Abstract: A universal resource locator (URL) collider processes a click event referencing a URL and directs a browser to a page at the URL. While the page is being rendered by the browser with page data from a web server, the URL collider intercepts the page data including events associated with rendering the page, determines microfeatures of the page such as Document Object Model objects and any URLs referenced by the page, applies detection rules, tags as evidence any detected bad microfeature, bad URL, or suspicious sequence of events, and stores the evidence in an evidence database. Based on the evidence, a judge module dynamically determines whether to condemn the URL before or just in time as the page at the URL is fully rendered by the browser. If so, the browser is directed to a safe location or a notification page.

Abstract: The present specification provides a novel network traffic monitoring and optimization engine. In one example system, a target platform and a plurality of content platforms are available for access by a plurality of client devices. The plurality of content platforms can carry primary content for direct consumption and secondary content for suggesting diversion to the target platform. Each content platform may generate unique primary content but be configured to carry similar secondary content for the suggested diversion. The optimization engine is configured to reduce wasted network bandwidth and other computing resources by biasing the secondary content towards the content platforms that more commonly result in generation of secondary content that actually causes diversion to the target platform.

Abstract: An approach to sensor data is based on scenes. One aspect concerns a computer-implemented method for specifying and obtaining a variety of sensor data and processed sensor data related to a scene. The method incorporates a Scene-based API that uses SceneModes and SceneData. An application requesting sensor data communicates a SceneMode to a group of one or more sensor devices and/or sensor modules via the Scene-based API. The SceneMode determines the SceneData to be captured or provided by the sensor group, which typically includes different types of sensor data related to the Scene and also further processed or analyzed data. The application receives the SceneData from the sensor group via the Scene-based API, with the SceneData organized into SceneShots which are samples of the Scene.

Abstract: The system and methods described allow a content delivery application to provide temporary access to a content item for display on a content access device based on a user obtaining access to the content item initially on another system. The content delivery application receives content accessed confirmation that user access a content item and then monitors whether that access was interrupted. If the access was interrupted, the content delivery application generates a content access bookmark based on a content timeline and stores a content access authorization comprising the content access bookmark and an identifier from the profile. When the user requests the content item, the content delivery application transmits access information corresponding to segments of the content item, based on the content access bookmark to a user's device.

Abstract: Embodiments of the present disclosure relate to a computer-implemented method, device, and computer program product. The method includes: determining, based on a set of user behavior data over a first time period, a set of behavioral features for a user behavior over the first time period. The method further includes: determining, based on the set of behavioral features, a set of anomaly scores for the user behavior according to an anomaly detection model. The anomaly detection model is trained based on user behavior data over a second time period. The method further includes: updating a previously determined anomaly score threshold based on comparison of the determined set of anomaly scores with the anomaly score threshold. The anomaly score threshold is used for indicating whether the user behavior is anomalous. By continuously updating the anomaly score threshold, the solution uses the updated anomaly score threshold for anomaly detection of user behavior.

Abstract: A technique of performing anonymization without impairing usefulness of data. An anonymization apparatus includes an overlapping exclusion part configured to generate a partial table of M×L including L records of a table to be anonymized which have sets of values of p master attributes different from each other, from the table to be anonymized of M×N, where M is the number of attributes, N is the number of records, p is the number of master attributes, and L is the number of sets of values of p master attributes which are different from each other, an anonymization part configured to generate an anonymized partial table of M×L from the partial table by anonymizing the p master attributes in the partial table, and an overlapping restoration part configured to generate an anonymized table of M×N.

Abstract: A system and method for managing access to entity identity data are described. The system comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a remote device as being associated with an entity; receive, via the communications module and from the remote device, pre-consent data identifying one or more third parties permitted to access entity identity data for the entity; store, in the memory, the pre-consent data in association with the entity; receive, via the communications module and from a digital identity network, a signal representing a request to release the entity identity data to the third party; determine, based on the pre-consent data, that the entity identity data is to be released to the third party; and initiate release of the entity identity data to a computing device associated with the third party.

Abstract: Methods and systems relating to a protocol for verification and enforcement of proper payment of a reward from a business (second entity) to a user (first entity) are shown. A reward can be earned by the user storing private information as encrypted data on the block chain or in a data store, such as IPFS, accessible by the business. Smart contracts running on a block chain operate to implement portions of the protocol while a local block chain node can run smart contracts in read-only mode to avoid placing private information, such as decryption keys, on the block chain. The protocol can be implementable over public storage and all artifacts of the protocol can be used later as proofs of proper behavior. The protocol defines incentives and penalties to motivate every player to act according to the rules, hence making the methods and systems operate as expected.

Abstract: A management system includes circuitry to receive an operation request for a specific device of one or more devices from a communication terminal used by a user for who user authentication has been successfully performed by a management system. The one or more devices and the communication terminal are communicating with each other to execute an event managed by the management system. The circuitry stores, in a memory, operation identification information and access information in association with each other. The operation identification information identifies a device operation associated with the operation request. The access information is associated with the user and used to access external storage. The circuitry uploads data acquired by the specific device according to the device operation corresponding to the operation identification information to the external storage using the access information associated with the operation identification information.

Abstract: A method of a payment for an Internet of Things (IoT) device is provided. The method includes steps of: a payment supporting server (a) on condition that the payment supporting server has registered certificates of the IoT device, a service providing device, and a digital wallet in a first blockchain, manages their transaction IDs, has registered a representative hash value in a second blockchain, manages their transaction IDs, and manages link information between the IoT device and the digital wallet, confirming validity of a billing transaction, and (b) acquiring identification information on the digital wallet; and (c) paying the billing detail using the digital wallet, registering its payment result in the first blockchain, registering in the second blockchain, if one anchoring condition is satisfied, a first representative hash value, and transmitting the payment result to the service providing device, the IoT device, and the digital wallet.

Abstract: A data privacy protection tool operates on behalf of a user to effectuate countermeasures and protections for selected portions of their privacy data as provided to a digital service provider (DSP) sites/apps. The countermeasure can be tailored to increase and/or incentivize compliance by DSPs with distribution or access rules for the user data.

Abstract: Systems and methods for controlling access to resources. The methods comprise a data structure (e.g., a blockchain, etc.) using a parent NFT or child NFTs to control access to resources and recording data in a block indicating performance of a transaction or activity in relation to the resources. At least one block comprises the parent NFT with the child NFTs nested therein. The parent NFT may comprise a first smart contract defining a main policy for accessing or using the resources. The child NFT may comprise a second smart contract defining a sub-policy for accessing or using the resources.

Abstract: A system for controlling visual protection for a display unit includes a camera which is configured to generate a video signal; a video signal processing unit which is configured, based on the video signal of the camera, to determine a particular position of each of one or more persons relative to the display unit and to determine a particular viewing direction of one of the one or more persons; a database which is configured to generate a prediction for a behaviour of each of the one or more persons based on the particular position and viewing direction of each of the one or more persons detected by the video signal processing unit, wherein the prediction includes one or more predicted viewing directions of the particular person; and a display control unit which is configured to control the visual protection for the display unit based on the prediction.

Abstract: Systems and methods for recovery access to lost blockchain wallet seed phrases are disclosed. The systems and methods can store seed phrases for users for future retrieval. In some examples, a decentralized oracle creates an oracle private key that can be used to authenticate a user who is requesting the seed phrase. In some examples, the oracle creates a private/public key pair that can be used to transmit and store an encrypted version of the seed phrase. The authentication steps described herein also include knowledge-based authentication questions about the wallet, e.g., prior transactions using the wallet, value of the wallet, and the like.

Abstract: Methods, apparatuses, and systems for a web services provider to interact with a client on remote job execution. For example, a web services provider may receive a job command, from an interactive programming environment of a client, applicable to job for a machine learning algorithm on a web services provider system, process the job command using at least one of a training instance and an inference instance, and provide metrics and log data during the processing of the job to the interactive programming environment.

Abstract: A method, apparatus and network node for clustering a terrestrial area based on Geohash coordinates by selecting a node based on a Geohash area identified by a Geohash string of a predetermined length; subdividing the Geohash area into subareas by increasing the Geohash string by a length of one; and sequencing through the subareas to identify subarea/subareas that exceed a threshold number of a selected parameter. For subareas not exceeding the threshold number of the selected parameter, combining those subareas into clusters without exceeding the threshold number of the selected parameter in respective clusters. For subareas exceeding the threshold number of the selected parameters, subdividing those subareas into further subareas by increasing the Geohash string by one and sequencing through the further subareas to place the further subareas into clusters without exceeding the threshold number of the selected parameter.

Abstract: An example operation may include one or more of anonymizing, via an anonymization service hosted within a trusted execution environment (TEE), raw data provided by a computing node to generate anonymized data, generating, via the anonymization service, an authenticator object that binds together a hash of the raw data and a hash of the anonymized data, transmitting the generated anonymized data to the computing node, and submitting the authenticator object to a blockchain ledger via a blockchain transaction.

Abstract: An offload server includes: an application code analysis section configured to analyze a source code of an application and detect external library calls included in the source code as replacement sources; a replacement function detection section configured to retrieve libraries and IP cores from a code pattern database by using the detected external library calls as keys, as replacement-destination libraries/IP cores; and a replacement processing section configured to replace processing descriptions of the replacement sources with processing descriptions of the replacement-destination libraries/IP cores retrieved by the replacement function detection section and to generate interfaces of a CPU to the replacement-destination libraries/IP cores.

Abstract: Techniques are provided for secure data management in a network computing environment. A security management system receives data from a device which operates in a device network that is managed by the security management system. The security management system performs a data classification process to determine a data sensitivity level of the received data. The security management system determines a type of encryption to apply to the received data based on the determined data sensitivity level. The type of encryption is determined from a plurality of different types of encryption that are supported by a cloud system. The security management system sends the received data to the cloud system to at least one of store the data and perform secured data analytic processing of the data, in a format according to the determined type of encryption.

Abstract: The present invention provides an artificial intelligence-based data processing apparatus and method using the same to prevent dispute over various kinds of inconveniences such as inter-floor noise occurring in an apartment house and to solve them in a friendly and communicative manner based on mutual consideration. The AI-based data processing apparatus according to embodiments of the present invention can communicate with neighbors conveniently, quickly and accurately by voice, and communicate in a manner that does not offend each other as if it were through an unbiased mediator. By acting in consideration, it is possible to effectively prevent and resolve inter-floor noise related disputes.

Abstract: Techniques regarding determining hyperparameters for a differentially private federated learning process are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise a hyperparameter advisor component that determines a hyperparameter for a model of a differentially private federated learning process based on a defined numeric relationship between a privacy budget, a learning rate schedule, and a batch size.

Abstract: The technology disclosed herein enables detection of domain hijacking when a DNS resolver is performing a DNS lookup. In a particular embodiment, a method provides, in response to a request to resolve a network address corresponding to a domain name, determining that a nameserver for the domain name is suspect based on satisfaction of nameserver criteria associated with the domain name. The method further includes preventing the nameserver from being used to resolve the request in response to determining that the nameserver is suspect.

Abstract: Provided are a device and method for providing a notification message related to content. The method includes: recognizing an action related to at least one object in the image content by applying the image content to a first artificial intelligence model for identifying the action of the at least one object; determining target images for identifying the at least one object in the image content; obtaining identification information of the at least one object in the target images by applying the target images to at least one second artificial intelligence model for identifying the at least one object; and generating the notification message describing the image content by applying, to a third artificial intelligence model, an identification value indicating the action and the identification information of the at least one object.

Abstract: A data security system, including a security manager computer using network application programming interface (API) calls to services that perform data exchange transactions for end users of an enterprise, and to security layers that perform preventive actions on data exchange transactions that prevent incoming and/or outgoing data exchange transactions from reaching their respective destinations, the API calls remotely monitoring the security layers to identify preventive actions on data exchange transactions performed by the security layers, wherein the security layers are provided by respective different security applications, and a data reporter operative to provide to an administrator of the enterprise a unified report of data exchange transactions that are under preventive action by at least one of the security layers, and to provide a unified interface to an end user enabling the end user to request that a preventive action applied to a selected data exchange transaction be undone.

Abstract: A system and method for applying a policy on a network path is disclosed. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is a cloud object deployed in a cloud computing environment, having access to an external network which is external to the cloud computing environment; actively inspecting the network path to determine if the network path of the reachable resource is accessible from the external network; applying a policy on the accessible network path, wherein the policy includes a conditional rule; initiating a mitigation action, in response to determining that the conditional rule is not met; and applying the policy on another network path, in response to determining that the conditional rule is met.

Abstract: A method for evaluating the risk of data leakage in an application includes the steps of: extracting a DEX (Dalvik Executable) file and a so (Shared Object) file by decompressing an APK file of a mobile application; extracting DEX code information from the DEX file by parsing the DEX file; translating a content of the so file into IR (Intermediate Representation); extracting IR code information from the translated IR; generating a call-reference structure between the DEX file and the so file by processing the extracted DEX code information and the extracted IR code information; and outputting weakness information according to a risk designated in advance based on the generated call-reference structure. Accordingly, it is possible to extend the call-reference coverage of an android application.

Abstract: Methods and systems for anonymously tracking and/or analyzing flow or movement of individual subjects and/or objects using mobile identifying information. In particular, there is provided a computer-implemented method for enabling anonymous estimation of the amount and/or flow of individual subjects and/or objects, referred to as individuals, in a population moving and/or coinciding between two or more tempo-spatial locations.

Abstract: A system for licensing an application or feature for use on a wireless mobile device is disclosed. The wireless device is provided to a user with a licensable application or feature, but the application or feature has not been fully authorized for use. When the wireless device receives a request to use the application or feature, the device operates the requested application or feature, and generates an irrevocable license request. The license request is transmitted to a license server at a time convenient for the device. The license server generates a license certificate to the application or feature, and transmits the license certificate to the wireless mobile device. The device receives the license certificate, which is stored in local memory. The application or feature is now fully licensed for future operation on the wireless mobile device. The license server operates accounting processes to generate license reports and license accounting information.

Abstract: This disclosure describes providing message encryption through identification of sequential prime numbers. Encryption keys are generated, where a public encryption key is generated based on determining a lowest addend value to add to a starting value to produce a next sequential prime number with respect to the starting value. The public encryption key is provided to a computing device, and the computing device can use the public encryption key to encrypt a message. The encrypted message is received from the computing device and decrypted using a private key of the encryption keys that are generated.

Abstract: A global partitioning-based method for anonymizing a dataset of biometric data may include an anonymization computer program: (1) receiving a value k representing a number of records to hide a biometric datum among, a value t that represents a t-closeness parameter for a t-close distribution, a weight parameter, and a first number of features to retain for determining an attribute of interest; (2) receiving the attribute of interest; (3) calculating a distribution of the attribute of interest in a biometric dataset; (4) splitting the biometric dataset into a plurality of k-sized clusters that satisfy the t-close distribution; (5) anonymizing each biometric datum in the plurality of k-sized clusters using a weighted average of landmarks for the biometric datums in k-sized clusters using the weight parameter; (6) adding each anonymized biometric datum into an anonymized biometric dataset; and (7) persisting the anonymized biometric dataset.

Abstract: A system and method is described for labelling data for trigger identification. The system and method comprising receiving data, transforming the data, extracting content from the data, processing data content through a classification machine learning model to receive a label, and trigger a secondary system based on the label. The system and method may further include maintaining a database of labeled data.

Abstract: One embodiment of the invention includes a system comprising: a personal digital key and a computer readable medium that is accessible when authenticated by the personal digital key.

Abstract: At least one information processing apparatus for providing a service to a user having a permission to use the service is provided. The at least one information processing apparatus includes a memory, and a processor coupled to the memory and configured to allow a management permission to be granted to a given user. The management permission enables assignment of the permission to use the service.

Abstract: Some embodiments are directed to a categorization system for categorizing a sensitive data field in a dataset, e.g., a disease classification according to the ICD classification. A client device is to obtain categories for one or more records of the dataset. The client device determines categorization data for the categorization. The categorization data comprises homomorphic encryptions of possible values of the sensitive data field and encodings of the categories associated to the respective possible values, thus keeping the categorization secret. A data provider device stores the dataset and determines homomorphic encryption indicating differences between the value of the sensitive data field for a record and respective possible values. A categorization device determines which of those encryptions indicates a match and provides a category encoding associated with a matching possible value to the client device. The client device associates the encoded category to the record.

Abstract: A system and method for observing and controlling a programmable network via higher layer attributes is disclosed. According to one embodiment, the system includes one or more collectors and a remote network manager. The one or more collectors are configured to receive network traffic data from a plurality of network elements in the network. The remote network manager is configured to connect to the one or more collectors over the Internet via a network interface. The one or more collectors extract metadata from the network traffic data and send the metadata to the network manager.

Abstract: A method of handling a hardware request in a computing device including one or more processors, comprises receiving a request for a hardware-related function from an application service module, determining if the hardware-related function can be provided by an OEM-specific SDK; based on a determination that the hardware-related function can be provided by an OEM-specific SDK, providing commands and parameters related to the hardware-related function to the OEM-specific SDK; based on a determination that the hardware-related function cannot be provided by an OEM-specific SDK, providing commands and parameters related to the hardware-related function to an operating system hardware abstraction layer.

Abstract: A method for invoking a user-intended Internet of Things (IoT) device amongst a number of IoT devices is disclosed. The method includes extracting by the number of IoT devices, a number of voice parameters from a voice wakeup command for waking up the device. The method includes sharing by the number of IoT devices, the number of voice parameters amongst the number of IoT devices. The method includes comparing the number of voice parameters with a number of pre-stored voice parameters in the number of IoT devices. The method includes determining, a user-intended IoT device amongst the number of IoT devices based on the voice wakeup command and at least one of a similarity between the plurality of pre-stored voice parameters and the plurality of voice parameters and a previously invoked IoT device associated with a previous voice wakeup command. The method includes invoking the user-intended IoT device selected amongst the number of IoT devices.

Abstract: In some implementations, a device may receive an activation signal transmitted by an activator device. The device may determine that a first signal pattern of the activation signal matches a second signal pattern associated with activating the Bluetooth capability of the device. The device may activate the Bluetooth capability of the device based on determining that the first signal pattern matches the second signal pattern. The device may communicate with a wireless communication device using the Bluetooth capability of the device based on activating the Bluetooth capability of the device.

Abstract: A method of controlling a vehicle for stably performing over-the-air (OTA) software updates by fully considering a power supply status of the vehicle includes: determining a power supply status of the vehicle; determining whether to enable supply of an electric power higher than a value required to perform an over-the-air (OTA) software update of the vehicle based on the power supply status of the vehicle; and performing the OTA software update of the vehicle upon determining that the supply of the electric power higher than the value required to perform the OTA software update of the vehicle is possible.

Abstract: A content sharing device includes a content acquisition circuit configured to acquire main content and sub-content, at least one of which is derived from digital ink, and a transmission processing circuit configured to, in response to receipt of a request made by a terminal device operated by a user, select either first provision data or second provision data depending on usage rights of the user and transmit the first or second provision data that has been selected to the terminal device. The first provision data includes only the main content, while the second provision data includes both the main content and the sub-content. The sub-content includes content generated using a plurality of content elements that are generated before the main content is published or content generated using a plurality of content elements that are generated after the main content is published.

Abstract: The present disclosure relates to software tampering resistance. In one aspect, a method for generating protected code is provided, comprising identifying a primary function in code to be obscured, the primary function being a function used to verify the integrity of the code run-time. The method then comprises generating a finite state machine from the primary function, wherein a state of the finite state machine at a given instance defines an element of the primary function to be executed. The method then comprises distributing the finite state machine throughout the code to obscure one or more areas of the code.

Abstract: The system obtains information to send to the first user device and converts the information into a sequence of images, where one or more images in the sequence of images include the information, and a remainder of images in the sequence include a visual unrelated to the information. The number of the one or more images and the number of the remainder of images indicate a display frequency. The number of the remainder of images is greater than the number of the one or more images. The display frequency causes an observer to form a perception of the one or more images. The system sends the sequence to the first user device and causes the first user device to present on the display screen the sequence at the display frequency, which causes a garbling of a recording of the display screen associated with the first user device.

Abstract: A method for improving memory utilization of a Narrowband Internet of Things device (UE) is provided. The method includes: switching the modem to a provisioning mode and allocating a portion of the dedicated memory of the modem during provisioning of the iSIM on the modem chip of the UE; reusing, by the iSIM, the portion of the dedicated memory of the modem for processing provisioning data; securely cleaning up the allocated portion of the dedicated memory of the modem by a protection hardware block after leaving the provisioning mode; and allocating the portion of the dedicated memory of the modem shared with the iSIM back to the modem.

Abstract: Methods and systems are disclosed for performing generating AR experiences on a messaging platform. The methods and systems receive, from a client device, a request to access an augmented reality (AR) experience and access a list of event types associated with the AR experience used to generate one or more metrics. The methods and systems determine that an interaction associated with the AR experience corresponds to a first event type of the list of event types and generates interaction data for the first event type representing the interaction. In response to receiving a request to terminate the AR experience, the systems and methods transmit the interaction data to a remote server.

Abstract: According to a disclosed embodiment, data analysis is secured with a microservice architecture and data anonymization in a multitenant application. Tenant data is received by a first microservice in a multitenant application. The tenant data is isolated from other tenant data in the first microservice and stored separately from other tenant data in a tenant database. The tenant data is anonymized in the first microservice and thereafter provided to a second microservice. The second microservice stores the anonymized tenant data in an analytics database. The second microservice, upon request, analyzes anonymized tenant data from a plurality of tenants from the analytics database and provides an analytics result to the first microservice.

Abstract: Systems, methods, and computer media are described for user risk assessment using similarity analysis. Records of transactions performed by a user while in previous enhanced application access sessions can be evaluated against records of transactions performed by other users in previous sessions. The more similar a user is to other users, the more likely it is the user was acting in a typical manner, and the less likely the user poses a security risk. A similarity analysis can be performed using a bipartite graph linking a group of users and a group of application transactions. By examining an edge between a user and a performed transaction, other edges (and corresponding other users) can be identified that also performed the transaction. A similarity score can be calculated based on the bipartite graph and can be used to determine a risk classification and allow or deny an enhanced application access session request.

Abstract: Techniques are described for budget tracking in a differentially private security system. A request to perform a query of a private database system is received by a privacy device from a client device. The request is associated with a level of differential privacy. A privacy budget corresponding to the received request is accessed by the privacy device. The privacy budget includes a cumulative privacy spend and a maximum privacy spend, the cumulative privacy spend representative of previous queries of the private database system. A privacy spend associated with the received request is determined by the privacy device based at least in part on the level of differential privacy associated with the received request. If a sum of the determined privacy spend and the cumulative privacy spend is less than the maximum privacy spend, the query is performed. Otherwise a security action is performed based on a security policy.

Abstract: Techniques for improving computing device operations are provided. A system can include an organizational database that stores a centralized set of organizational data having a plurality of device objects and a plurality of employee objects. The system can receive a notification associated with the first employee object. Additionally, the system can determine, using the organizational database, that the first device object is associated with the first employee. Moreover, the system can access a device policy for the first device object. Furthermore, the system can evaluate the device policy based at least in part on data associated with the first employee object and the notification. The evaluation of the device policy includes running a query expression against the centralized set of organizational data to return a query result. Subsequently, the system can execute an action based on the query result. The action can be associated with the first computing device.

Abstract: A method of secure data deletion in a multitenant environment, performed by a storage system is provided. The method includes associating a key with a tenant, in the multitenant environment, as a result of the storage system receiving data from the tenant through a virtual local area network (VLAN) or from an Internet protocol (IP) address. The method includes storing the data, encrypted by the key, in the storage system, and determining that the key, as retained in the storage system, is to be deleted, so that the data is to be inaccessible in unencrypted form, responsive to a request from the tenant to delete the data.

Abstract: Methods and systems for performing targeted advertising are described. Relative concentration of consumer types in the audience of particular media content is determined by measuring the coincidence of key values identifying certain consumer types, and other key values identifying audiences of particular media content, in a database.