Abstract: A system automatically manages data through a declarative client that retrieves data and caches data in response to a transmission of an auto-generated query from an end-user interface. The declarative client is served by a cloud services platform. A serverless engine receives images as a template in which a secure container is generated and receives multiple tasks that process the image within the secure container. An application programming interface extracts data in response to the auto-generated query. The declarative client includes a cache that breaks up results of the auto-generated queries into individual objects that are associated with a unique identifier across and a unique name to speed up the execution of the auto-generated queries. A scalable domain name system routes requests to access an instance of a cloud application and caches the name of the domain in response to the request.

Abstract: Protecting membership in secure multi-party computation and communication is provided. A method of protecting membership includes generating a padding dataset, up-sampling a first dataset with the padding dataset, transforming and dispatching the first dataset, receiving a second dataset, and performing a private set intersection operation based on the first dataset and the second dataset to generate a third dataset. Each of the first dataset, the padding dataset, and/or the second dataset includes one or more personal identification information for each user or member in the dataset.

Abstract: Systems and methods for verifying requests for personal information are described. A server computing system may receive a request for personal information associated with a requester, the request sent based on a government regulation related to consumer privacy rights, the request including a first identifier provided by the requester, the personal information stored in one or more databases based on one or more past transactions engaged between the requester and an entity associated with the one or more databases. The server computing system may search the one or more databases using the first identifier to identify a second identifier related to the first identifier, the second identifier stored in the one or more databases by the entity based on the one or more past transactions. The server computing system may verify identity of the requester using at least the second identifier.

Abstract: An example implementation may involve a computing system receiving, from a media playback system, a request to initiate playback of a cloud queue. The cloud queue may currently have a first access status that authorizes a first set of queue operations, which may include playback of the cloud queue. After receiving the request to initiate playback, the computing system may cause audio tracks of the cloud queue to be queued in a local queue of the media playback system such that the media playback system may playback audio tracks of the cloud queue via the local queue. The computing system may modify the access status of the cloud queue to a second access status. This second access status may authorize a second set of queue operations on the cloud queue. The computing system may cause access to the local queue to be restricted to the second set of queue operations.

Abstract: A cardholder authentication method includes receiving, at an authentication network, an authentication request involving an account. The method further includes determining, based at least in part on a portion of an account identifier associated with said account, an authentication service. In addition, the method includes determining, based at least on said authentication service and a portion of said account identifier, an authentication response. The method also includes transmitting, to a merchant associated with a transaction involving said account, said authentication response.

Abstract: Aspects of the disclosure provides a secure key management and data transmission system that includes a transmission system, a data consumer network device, a user network device, and a data transmission network. The transmission management system is configured to receive user-specific data from the user network device via the data transmission network and receive a request for a service corresponding to processing the user-specific data according to a proprietary process provided by the data consumer network device. The transmission management system is also configured to generate service response data based on processing the user-specific data according to the proprietary process in response to the received request, encrypt the service response data to become single-encrypted service response data, transmit the single-encrypted service response data to the data consumer network device, and receive and store double-encrypted service response data from the user network device.

Abstract: Systems and methods are disclosed for establishing controlled remote access to debug logs. An example method may comprise: receiving, by a first computing device, from a second computing device, an encrypted file comprising a debug log; running, within a trusted execution environment of the first computing device, a log access application; sending, to the second computing device, a request for access to the debug log by the log access application, wherein the request comprises a validation measurement generated by the trusted execution environment with respect to the log access application; receiving, from the second computing device, an access key; and accessing the debug log using the access key.

Abstract: A method, with the aid of which an installation-wide security consideration may be carried out, that is not limited only to automation components of a single manufacturer, but that functions across all manufacturers, is provided. Through suitable user guidance and automated support in process-conforming execution of assessments, incident handling and the definition of security measures as well as corresponding tracking, the method has a high level of user-friendliness. A rule generator uses security criteria in order to develop user-specific analysis rules from a complex rulebook with a number of input values. All the installation-relevant data is automatically compiled in an inventory. The machine security auditor applies the user-specific rulebook to the collected installation data from the asset inventory, and from that, prepares the audit trail.

Abstract: A method and apparatus for executing code in a container are described. In one embodiment, the method comprises generating code on a host computer system using a user interface; and executing the code inside a container on the host computer system, including performing access control based on one or more properties of the host computer system.

Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network, determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of the process, determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset, and implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network.

Abstract: The disclosed computer-implemented method for protecting user privacy may include (i) receiving an indication to protect a photo with privacy-protecting blurring, (ii) generating a blurred version of the photo, (iii) generating, based on the blurred version of the photo, a video that progressively de-blurs the photo, (iv) linking through metadata the blurred version of the photo and the video that progressively de-blurs the photo as a combined motion-photo-object, and (v) storing the combined motion-photo-object in a configured location such that a photo display program uses the blurred version of the photo as a preview of the motion-photo-object when browsing but plays the video that progressively de-blurs the photo in response to additional user input selecting the preview. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to a method for analysis on interim result data in a de-identification procedure, an apparatus for the same, a computer program for the same, and a recording medium storing computer program thereof. A method for de-identification according to an example of the present disclosure may include: generating a first interim result data by applying a first de-identification process to an initial data; generating a first analysis metric for the first interim result data; and generating a final result data based on the first interim result data, when the first analysis metric satisfies a first de-identification criterion.

Abstract: A multi-country data pipeline keeps all of the PII received from a user that is in a first country in the first country. The data pipeline allows the non-personal data received from the user to be transmitted and analyzed in a second country. The method further allows the results of the analysis in the second country to be transmitted back to the first country where the PII is added to the results of the analysis. The data pipeline allows the results of the analysis in the second country to be used to take a desired action for the user in the first country, all while the PII of the user never leaves the first country.

Abstract: A method, computer system, and computer program product are provided for controlling data access and visibility using a context-based security policy. A request from an endpoint device to receive data is received at a server, wherein the request includes one or more contextual attributes of the endpoint device including an identity of a user of the endpoint device. The one or more contextual attributes are processed to determine that the endpoint device is authorized to receive the data. A security policy is determined for the data based on the one or more contextual attributes. The data is transmitted, including the security policy, to the endpoint device, wherein the endpoint devices enforces the security policy to selectively permit access to the data by preventing the endpoint device from displaying the data to an unauthorized individual.

Abstract: Provided is dynamic and flexible authentication based on an interaction over a communications link between a user device and a financial entity. A set of interactions enabled at the user device are categorized into different levels, each level comprises a different authentication policy. At about the same time as an interaction is initiated at the device, an authentication policy assigned to the interaction is accessed and a security challenge is activated at the device. Based upon a successful response to the security challenge, an enablement of the communications link is continued. Based upon an unsuccessful response to the security challenge, the communications link is disabled.

Abstract: A method for detection of tampering in an executable code including one or more code blocks. The method includes monitoring execution of the executable code with a call stack data structure associated therewith, the execution involving accessing one or more address spaces; receiving information about the one or more address spaces, as accessed; comparing the received information about one or more accessed address spaces with information about one or more allowed address spaces defined in the call stack data structure of the executable code; raising a flag upon detection that the one or more accessed address spaces are different from the one or more allowed address spaces, based on the comparison; and executing an action based on the raised flag.

Abstract: Systems and methods for efficient and secure management of encrypted “snapshots” for a remote provider substrate extension (“PSE”) of a cloud provider network substrate are provided. The PSE may request and obtain a snapshot from the cloud provider network substrate, restore a volume from the snapshot, make changes to data in the restored volume, and/or initiate the creation and storage of a new snapshot that includes incremental updates to the original snapshot to reflect the changes made to data in the volume. An encrypted snapshot stored within the cloud provider network substrate may be decrypted using a cloud provider key designed for internal use only, and then re-encrypted using a PSE-specific key before providing the snapshot to the PSE, thereby avoiding the sharing of the cloud provider internal use only key outside the cloud provider network substrate.

Abstract: In accordance with at least some aspects of the present disclosure, an illustrative method for authenticating a user is disclosed. A plurality of biometric modalities are displayed for authenticating the user. A selection of one or more of the biometric authentication modalities may be received. User authentication data may be received for each of the one or more selected authentication modalities. The user authentication data may be compared with previously-determined biometric data. An authentication score may be determined based on the comparison of the user authentication data with the previously-determined biometric data. A determination may be made whether to authenticate the user based on the authentication score.

Abstract: The disclosed embodiments include computerized systems and methods for generating secured blockchain-based ledger data structures that track occurrences of events across fragmented and geographically dispersed lines-of-business of an enterprise. In one instance, an apparatus associated with a rules authority of the secured blockchain-based ledger may detect an occurrence of a triggering event, and may access and decrypt a set of rules hashed into the secured blockchain-based ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule, including a disbursement of various rewards to employees in response to customer-specific interactions with the enterprise. The disclosed embodiments provide a rules process for aggregating mutually incompatible enterprise data that specifies the events, and for tracking the events in uniform data structures accessible across the enterprise.

Abstract: The disclosed embodiments include computerized systems and methods for generating secured block-chain-based ledger data structures that track subdivide ownership and usage of one or more assets, such as Internet-connected devices. In one instance, an apparatus associated with a rules authority of the secured block-chain-based ledger may detect an occurrence of a triggering event related to at least one of partial ownership interests in the assets, and may access and decrypt a set of rules hashed into the secured block-chain-based ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule, including a generation of additional data blocks reflecting a change in at least one of the partial ownership interests, and additionally or alternatively, processes that adaptively monitor a compliance of one or more partial owners with an imposed usage restriction.

Abstract: Methods and systems for generating representative data. A generator is configured to create, using a learning model, one or more generated records based on a plurality of training records obtained from a sensitive database. A discriminator is trained to identify the generated records as being generated based on the training records and a privacy adversary is trained to identify a training sample as being more similar to a distribution of the generated records than a distribution of the reference records.

Abstract: A fifth generation (5G) network can provide Rich Communication Services (RCS) between multiple user equipment (UE) of different device types and/or different operating systems. An RCS server in an IP Multimedia Subsystem (IMS) can be used to format data associated with a chat between UEs having different operating systems. The RCS server can initiate, establish, maintain, format, augment, or otherwise determine a rich communication chat message between the UEs over the 5G network.

Abstract: An information processing apparatus includes: at least one device; a first processor configured to control the at least one device; a second processor configured to verify validity of a program to be executed by the first processor, and to allow the first processor to execute the program when the program is determined to be valid; and a control circuit configured to control supply of power to the at least one device. The second processor starts the verification of the program in response to the information processing apparatus being powered on. The first processor starts the execution of the program at least based on a first control signal indicating that the program is determined to be valid. The control circuit starts the supply of the power to the at least one device before the determination that the program is valid.

Abstract: An example computing platform is configured to (i) maintain a three-dimensional, federated model of a construction project, where the model includes respective objects created using at least two different authoring tools, (ii) receive, via a client device installed with a viewing tool for displaying the model, one or more user inputs that collectively (a) select a displayed representation of a given object within the model and (b) assign a value for a property of the given object, (iii) based on the one or more inputs, identify a GUID of the given object within a hierarchical data structure for the model and cause the model to be updated by associating the assigned value for the property with the GUID of the given object, and (iv) cause the client device to display, via the viewing tool, the updated model including an indication of the assigned value for the property of the given object.

Abstract: At least one aspect is directed to determining an estimate of an intersection of user identifiers in a first set of user identifiers and a second set of user identifiers. The first and second sets of user identifiers can be populated with user identifiers that have interacted with the same content item or content item campaign. Estimates of intersections of the first and the second sets can be determined based on a binomial vector approach, a vector of counts approach, or a hybrid approach. The binomial vector approach generates vectors based on k hashes of each user identifier in the first set and summing the vectors to generate a first vector. The intersection can be determined based on a dot product of the first vector and a second vector similarly generated from the second set of user identifiers.

Abstract: An unauthorized communication detection apparatus comprises: a reception module configured to receive operational data; a transmission module configured to transmit the operational data; an acquisition module configured to acquire a correction value for correcting a determination expression for calculating a score for determining whether the operational data is involved in unauthorized communication, based on a parameter for extending an application range of a specific learning model and on a specific feature amount corresponding to the specific learning model among a plurality of feature amounts of the operational data; a determination module configured to calculate the score based on the plurality of learning models, the plurality of feature amounts, and the correction value, and determine whether the operational data is involved in unauthorized communication based on the calculated score; and a transmission control module configured to control the transmission of the operational data based on a determinati

Abstract: An information processing system includes at least one server and one or more devices communicable with the server through a network. The information processing system includes circuitry configured to: manage a service in association with a device type that can use the service; manage the devices in association with the device type, the devices each being a target device to which a license is to be allocated; and compare a device type associated with the target device to which the license is to be allocated with the device type associated with the service, to determine whether an allocation of the license of the service to the target device is permitted.

Abstract: A computer program product, system, and computer implemented method for application-level redirect trapping and creation of NAT mapping to work with routing infrastructure for private connectivity in cloud and customer networks. The approach disclosed herein generally comprises a method of leveraging a reverse connection endpoint and IP address mapping controller to capture redirection messages from a private cloud or network (e.g., a service consumer network or a service consumer hybrid cloud). This allows at least the IP address mapping controller to manage a cloud networking infrastructure to provide for a service provider network (e.g., a public cloud) to support applications that overcome the isolation requirements of a private cloud or network to perform useful work. For example, without saddling the private cloud or network user with a heavy pre-configuration burden, the approach disclosed herein supports redirection to dynamically determined IP addresses at the private cloud or network.

Abstract: Described embodiments provide systems and methods for adaptive data loss prevention. A first computing device may generate, according to a first response from a server and an output from a second computing device identifying sensitive data in the first response, at least one rule regarding the sensitive data, and at least one template for data loss prevention (DLP) responses. The first computing device may determine, according to the at least one rule, a match to a second response from the server, that includes the sensitive data. The first computing device may provide, according to the match and the at least one template, a DLP response to redact the sensitive data of the second response, in place of a DLP output from the second computing device identifying the sensitive data in the second response.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing a privacy manager are disclosed. In one aspect, a method includes the actions of receiving, from a client device, an indication of a first setting of the client device. The actions further include receiving, from the client device, an indication of a type of data that the client device is prepared to transmit. The actions further include, based on the first setting and the type of data, generating an instruction to adjust the first setting or a second setting of the client device. The actions further include, before the client device transmits the data, providing, for output to the client device, the instruction to adjust the first setting or the second setting of the client device.

Abstract: Methods, systems, articles of manufacture and apparatus to privatize consumer data are disclosed. A disclosed example apparatus includes a consumer data acquirer to collect original data corresponding to (a) confidential information associated with consumers and (b) behavior information associated with the consumers, and a data obfuscator. The data obfuscator is to determine a degree to which the original data is to be obfuscated and a type of obfuscation to be applied to the original data based on the original data, generate obfuscation adjustments of the original data based on the degree and the type, and generate an obfuscation model based on the obfuscation adjustments.

Abstract: Techniques for business data protection for running tasks in a computer system are described herein. An aspect includes receiving a request. Another aspect includes processing a task corresponding to the request. Another aspect includes receiving a debugging request from a user corresponding to the task, wherein the debugging request is received during the processing of the task. Another aspect includes, based on receiving the debugging request, determining whether the user is authorized to access business data corresponding to the task. Another aspect includes, based on determining that the user is not authorized to access the business data corresponding to the task, redacting the business data from debugging data corresponding to the debugging request. Another aspect includes providing the redacted debugging data to the user.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for deciphering and unblocking applications in error in real-time. The invention creates, maintains, and continuously updates a back-end database with a rules depository for providing alternative routes for error obfuscation via machine learning and historic action logs. The appropriate alternate route is determined based on workflow and coding. The system integrates a user facing virtual system to provide an assistant launcher in application alerts. In case of failed operations, the user facing virtual system launches in integration with the invention for knowledgeably reiteration of details of the error based on launch point after failure. The system may decipher the error code, provide an alternative resolution path to the user, and execute the flow by assisting the user via the user facing virtual system.

Abstract: Systems and methods are provided for storing, at a storage device communicatively coupled to a computer, one or more operations to be executed for a web browser. A closed shadow document object model (DOM) may be generated by a component of a web page to be displayed in the web browser using the one or more of the stored operations. The closed shadow DOM may be configured to receive sensitive data or restricted data. The component of the web page that receives the sensitive data or restricted data may instantiate an inline frame (iFrame) with a same domain as the component. The web page to receive the sensitive data or restricted data via the instantiated iFrame may be displayed on a displayed device from an input device communicatively coupled to the computer for a component of the web page.

Abstract: A method for establishing a campaign for a simulated phishing attack includes receiving, via a campaign manager, specification of a plurality of parameters for a campaign including at least an identifier of a campaign and identification of users to which to send the campaign, establishing, via the campaign manager, a type of exploit for the campaign and one or more types of data to collect via the type of exploit, storing, by the campaign manager, the campaign comprising the plurality of parameters, and identifying, by a simulation server, the campaign stored in the database to create a simulated phishing email, to be sent to email accounts of the users, using the plurality of parameters of the campaign, wherein the simulated phishing email is to be created to have a link to a landing page comprising the type of exploit and configured to collect the one or more types of data.

Abstract: A processor receives a signal representing data including event information detailing an event involving an entity having a registered ownership interest in a product and loads a portion of a distributed electronic ledger for tracking ownership information associated with the product. The distributed electronic ledger includes, within a block thereof and associated with the product, an event trigger list including entity data associated with each entity having a registered ownership interest in the product and a rules engine including rules associated with event triggers in the event trigger list. The processor determines whether a triggering event corresponding to the event is stored in the event trigger list and, when the event has a corresponding triggering event, determines the associated rule within the rules engine. The processor updates and saves the distributed electronic ledger by performing an action specified by the determined associated rule.

Abstract: Various surgical hubs and data stripping methods are disclosed. The surgical hub comprises a processor and a memory coupled to the processor. The memory stores instructions executable by the processor to interrogate a modular device coupled to the processor via a modular communication hub. The modular device is a source of data sets that include patient identity data and surgical procedure data. The processor also executes instructions to: receive a data set from the modular device; discard the patient identity data and any portion of the surgical procedure data that identifies the patient from the data set; extract anonymous data from the data set and create an anonymized data set; and configure operation of the surgical hub or the modular device based on the anonymized data set.

Abstract: A system for dynamic data modification and correction is provided. The system comprising: a memory device with computer-readable program code stored thereon; a communication device connected to a network; a processing device, wherein the processing device is configured to execute the computer-readable program code to: monitor a first data storage location for an artifact stored in the first data storage location, the artifact comprising unobscured private data; move the artifact to a second data storage location based on identifying the unobscured private data; generate a context rule set for the artifact based on an artifact type and one or more data fields of the artifact; modify the artifact to remove the unobscured private data based on the context rule set; and reintroduce the modified artifact to the first data storage location.

Abstract: Embodiments described herein are generally directed to a cloud-native approach to software license enforcement in a container orchestration system. According to an example, information indicative of a number of sets of containers that are making use of one or more components of an application is received. The application is licensed by the tenant and the sets of containers are running within a namespace of the tenant within a cluster of a container orchestration system. Overuse of the application by the tenant is determined based on whether the number exceeds a licensing constraint for the application specified within an Application Programming Interface (API) object of the container orchestration system corresponding to the application. Responsive to a determination that the application is being overused by the tenant, the tenant is caused to be notified regarding the overuse.

Abstract: Disclosed is a distributed profile building system, gathering video data, audio data, electronic device identification data, and spatial position data from multiple input devices, performing human emotion and identity detection, and gaze tracking, and forming user profiles. Also disclosed is a method for building user profiles using a distributed profile building system by gathering video data, audio data, electronic device identification data, and spatial position data from multiple input devices, performing human emotion and identity detection, and gaze tracking, and forming user profiles. Also included is a targeted promotion system, which includes software for making real-time promotions for select products based on retail customers' individual characteristics. Additionally, a targeted digital coupon management system creates, delivers and facilitates redemption of various types of digital coupons according to the business rules set by the retailers.

Abstract: A consumable can be used to securely send data to devices. A security platform can produce a consumable, for example an ink cartridge, with data to be uploaded onto a device, such as a printer. If the consumable and device can perform a successful authentication, broadcast data can be delivered to the device via the consumable. Such techniques can help ensure that authentic consumables are being used in authentic devise. Further, such techniques can enable a licensing model where different consumables can be configured with different data to enable or disable different features of the device.

Abstract: A system for managing composed information handling systems to provide data protection services for data generated by applications hosted by the composed information handling systems, includes a processor that executes applications and a system control processor manager that obtains a composition request for a composed information handling system, identifies a compute resource set having compute resources specified by the composition request, identifies a hardware resource set having hardware resources specified by the composition request, sets up storage management services for managing reads and writes of data the hardware resource set using a control resource set, which performs deduplication on data generated by the applications, to obtain logical hardware resources, and presents the logical hardware resources using the control resource set to the compute resource set as bare metal resources to instantiate a composed information handling system to service the composition request.

Abstract: A method for reducing a level of secure data exposure within the dark web may be provided. The secure data may be associated with a third party data custodian that may be associated with a pre-determined entity. The method may include searching the communications to identify one or more single locations that may include numerous communications that may include text identifying the selected third party data custodian. Each communication may be assigned a time-stamp in order to calculate a speed of how many communications within a pre-determined time period may be identified to include text identifying the third party data custodian. Simultaneous to the searching, the method may include running a time clock. When a rate per unit of time of identification of each identifying text is equal to or greater than a pre-determined rate per unit of time, increasing a monitoring at the one or more single locations.

Abstract: The present disclosure relates to systems and methods for microservice execution load balancing in virtual distributed ledger networks. In one embodiment, a system comprises a plurality of hardware processors; and at least one memory device storing processor-executable instructions to perform operations comprising: creating one or more virtual machines or containers; and executing a plurality of microservices via the one or more virtual machines or containers, wherein the plurality of microservices includes: a smart contract execution microservice configured to execute a smart contract after receiving a smart contract microservice request; and a load balancer microservice configured to distribute hardware processing load associated with the smart contract execution microservice across the plurality of hardware processors.

Abstract: A method of routing a payment transaction includes receiving a transaction request message. The message includes a payment token that was previously issued to an account holder. The payment token is translated into a funding account indicator. The funding account indicator is in a format defined for payment card account numbers in a payment account system. The funding account indicator is translated into a bank account number. The bank account number identifies a bank deposit account owned by the account holder. An EFT message is transmitted to initiate an EFT transaction to be funded from the bank deposit account owned by the account holder. The EFT message includes the bank account number.

Abstract: Embodiments of architecture, systems, and methods that enable a User to maintain certain personal information across various vendors automatically are described herein. Other embodiments may be described and claimed.

Abstract: Techniques are described for runtime checking of function metadata prior to execution of a function in an environment. An application may include any appropriate number of components at one or more levels in a hierarchical arrangement, and each component may be packaged with metadata that describes the component. A function, or any component, may be packaged with metadata that includes term(s) governing the usage of the function. The term(s) may be checked, at runtime, during execution of the application to determine whether the function is to be executed. A function may also be hashed at runtime for verification of function version. Function(s) may be individually and independently executed as containerized nano functions within the environment.

Abstract: An embodiment of a computerized method for detecting bootkits is described. Herein, a lowest level software component within a software stack, such as a lowest software driver within a disk driver stack, is determined. The lowest level software component being in communication with a hardware abstraction layer of a storage device. Thereafter, stored information is extracted from the storage device via the lowest level software component, and representative data based on the stored information, such as execution hashes, are generated. The generated data is analyzed to determine whether the stored information includes a bootkit.

Abstract: A method for secure interaction on a universal platform.

Abstract: A method includes determining a plurality of identifiers based on a data retrieval request. Integrity information is generated based on determining the plurality of identifiers. Stored integrity information corresponding to the data retrieval request is compared with the integrity information. When the stored integrity information compares unfavorably with the integrity information, corruption associated with the plurality of identifiers is determined.