per-identifier basis; and transmit, to the communication relay apparatus, a deletion request signal, which includes the identifier, representing a request to delete the identifier upon determining that an elapsed time from when the communication relay apparatus has added the identifier has exceeded a possible usage time of using the network.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A patient monitor (8) includes a display (10). Patient values (38) are obtained for one or more known variables of a risk prediction function (30). One or more unknown variables of the risk prediction function are determined, and at least one hyperplane (40) is defined as values assumable by the one or more unknown variables. Values of the risk prediction function are computed over the at least one hyperplane using the obtained patient values. A visualization template is selected from a database of visualization templates (50) using template selection indices including the risk prediction function and the one or more unknown variables. Using the visualization template, a visualization (52) of the computed values of the risk prediction function over the at least one hyperplane is displayed.

Abstract: An example operation may include one or more of authenticating a user, by a first system node, based on a first set of user credentials, computing, by the first system node, a second set of user credentials for a second system node, determining, by the first system node, if the second system node has a user with the second set of the user credentials, and responsive to the second system node not having the user with second set of the user credentials, deleting, by the first system node, an existing user of the second system node.

Abstract: A method and a system for authenticating users by implementing artificial intelligence techniques is provided. A graphical user interface (GUI) is rendered on a computing device of a user by a server. The GUI displays objects in random motion. The objects are selected in a sequential manner by the user to form a pattern. With each selection of the object, a corresponding confidence score is determined that is based on a set of factors. Further, the selected object becomes static and the remaining objects that are yet to be selected continue to move in random motion. On forming the pattern, the aggregate of confidence scores is determined to authenticate the user.

Abstract: A method includes transmitting, by a user device associated with a user to a transportation service provider, a request for a service comprising entry into a controlled area associated with the service. The method further includes receiving, by the user device from the transportation service provider, a token to allow the user device to connect with the service and to allow entry into the controlled area associated with the service. The method further includes transmitting, by the user device to a security device associated with the transportation service provider, the token. The security device restricts access to the controlled area associated with the service. The method further includes receiving, by the user device from the security device responsive to the transmitting of the token, the access to the controlled area associated with the service.

Abstract: A method of communicating using a wireless gateway. The method comprises receiving a first message in a first radio spectrum band by a first radio transceiver of a wireless gateway, determining by a first processor of the wireless gateway that the first message is a trusted message transmitted by a first source device, transmitting the first message by the first radio transceiver in the first radio spectrum, receiving a second message in a second radio spectrum band by a second radio transceiver of the wireless gateway, determining by the first processor that the second message is a trusted message transmitted by a second source device, and transmitting a third message by the second radio transceiver in the second radio spectrum band to the second source device, wherein the third message directs the second source device to transmit the second message to the wireless gateway in the first radio spectrum band.

Abstract: The embodiments of the present disclosure relate to information processing technology and provide a method for identity authentication, capable of effectively improving security and accuracy in identity authentication. The method includes: receiving an authentication request transmitted from a client, the authentication request carrying identity authentication information of a user; authenticating the identity authentication information; collecting behavior characteristic information related to the user in a number of dimensions when the identity authentication information is determined to be valid; matching and recognizing an identity of the user by comparing the collected behavior characteristic information with original characteristic information in the respective dimensions. The embodiments of the present disclosure can be applied in a process for user identity authentication.

Abstract: An example imaging device includes a communication engine to transmit a broadcast message including a broadcast ID corresponding to the imaging device. The communication engine further is to receive a session token from a central server in response to a request for accessing the imaging device received from a user device in receipt of the broadcast ID. The session token is to connect the imaging device to a user session corresponding to a user of the user device. The imaging device further comprises a user authorization engine to obtain preliminary user details from the central server using the session token. The preliminary user details include a login ID and a user-selected authentication mode. The user authorization engine is to set-up a user login session using the preliminary user details for receiving user authentication approval from the central server to allow the user to access the imaging device.

Abstract: A method comprises collecting, by a computing device located at an edge of a network, data items corresponding to information transmitted by endpoints using the network, generating, by the computing device, a probabilistic hierarchy using the data items, generating, by the computing device using the probabilistic hierarchy and natural language data, a similarity metric, generating, by the computing device using the probabilistic hierarchy, the natural language data, and the similarity metric, an ontology, detecting, by the computing device using the ontology, an anomaly, and in response to detecting the anomaly, sending a notification.

Abstract: In one embodiment, a system on chip includes a first endpoint to issue a non-posted memory write transaction to a memory and a Peripheral Component Interconnect (PCI)-based fabric including control logic to direct the non-posted memory write transaction to the memory, receive a completion for the non-posted memory write transaction from the memory and route the completion to the first endpoint. Other embodiments are described and claimed.

Abstract: An integrated-circuit device includes a bus system, a plurality of master components, a plurality of slave components, and hardware filter logic. The bus system is configured to carry bus transactions and security-state signals for distinguishing between secure and non-secure transactions. The master components are switchable between a secure and a non-secure state. The hardware filter logic is configured to intercept bus transactions at an interception point, positioned within the bus system such that bus transactions from at least two of the master components and at least two slave components pass the interception point. It is also configured to use i) a slave address of the intercepted bus transaction, and ii) the security state of the intercepted bus transaction, to determine whether to allow the transaction, in accordance with a set of filtering rules, and to block intercepted bus transaction that are determined not to be allowed.

Abstract: A method may include receiving activity data associated with a user, wherein the activity data relates to online activity involving a product type, identifying the product type associated with the activity data, and predicting, based on the activity data, that the user is likely to purchase a product of the product type. The method may include generating, based on predicting that the user is likely interested in purchasing the product of the product type, an annotation to indicate that a potential transaction to purchase the product is forthcoming, and storing the annotation in a profile associated with an account of the user. The method may include detecting a transaction to purchase the product, wherein the transaction involves a payment from the account, and performing an action associated with a fraud analysis of the transaction based on the annotation.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain network digital ticket transfer. One of the methods includes receiving a request from a client device to transfer a digital ticket from a blockchain network to a target server by a blockchain network node. The blockchain network node determines whether the client device is authorized to transfer the digital ticket based on a digital signature in the request, and transmits a notification message to the target server if the digital signature is valid. The blockchain network node receives a confirmation message from the target server indicating validity of the client device, and transfers the digital ticket to the target server.

Abstract: Providing a private data exchange is described. An example computer-implemented method can include providing a data exchange by a cloud computing service on behalf of an entity. The data exchange may comprise several data listings provided by one or more data providers. The data listings reference one or more data sets stored in a data storage platform associated with the cloud computing service. The method may also include designating a data exchange administrator account of the data exchange. The data exchange administrator account may be associated with the entity and may be capable of: granting and denying requests from data consumers to access the data exchange; and granting and denying requests from data providers to publish data listings on the data exchange.

Abstract: A computer-implemented method. The method includes receiving a data structure being a network having nodes linked by links. The nodes have corresponding classes representing corresponding distinct notices to airmen (NOTAMs). The nodes are linked such that any given node is linked to at least one other node. The links represent corresponding pre-determined mathematical degrees of relevance between pairs of linked nodes. The links point from a corresponding less relevant node to a corresponding more relevant node. The nodes are pre-ranked in a prioritized order according to the pre-determined mathematical degree of relevance. The method also includes receiving a request to display the NOTAMs on a display device. The method also includes retrieving the NOTAMs associated with the nodes in the prioritized order. The method also includes commanding the NOTAMS to be displayed on the display device in the prioritized order.

Abstract: A processing system includes a detecting unit that detects an operator operation to set a recording medium onto an image processing apparatus or to move part of the image processing apparatus wherein the operator operation is an operation performed by an operator, and a controller that registers a registration processes and performs, in response to detected operator operation, a registration process among registration processes registered in advance wherein if one or more of the registration processes satisfy a predetermined condition, the controller registers the one or more of the registration processes which are changed not to perform in response to the operator operation or to perform the one or more of the registration processes after performing a particular process.

Abstract: A game processing apparatus displays an image of virtual space on a display that displays an image by using a sensor for identifying the position and direction of a certain body part of a player and the display. A controller in the game processing apparatus displays the image of the virtual space on the display in accordance with the position and direction of the certain body part of the player, and, when an information providing condition regarding the position and direction of the certain body part of the player is satisfied, outputs to-be-provided information.

Abstract: A media client device, including a memory and capable of processing Quadrature Amplitude Modulation (QAM) channels and IP channels, may receive a recording request to record content on an Internet Protocol (IP) channel. The media client device may provide, to a first device, a source Universal Resource Locator (URL) corresponding to the content, and receive, from the first device, encrypted content (e.g., an encrypted version of the content). The media client device may store, in the memory, the encrypted content, and provide, to a second device, information regarding the encrypted content to permit the second device to generate and store a license and a key. The media client device may receive a playback request to play the content, and obtain, from the second device, the license and the key. The media client device may decrypt, using the license and the key, the stored, encrypted content to obtain the content.

Abstract: An evaluating method can be performed by a computer. The method includes acquiring two-dimensional data represented by a plurality of character types, converting the two-dimensional data to three-dimensional data by classifying the acquired two-dimensional data into a dimension of the plurality of character types, analyzing a feature of the three-dimensional data, and evaluating input data described in the plurality of character types based on the analyzed feature.

Abstract: A system and method of managing tasks and organizations is provided herein.

Abstract: A method of migrating user workloads across a computer cluster, may include detecting a parameter associated with an end-user experience (EUE) during the emulation of a virtual machine (VM) operated within a virtual desktop infrastructure (VDI) environment; creating a composite score descriptive of the EUE; and migrating a workload associated with the VM among the computer cluster when a threshold composite score is reached.