Abstract: A monitoring method and system for secure conveying are provided. In a process of conveying a confidential document or item by a secure conveying device, a conveying path of the secure conveying device can be monitored in real time, and a distance between the secure conveying device and an accompanying person can also be monitored in real time. In a case where the secure conveying device neither deviates from a predetermined path nor is separated from the accompanying person, safe opening of the secure conveying device is ensured through a combination of open time, an open position, and open authorization information, thereby ensuring security of the confidential document or item conveyed by the secure conveying device.

Abstract: Existing systems provide data selection for one differential technique considering an analytical problem or synthetic data but not an arrangement for selection of one or more techniques together. The embodiments herein provide a method and system for differential privacy enabled service with hybrid rule management and similarity metrics to select data. The system generates a query table called universal data from the associates tables and databases. The system further based on query on the universal table of single columns or selected columns with different parameters using different privacy rules generates differential private data stored in temp tables/views. The system retrieves queried data of different techniques and parameters interactively viewing the privacy and similarity of each data types of retrieved data with universal data using different metrics like bar charts, Histograms, average, std.

Abstract: Systems and techniques for privacy preserving document analysis are described that derive insights pertaining to a digital document without communication of the content of the digital document. To do so, the privacy preserving document analysis techniques described herein capture visual or contextual features of the digital document and creates a stamp representation that represents these features without included the content of the digital document. The stamp representation is projected into a stamp embedding space based on a stamp encoding model generated through machine learning techniques capturing feature patterns and interaction in the stamp representations. The stamp encoding model exploits these feature interactions to define similarity of source documents based on location within the stamp embedding space. Accordingly, the techniques described herein can determine a similarity of documents without having access to the documents themselves.

Abstract: In some embodiments, a processor receives, via an interface, natural language data associated with a user request for performing an identified computational task associated with a cybersecurity management system. The processor is configured to provide the natural language data as input to a machine learning (ML) model. The ML model is configured to automatically infer a template query based on the natural language data. The processor is further configured to cause the template query to be displayed, via the interface. The processor is further configured to receive, via the interface, user input indicating a finalized query associated with the identified computational task, and to provide the finalized query as input to a system configured to perform the identified computational task. The processor is further configured to modify a security setting in the cybersecurity management system based on the performance of the identified computational task.

Abstract: A method includes: generating, based on a hash function using at least one input including first data, a first digest; storing the first data in a memory; reading the first data from the memory; generating, based on the read data, a second digest; comparing the first digest and the second digest; and determining, based on comparing the first digest and the second digest, whether the read data is corrupted.

Abstract: Methods of referencing row access policy (RAP) protected mapping tables in a RAP for a data table are disclosed herein. An example method of referencing a mapping table in a data table using nested RAP includes defining, by a processing device, a first access policy for the mapping table to control access by specific users or under specific conditions. The processing device further defines a second access policy attached to the data table referencing the mapping table. The processing device in response to a query, executes the second access policy of the data table to provide a response or operation of data associated with the data table and the mapping table. Executing the second access policy invokes executing the first access policy of the mapping table. The executing of both the second access policy of the data table and the first access policy of the mapping table are recorded.

Abstract: A method of protecting an endpoint against a security threat detected at the endpoint, wherein the endpoint includes, in memory pages of the endpoint, an operating system (OS), a separate software entity, and remediation code, includes the steps of: transferring control of virtual CPUs (vCPUs) of the endpoint from the OS to the separate software entity; and while the separate software entity controls the vCPUs, storing, in an interrupt dispatch table, an instruction address corresponding to an interrupt, wherein the remediation code is stored at the instruction address, and replacing a next instruction to be executed by the OS, with an interrupt instruction, wherein the interrupt is raised when the OS executes the interrupt instruction, and the remediation code is executed as a result of handling of the interrupt that is raised.

Abstract: Methods and systems for managing operation of data processing systems are disclosed. To manage operation of the data processing systems, the data processing systems may present unified communication and management systems. The unified communication and management systems may be used to manage the operation of any number of management controller embedded devices hosted by the data processing systems. The unified communication and management systems may be implemented using access to the management controller embedded devices.

Abstract: Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.

Abstract: The embodiments disclose a publisher website consent management system including a publisher website having a graphical user interface configured to display medical product content information, a first and second publisher-partner computer wirelessly coupled to the publisher website to provide medical product content information, a first and second rules set having first and second consent form parameters coupled to the publisher website configured to generate healthcare professional consent forms, a processor coupled to the publisher website configured to generate first and second consent codes to identify the types of medical product content information that has received the HCP end user consent to be displayed on the HCP end user's digital devices, and a consent database coupled to the publisher website to store the first and second consent codes configured to filter the types of medical product content information that have received acceptance or rejection of consent from the HCP end user.

Abstract: Systems and methods for connecting applications based on exchanged information are disclosed. According to one embodiment, a method may include: (1) receiving, by a data mining computer program, application information for a plurality of applications in an organization; (2) receiving, by the data mining computer program, application details for each application comprising application programmable interface (API) used by each application; (3) receiving, by the data mining computer program, API information for each API in the application details; (4) populating, by the data mining computer program, an application data objects table for each application; (5) creating, by the data mining computer program, parent-child relationships for the plurality of applications based on the application data objects table; and (6) generating, by the data mining computer program, an application dependency graph for the parent-child relationships.

Abstract: Systems, methods and computer readable products are provided for enabling dynamic loading of one or more digital image branding functions associated with one or more distribution rules. A distribution rule is used to target a group of end users that are selected from a dataset mapping a plurality of end-users according to one or more distribution rules. Instructions are forwarded to present an indication the digital image branding function to each member of the end users group.

Abstract: Certain aspects of the present disclosure provide techniques for enhancing vehicle operations safety using coordinating vehicle platooning or enhancing platooning safety against location spoofing attacks. In one example, a source user equipment (UE) detects a potential spoofing event associated with location information being altered in an unauthorized manner, the source UE may transmit a request to a platoon control system (PCS) to join a vehicle platoon. In another example, a first UE associated with a lead vehicle in an existing platoon may detect a potential spoofing event associated with location information being altered in an unauthorized manner. The lead vehicle may transmit to a second UE of another vehicle in the platoon an indication of the detection and a request to exchange the respective roles in the platoon. The PCS may also monitor the conditions of the first and the second UEs, and arrange for the platoon reorganization.

Abstract: In an embodiment, an application is created on a data-provider platform. The application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. Provider data is shared with the application on the data-provider platform. An application instance of the application is installed in a trusted execution environment (TEE). The application instance includes one or more APIs corresponding to the one or more APIs in the application on the data-provider platform. Consumer data is shared with the application instance from a data-consumer platform. One or more of the APIs of the application instance are invoked to execute, on the TEE, respective associated underlying code blocks that are not visible on the TEE. The output of the one or more respective associated underlying code blocks is saved to the data-consumer platform.

Abstract: The present disclosure relates to a system, method, and computer program for restoring extracted data to a cloud-based application. The system extracts a copy of data associated with a cloud-based application. The system provides a user interface that enables a user to enter a restoration flow for restoring the extracted data to the cloud-based application, where the restoration flow includes one or more routines for execution. The system receives a restoration flow comprising a pre-restoration routine and a restoration routine, where the pre-restoration routine specifies one or more data transformations to render the extracted data compatible with a restoration to the cloud-based application. The system executes the pre-restoration routine to transform the extracted data to be compatible with a restoration to the cloud-based application. The system executes the restoration routine to restore the transformed data to the cloud-based application.

Abstract: An example system includes a processor to receive an instance of a composite format comprising a masking restriction. The processor can generate a mask for the instance of the composite format based on the masking restriction. The processor can output the generated mask.

Abstract: A system comprises a memory and a processing apparatus. The memory stores a collection of personal information data and a data catalog of the collection of personal information data. The processing apparatus executes generating the machine learning model according to a designated machine learning logic, based on personal information data, corresponding to designated metadata in the data catalog and a designated data range. And the processing apparatus, executes calculating a personal identification risk which shows a risk of a person being identified based on an output of the machine learning model. Then the processing apparatus executes outputting the machine learning model when the personal identification risk, does not exceed a predetermined threshold.

Abstract: Embodiments related to using a foundational model for network packet traces. A technique includes receiving network traffic of a network and extracting features from the network traffic, the features having a function related to communications in the network. The technique includes generating tokens from the features, each of the features corresponding to a respective one of the tokens, training a machine learning model by inputting the tokens, the machine learning model being trained to output contextual embeddings for the tokens, and using the contextual embeddings to determine an anomaly in the network traffic.

Abstract: In order to automatically classify data without using a classifier constructed by machine learning, an information processing apparatus (1) includes: a data acquiring section (11) for acquiring target data, which is data to be classified into one of a plurality of categories in a hierarchical structure; and a classifying section (12) for classifying the target data into one of the plurality of categories in accordance with (i) a matching degree indicating a degree to which the target data matches that category and (ii) an upper-level matching degree indicating a degree to which the target data matches an upper-level category of that category.

Abstract: In accordance with an embodiment, described herein are systems and methods for use with a microservices or other computing environment, including a web server together with related libraries and features usable to build cloud-native applications or services. The system provides, by means of a header enumeration, an abstraction that allows message headers to be treated as objects, accessible via an application program interface that supports multiple communication protocols and allows clients and servers to communicate request/response messages using any of the supported protocols. When a request message with a known header type is encountered, the system can obtain an indexed value from the enumeration, if available, and provide the associated data directly to the process to which the request is directed, and/or cache the header value for later use.

Abstract: The present disclosure relates to systems and methods for providing cloud-based services securely to on-premises networks or other infrastructure. More particularly, the present disclosure relates to systems and methods for enriching first-party data (e.g., data collected directly by an on-premises server) stored within on-premises networks by enabling the on-premises networks to retrieve and process third-party data stored on cloud-based networks. As a technical benefit, cloud-based services can be performed on the first-party data within the on-premises networks.

Abstract: A method for performing a power disturbing operation to reduce a success rate of cryptosystem power analysis attack, an associated cryptosystem processing circuit and an associated electronic device are provided.

Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.

Abstract: The subject application relates to a method and server for handling streaming data, and includes: Obtaining a request for entering the live streaming as an invisible viewer; in response to obtaining the request, starting to provide a first user terminal of a first viewer with the streaming data for the live streaming while setting information on the first viewer invisible to other viewers and a streamer; and in response to detecting a first action of the first viewer in the live streaming, setting at least a part of the information visible to at least a part of the other viewers and the streamer. According to the subject application, it is possible to encourage further communication between the streamer and the viewer, and enhance user-user interactions through the live streaming.

Abstract: A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.

Abstract: A method for privacy preserving data processing in a linked data operating environment wherein applications have secure and permissioned access in an interoperable manner to data that is stored in one or more online data stores. The method begins by creating a privacy preserving data processing (PPDP) agent for use by an entity to process the data in association with the online data stores. The PPDP agent is then subjected to a certification process that ensures that the PPDP agent does not exfiltrate any data from the online data stores. After a successful certification, and following registration of the agent with an agent repository, a secure PPDP environment is instantiated in association with the data stores and in which the PPDP agent is then configured to execute. The PPDP agent is then executed within the secure PPDP environment over a configured security context and life-cycle of the PPDP agent.

Abstract: Content data is registered in a file management system, an identifier of a user in the file management system is registered in blockchain data, and a right-holder terminal includes a permission request receiving unit that receives, from the file management system, permission request data for the content including an identifier of the user, a verification unit that verifies that the identifier of the user registered in the blockchain data corresponds to the identifier of the user included in the permission request data, and an permission issuing unit that transmits, to the file management system, permission data for permitting a use of the content by the user.

Abstract: A system and method including receiving, from a first user of a first service, an indication of a second service to integrate with the first service; correlating a presence of the first user of the first service with an identifier of the first user in the second service; receiving, from a second user of the first service, an indication of the second service to integrate with the first service; correlating a presence of the second user of the first service with an identifier of the second user in the second service; receiving, from the second service via an application programming interface, a replication of a statement of work generated by the second service and associated with the second user; and persisting the replication of the statement of work in a data store of the first service that is accessible by the first user of the first service.

Abstract: The present disclosure relates to a remote attestation in a network. Embodiments provide a method comprising: attesting a first node in a network, by a node adjacent to the first node in the network; and generating an attestation result of the first node. A plurality of attestation results of the first node generated by a plurality of nodes adjacent to the first node in the network are combined to determine a credibility of the first node. In such embodiments, a fixed verifier for other nodes is eliminated, and a risk of a collapse due to a failure of such fixed verifier may be avoided.

Abstract: Embodiments of the present disclosure relate to electronic lockout of a client device, specifically to managing electronic lockout of a client device associated with a claim process via a device protection program management system and third-party provider. In this regard, embodiments herein may process various data associated with determining whether to authorize a claim under a device protection program, and cause initiation of and/or termination of an electronic lockout of a client device depending on received data and/or lack of received data. In this regard, example embodiments include receiving a device claim request indication associated with a client device, where the client device is associated with a functionality lockout state; initiating a claim associated with the client device; causing initiation of an electronic lockout of the client device; processing the claim to determine whether to authorize the claim; and causing updating of the electronic lockout based on the determination.

Abstract: Examples of the present disclosure describe systems and methods for discrete processor feature behavior collection and analysis. In aspects, a monitoring utility may initialize a set of debugging and/or performance monitoring feature sets for a microprocessor. When the microprocessor receives from software content a set of instructions that involves the loading of a set of modules or code segments, the set of modules or code segments may be evaluated by the monitoring utility. The monitoring utility may generate a process trace of the loaded set of modules or code segments. Based on the process trace output, various execution paths may be reconstructed in real-time. The system and/or API calls made by the microprocessor may then be compared to the process trace output to quickly observe the interaction between the software content and the operating system of the microprocessor.

Abstract: A system and method for providing access to third-party application programming interfaces (APIs) as a service. In particular, an API access manager can be configured to execute one or more serverless functions selected form a database of serverless functions in order to obtain data from one or more third-party APIs. Retrieved data can be used to evaluate compliance with one or more information security policies.

Abstract: A system and method for providing access to third-party software tools as a service. A service access manager can communicate with one or more third parties to manage licenses associated with third-party software tools. A machine learning model can be trained using logs generated by the system and causes of detected errors to automatically determine the cause of errors occurring in the future. Vendor logs generated by software instances instantiated by third-party systems can be collected and used to improve error attribution.

Abstract: Embodiments of the present disclosure provide methods, apparatus, systems, computing devices, and computing entities for predictive data protection using a data protection policy determination machine learning model.

Abstract: In an embodiment, a data platform creates an application in a data-provider account. The application includes one or more APIs corresponding to one or more underlying code blocks. The data platform shares provider data with the application in the data-provider account, and also installs, in a data-consumer account, an application instance of the application. The application instance includes one or more APIs corresponding to the one or more APIs in the application in the data-provider account. The data platform shares consumer data with the application instance in the data-consumer account, and invokes one or more of the APIs of the application instance to execute respective associated underlying code blocks, which are not visible to the data-consumer account. The data platform also saves output of the one or more respective associated underlying code blocks locally within the data-consumer account.

Abstract: An example method for data auditing for object storage public clouds includes a service broker receiving a request to store data in public object storage, where the request includes user information or a container image. The service broker, based on either the user information or the container image, determines that data auditing is necessary. The service broker creates a storage unit, in public object storage, and a storage proxy. The method further includes the storage proxy storing data, and a data auditor retrieving data from the storage proxy. The data auditor determines a data qualification for the data, and notifies the storage proxy of the data qualification.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for using additive and subtractive noise for preserving the privacy of users. In one aspect, a method includes obtaining a first set of genuine user group identifiers that identify user groups that include a user as a member. A second set of user group identifiers is generated for the user by removing zero or more genuine user group identifiers from the first set to generate the second set and adding, to the second set, one or more fake user group identifiers for user groups that do not include the user as a member. A probabilistic data structure is generated based on the second set of user group identifiers. The probabilistic data structure is transmitted. Data indicating a set of digital components including at least one digital component selected based on the probabilistic data structure is received.

Abstract: A system processes an API specification provided by a vendor to determine and classify the functions defined therein by CRUD operation type based on analysis of the function names. Classification of the function includes associating a bitmask corresponding to the class with the function name. The system then subscribes to an event stream including logged API function call events during a time window overlapping with a “blind spot” period of attack detection. The system analyzes incoming events to identify an associated resource and an API function call. The system classifies the function based on the determined function classes and performs a bitwise operation between bit values maintained for the identified resource that are indicative of resource state and the bitmask of the function class. If the resulting bit values indicate that the resource was both created and deleted during the time window, the system flags the resource as potentially involved in an attack.

Abstract: An assessment apparatus is able to access a surrogate model generation apparatus that comprises a query generation part that generates a first query causing an assessment target model to make an inference to obtain an inference result; an MIA execution part that executes a membership inference attack using as an input the inference result obtained by sending the first query to the assessment target model and infers virtual training data used to train the assessment target model; and a surrogate model generation part that uses the virtual training data to generate a surrogate model that emulates the behavior of the assessment target model, and the assessment apparatus comprises a security assessment part that transmits a second query to both the surrogate model and the assessment target model to assess the security of the assessment target model using the results therefrom.

Abstract: A system and method for performing distributed recognition divides processing steps between a device, having lower processing power, and a remotely located server, having significantly more processing power. Images captured by the device are processed at the device by applying a first set of image processing steps that includes applying a first detection. First processed images having at least one detected human is transmitted to the server, whereas a second set of image processing steps are applied to determine a stored entry matching the detected human of the first processed image.

Abstract: An indication of an application to be installed on a local device is received. A request is transmitted to a remote server for information associated with the application. In some cases, in response to the receipt of a report from the remote server, a set of rules restricting behaviors of the application is implemented at the local device. In some cases, in response to the receipt of a report from the remote server, the installation of the application on the local device is prevented.

Abstract: Systems and methods are disclosed for batch processing of key generation requests for internet-of-things (IoT) device vendors. An example method may include maintaining a queue of internet of things (IoT) devices for which encryption material generation has been requested. The method may also include receiving, from a first vendor, a first order to generate first encryption material for a first set of IoT devices and receiving, from a second vendor, a second order to generate second encryption material for a second set of IoT devices. The method may further include generating a dynamic encryption material schedule configured to partition the first set of IoT devices and partition the second set of IoT devices and applying the dynamic encryption material schedule such that the first encryption material and the second encryption material are generated at least partially in parallel.

Abstract: A system, method, and device for generating data visualizations are disclosed. The method includes (i) obtaining a natural language query, (ii) determining an intent for the natural language query, (iii) generating one or more data requests to one or more selected data sources, the one or more data requests being based at least in part on the intent, (iv) abstracting result data to obtain a data abstraction, the result data being responsive to the one or more data requests, and (v) generating a visualization for the result data based at least in part on the data abstraction.

Abstract: The present disclosure provides a joint training method and apparatus for models, a device and a storage medium. The method may include: training a first-party model to be trained using a first sample quantity of first-party training samples to obtain first-party feature gradient information; acquiring second-party feature gradient information and second sample quantity information from a second party, where the second-party feature gradient information is obtained by training, by the second party, a second-party model to be trained using a second sample quantity of second-party training samples; and determining model joint gradient information according to the first-party feature gradient information, the second-party feature gradient information, first sample quantity information and the second sample quantity information, and updating the first-party model and the second-party model according to the model joint gradient information.

Abstract: A method of designing a multi-party system in quotient algebra partition-based homomorphic encryption (QAPHE), which is based on the framework of quotient algebra partition (QAP) and the computation of homomorphic encryption (HE), wherein the method comprises: increasing single model provider A to multiple ones, wherein the number of the multiple model providers is L and let A1?i?L and L?2; increasing single data provider B to multiple ones, wherein the number of the multiple data providers is R and let B1?j?R and R?2; and encoding plaintexts, each of which is of kj qubits, from all data providers into ciphertexts respectively; aggregating the ciphertexts by a form of tensor product and generating an encoded state for computation; and preparing a model operation to conduct the encrypted computation via an encoded operator and the encoded state in a cloud. The method can improve the security of public-key/semi-public-key system and be applied to a threshold HE or a multi-key HE to solve actual problems.

Abstract: Methods and systems for securely managing personal data associated with image processing include an image sensor configured to capture an image, a local computer system local to the image sensor, and a backend computer system remote from the image sensor. The local computer system has a processor with a trusted execution environment (TEE) that detects anomalies in images from the image sensor, extracts personal data from the image, and encrypts the personal data. The local computer system then sends the extracted, encrypted personal data to the backend computer system, where a backend TEE decrypts the extracted, encrypted personal data, and performs data processing by comparing the decrypted personal data to other personal data that is stored in a backend database in the backend computer system.

Abstract: A memory device and an associated control method are provided. The memory device includes a non-volatile memory array and a memory control circuit. The non-volatile memory array includes M secured memory zones. The memory control circuit is electrically connected to the non-volatile memory array. The memory control circuit provides a set of mapping information and searches a request key in the set of mapping information. The set of mapping information represents correspondences between N access keys and the M secured memory zones. The memory control circuit acquires at least one of the M secured memory zones if the request key is one of the N access keys, and performs an access command to the at least one of the M secured memory zones. M and N are positive integers.

Abstract: This patent disclosure provides various verification techniques to ensure that anonymized surgical procedure videos are indeed free of any personally-identifiable information (PII). In a particular aspect, a process for verifying that an anonymized surgical procedure video is free of PII is disclosed. This process can begin by receiving a surgical video corresponding to a surgery. The process next removes personally-identifiable information (PII) from the surgical video to generate an anonymized surgical video. Next, the process selects a set of verification video segments from the anonymized surgical procedure video. The process subsequently determines whether each segment in the set of verification video segments is free of PII. If so, the process replaces the surgical video with the anonymized surgical video for storage. If not, the process performs additional PII removal steps on the anonymized surgical video to generate an updated anonymized surgical procedure video.

Abstract: A data storage device and method for token generation and parameter anonymization are provided. In one embodiment, a data storage device is provided comprising a memory and a controller. The controller is configured to receive a plurality of tokens and data comprising a plurality of data portions, which each token identifies a different set of the data portions to anonymize; create a plurality of anonymized versions of the data per the plurality of tokens; and store each of the plurality of anonymized versions of the data in different physical addresses in the memory, wherein the different physical addresses map to a same logical address in a mapping structure. Other embodiments are possible, and each of the embodiments can be used alone or together in combination.

Abstract: A computer system includes a processor that operates in a normal world and a secure world and that provides hardware-level isolation between the normal world and the secure world. A storage device of the computer system has a protected data region that stores critical data. A random-access memory of the computer system has a normal memory space that is accessible in the normal world and a secure memory space that is accessible only in the secure world. The secure memory space stores commands that transfer the critical data between the protected data region and the normal memory space by direct memory access.