Abstract: An indication of an application to be installed on a local device is received. A request is transmitted to a remote server for information associated with the application. In some cases, in response to the receipt of a report from the remote server, a set of rules restricting behaviors of the application is implemented at the local device. In some cases, in response to the receipt of a report from the remote server, the installation of the application on the local device is prevented.

Abstract: A system and method for performing distributed recognition divides processing steps between a device, having lower processing power, and a remotely located server, having significantly more processing power. Images captured by the device are processed at the device by applying a first set of image processing steps that includes applying a first detection. First processed images having at least one detected human is transmitted to the server, whereas a second set of image processing steps are applied to determine a stored entry matching the detected human of the first processed image.

Abstract: A system, method, and device for generating data visualizations are disclosed. The method includes (i) obtaining a natural language query, (ii) determining an intent for the natural language query, (iii) generating one or more data requests to one or more selected data sources, the one or more data requests being based at least in part on the intent, (iv) abstracting result data to obtain a data abstraction, the result data being responsive to the one or more data requests, and (v) generating a visualization for the result data based at least in part on the data abstraction.

Abstract: Systems and methods are disclosed for batch processing of key generation requests for internet-of-things (IoT) device vendors. An example method may include maintaining a queue of internet of things (IoT) devices for which encryption material generation has been requested. The method may also include receiving, from a first vendor, a first order to generate first encryption material for a first set of IoT devices and receiving, from a second vendor, a second order to generate second encryption material for a second set of IoT devices. The method may further include generating a dynamic encryption material schedule configured to partition the first set of IoT devices and partition the second set of IoT devices and applying the dynamic encryption material schedule such that the first encryption material and the second encryption material are generated at least partially in parallel.

Abstract: A method of designing a multi-party system in quotient algebra partition-based homomorphic encryption (QAPHE), which is based on the framework of quotient algebra partition (QAP) and the computation of homomorphic encryption (HE), wherein the method comprises: increasing single model provider A to multiple ones, wherein the number of the multiple model providers is L and let A1?i?L and L?2; increasing single data provider B to multiple ones, wherein the number of the multiple data providers is R and let B1?j?R and R?2; and encoding plaintexts, each of which is of kj qubits, from all data providers into ciphertexts respectively; aggregating the ciphertexts by a form of tensor product and generating an encoded state for computation; and preparing a model operation to conduct the encrypted computation via an encoded operator and the encoded state in a cloud. The method can improve the security of public-key/semi-public-key system and be applied to a threshold HE or a multi-key HE to solve actual problems.

Abstract: The present disclosure provides a joint training method and apparatus for models, a device and a storage medium. The method may include: training a first-party model to be trained using a first sample quantity of first-party training samples to obtain first-party feature gradient information; acquiring second-party feature gradient information and second sample quantity information from a second party, where the second-party feature gradient information is obtained by training, by the second party, a second-party model to be trained using a second sample quantity of second-party training samples; and determining model joint gradient information according to the first-party feature gradient information, the second-party feature gradient information, first sample quantity information and the second sample quantity information, and updating the first-party model and the second-party model according to the model joint gradient information.

Abstract: Methods and systems for securely managing personal data associated with image processing include an image sensor configured to capture an image, a local computer system local to the image sensor, and a backend computer system remote from the image sensor. The local computer system has a processor with a trusted execution environment (TEE) that detects anomalies in images from the image sensor, extracts personal data from the image, and encrypts the personal data. The local computer system then sends the extracted, encrypted personal data to the backend computer system, where a backend TEE decrypts the extracted, encrypted personal data, and performs data processing by comparing the decrypted personal data to other personal data that is stored in a backend database in the backend computer system.

Abstract: A memory device and an associated control method are provided. The memory device includes a non-volatile memory array and a memory control circuit. The non-volatile memory array includes M secured memory zones. The memory control circuit is electrically connected to the non-volatile memory array. The memory control circuit provides a set of mapping information and searches a request key in the set of mapping information. The set of mapping information represents correspondences between N access keys and the M secured memory zones. The memory control circuit acquires at least one of the M secured memory zones if the request key is one of the N access keys, and performs an access command to the at least one of the M secured memory zones. M and N are positive integers.

Abstract: This patent disclosure provides various verification techniques to ensure that anonymized surgical procedure videos are indeed free of any personally-identifiable information (PII). In a particular aspect, a process for verifying that an anonymized surgical procedure video is free of PII is disclosed. This process can begin by receiving a surgical video corresponding to a surgery. The process next removes personally-identifiable information (PII) from the surgical video to generate an anonymized surgical video. Next, the process selects a set of verification video segments from the anonymized surgical procedure video. The process subsequently determines whether each segment in the set of verification video segments is free of PII. If so, the process replaces the surgical video with the anonymized surgical video for storage. If not, the process performs additional PII removal steps on the anonymized surgical video to generate an updated anonymized surgical procedure video.

Abstract: A data storage device and method for token generation and parameter anonymization are provided. In one embodiment, a data storage device is provided comprising a memory and a controller. The controller is configured to receive a plurality of tokens and data comprising a plurality of data portions, which each token identifies a different set of the data portions to anonymize; create a plurality of anonymized versions of the data per the plurality of tokens; and store each of the plurality of anonymized versions of the data in different physical addresses in the memory, wherein the different physical addresses map to a same logical address in a mapping structure. Other embodiments are possible, and each of the embodiments can be used alone or together in combination.

Abstract: A computer system includes a processor that operates in a normal world and a secure world and that provides hardware-level isolation between the normal world and the secure world. A storage device of the computer system has a protected data region that stores critical data. A random-access memory of the computer system has a normal memory space that is accessible in the normal world and a secure memory space that is accessible only in the secure world. The secure memory space stores commands that transfer the critical data between the protected data region and the normal memory space by direct memory access.

Abstract: A method and apparatus for a distributed service provider augmenting user data during data access and deletion is described. The method may include monitoring a plurality of user data returned by service system responses to requests for user data associated with a user identifier. The method may further include building an additional user data search query using a subset of user data from the monitored plurality of user data returned by the service system responses to the initial requests for user data. Furthermore, the method can include executing the additional user data search query at each of the plurality of service systems to identify additional user data stored by one or more of the plurality of service systems, wherein the identified additional data is not associated with the user identifier.

Abstract: A method for protecting a disaster recovery site, the method may include receiving by source compute nodes of a storage system, during source storage periods, write requests for storing content in the storage system; writing by source compute nodes, during the source storage periods, the content into the storage nodes of the storage system; maintaining replication compute nodes of the storage system deactivated during the source storage periods; reading the content by the replication compute nodes from the storage nodes during replication periods; participating, by the replication compute nodes, in outputting the content to one or more data recovery sites during the replication periods; and maintaining the source compute nodes deactivated during the source storage periods.

Abstract: The present disclosure relates to activity monitoring systems and methods for gating whether or not steps should be counted in an observation window based on whether a decision tree concludes there are consecutive step activities (versus no activity or other activities) in the observation window. Particularly, certain aspects are directed to a method that includes obtaining acceleration data for an observation window of an accelerometer, inputting two or more characteristics of the acceleration data into a decision tree to determine activity occurring within the observation window, assigning a first class to the observation window when the determined activity is associated with consecutive steps, assigning a second class to the observation window when the determined activity is not associated with consecutive steps, and when the first class is assigned to the observation window, determining a step count for the observation window using frequency analysis.

Abstract: One embodiment provides a method comprising verifying a digital asset to determine ownership, provenance, and lineage of the digital asset. The verifying includes blockchain forensic analysis and triangulation of one or more electronic devices involved in one or more blockchain transactions relating to the digital asset. The method further comprises computing a confidence score corresponding to the digital asset. The confidence score is a measurement derived from the verifying. The method further comprises maintaining a record of the digital asset in an electronic registry. The record includes the confidence score and is indicative of the ownership, the provenance, and the lineage of the digital asset. The method further comprises monitoring one or more changes to the ownership, the provenance, and the lineage of the digital asset, and updating the record including the confidence score in response to the one or more changes.

Abstract: A method and apparatus are disclosed for a multi-processor SoC which includes an execution domain processor for running an execution domain; a control point processor that is physically and programmatically independent from the execution domain processor and configured to generate control data for controlling access by the execution domain to one or more SoC resources by identifying at least a first SoC resource that the execution domain is allowed to access; and an access control circuit connected between the execution domain and the SoC resources and including a programmable front end which is connected to receive the control data from the control point processor, and a signals-based back end which is configured to provide a dynamic runtime isolation barrier in response to the control data, thereby controlling access to the one or more system-on-chip resources by the execution domain.

Abstract: A method and system for maintaining tenant isolation in a messaging service are disclosed. The method includes receiving, in at least one source topic, records sent by a plurality of producer systems associated with a plurality of tenants, wherein each of the plurality of tenants is associated with a unique tenant identifier (ID); partitioning the received records into a plurality of partitions in an intermediate topic based on the respective tenant IDs of respective tenants that sourced the records; grouping, for each of the plurality of partitions in the intermediate topic, records within the partition into an isolated batch, wherein the records in each isolated batch belong to the same tenant; and placing the isolated batches in a destination topic to be consumed system by a consumer, wherein the isolated batches are placed in the destination topic in a round-robin manner.

Abstract: A system and method are disclosed for processing data subject rights requests. The system and method advantageously enable data controllers to train machine learning models on unaltered data having PII, while maintaining the privacy of the unaltered data and enabling compliance with data subject rights requests with respect to the data. The system and method incorporate a biometric database that stores biometric data extracted from the unaltered data having PII. In order to identify data relating to a data subject rights request, biometric data is received from the data subject and is matched against the biometric data stored in the biometric database. Based on the matched biometric data, the original unaltered source data having PII can be identified for the purpose of exercising one or more data subject rights, such as erasure, access, and objection to processing.

Abstract: The present disclosure provides an identity authentication method, a personal security kernel node, a device, and a medium. The personal security kernel node is part of an identity authentication system, the identity authentication system further comprising a relying party node and a user identity credential certifier node. The method includes: obtaining an identity authentication assurance level corresponding to a service provided by a relying party; determining, according to the identity authentication assurance level, a user identity credential used by a user for the service; transmitting the user identity credential to a user identity credential certifier node through a relying party node, so that the user identity credential certifier node performs user identity credential authentication; and performing the service with the relying party node. According to the embodiments of the present disclosure, security of user identity assets can be improved during identity authentication.

Abstract: The present invention provides for generating high volumes of synthetic data records for testing data processing applications associated with one or more operating fields, such as healthcare without using any confidential Information. In operation, the present invention provides for retrieving a predefined dataset. Further, the present invention provides for extracting data values associated with selected relevant data fields from the retrieved predefined dataset. Furthermore, the present invention provides for defining rules for generating data values of specific data fields out of the selected relevant data fields. Yet further, the present invention provides for evaluating a number of possible data records. Yet further, the present invention provides for generating evaluated number of synthetic data records using a predefined file format based on the extracted data values and the defined rules.

Abstract: Systems, methods and computer readable products are provided for enabling dynamic loading of one or more digital image branding functions associated with one or more distribution rules. A distribution rule is used to target a group of end users that are selected from a dataset mapping a plurality of end-users according to one or more distribution rules. Instructions are forwarded to present an indication the digital image branding function to each member of the end users group.

Abstract: One variation of a method for securing synthetic video conference feeds includes, during a setup period: accessing a target image depicting a face of a user; generating a face model based on a target set of facial features detected in the target image; and linking the face model to a target set of facial biometric values of the user. The method also includes, during an operating period succeeding the setup period: accessing a frame; deriving characteristics of a set of facial features detected in the frame; extracting a set of facial biometric values from the frame; in response to alignment between the target set of facial biometric values and the set of facial biometric values, generating a synthetic face image based on characteristics of the set of facial features, the face model, and a synthetic face generator; and rendering the synthetic face image in place of the frame.

Abstract: Methods and systems are described whereby a server can forward a request from a device behind a NAT router to a system to determine if the request is suspicious. A server can receive a message via a network device, such as a NAT router, disposed at a location. The message can originate from one of a plurality of computing devices located downstream of the network device. The server can determine that the message originated from a compromised device and transmit a signal to facilitate execution of a first process on the computing devices located downstream from the compromised device, wherein, upon execution, the first process is configured to compare information located in a local storage of the computing device with a predetermined list of domains.

Abstract: Techniques and apparatuses are described that implement the secure external data storage. A computing system may include a system-on-chip as a main processing complex and one or more secure elements that execute specialized functions related to sensitive information. While the secure element may use an external flash for storage for performance reasons, storing sensitive information on an external flash may expose the sensitive information if the external flash is ever compromised. The disclosed techniques and apparatuses provide an integrated secure element, of a system-on-chip, which leverages a secure channel with a secure flash to manage a cryptographic key for securing sensitive information stored on an unsecured external flash to prevent the exposure of sensitive information.

Abstract: Various embodiments are directed to an example apparatus, computer-implemented method, and computer program product for rapid machine learning in a data-constrained environment. Such embodiments may include using a decision space generation model to generate candidate content data objects based on content generation objectives. Such embodiments may further include generating a first plurality of rated content data objects for a first target client based on a first experimental classification group and generating a second plurality of rated content data objects for a second target client based on a second experimental classification group. Such embodiments may further generate, based on a learning model, the first experimental classification group, and the second experimental classification group, a custom output content set including one or more of the first plurality of rated content data objects and one or more of the second plurality of rated content data objects.

Abstract: A computer-implemented method includes monitoring, by a mobile wallet computing system, a context of a user having a mobile wallet on a user mobile device, determining whether one or more rules for each one or more sub-wallets associated with the mobile wallet on the user mobile device are fulfilled based on the monitored context of the user, in response to at least one of the rules associated with a predefined sub-wallet being fulfilled, provisioning the predefined sub-wallet to the mobile wallet on the user mobile device, configuring a removal rule for the predefined sub-wallet, and removing the predefined sub-wallet from the mobile wallet on the user mobile device in response to the removal rule being fulfilled.

Abstract: A privacy protection method for the electronic device includes: starting face change detection, where the face change detection is continuously detecting, in a current unlocking period, whether a face in front of a display of the electronic device changes; after starting the face change detection, detecting an operation of starting a first private application; and in response to the operation and determining that a result of the face change detection is that the current face does not change, displaying first private content corresponding to the first private application; or in response to the operation and determining that a result of the face change detection is that the current face changes, displaying first non-private content, where the first non-private content does not include first private content.

Abstract: Systems and methods are provided for managing and rewarding sharing of user data via a computing device with a requesting device. A privacy risk score is received for the requesting device characterizing a degree of cyber risk for sharing data. Initial privacy settings are received for the user via a GUI in response to the privacy risk score characterizing the user data allowable for sharing. A reward incentive is then automatically determined based on the privacy risk and the initial privacy settings for sharing additional user data with the requesting device beyond that identified by the initial privacy settings. Then, in response to an override from the GUI overriding the initial privacy settings to accept the reward incentive and thereby allow sharing of the additional user data beyond the initial range: updated privacy settings are determined and the sharing of the user data is limited to the updated privacy settings.

Abstract: A method for directing queries to encrypted database files includes acquiring a mapping that links a first encrypted file with a different encrypted file. The first encrypted file is generated based on a first encryption key. The method includes generating, by one or more processors based on the mapping, an updated mapping to link a second encrypted file with the different encrypted file. The second encrypted file is generated based on a second encryption key. The method includes directing, using the mapping, a first query to the first encrypted file when the first query arrives before generating the updated mapping; and. The method includes directing, using the updated mapping, a second query to the second encrypted file when a second query arrives after generating the updated mapping.

Abstract: A method for removing unauthorized information associations from an LLM including identifying real UD instances training data, identifying UD associations for the UD instances, generating synthetic UD instance-UD association pairs to reduce or remove influence of a real UD instance-UD association pair on an output of the LLM, an adversarial dataset including synthetic UD instance-UD association pairs and the real UD instance-UD association pairs, and generating a fine-tuned LLM by iteratively fine-tuning the LLM using the adversarial dataset.

Abstract: The technology disclosed herein enable consumer devices to verify the integrity of services running in trusted execution environments. An example method may include: establishing, by a computing device, a trusted execution environment for a service, wherein the trusted execution environment comprises an encrypted storage area; loading, by the computing device, data of the service into the trusted execution environment, wherein the data comprises executable data; detecting, by a computing device, a change of the trusted execution environment that is executing the service; generating, by the computing device, integrity data that represents a state of the trusted execution environment after the change; and transferring, by the computing device, the integrity data to another computing device.

Abstract: A cybersecurity system for use in a process plant provides whitelisting of device specific and common practice HART read commands in process controllers and safety controllers to perform communications in a process plant that are very secure, but that still enable the implementation of advanced functionality provided in HART devices. A whitelist implementation application applies one or more whitelists in a security gateway device to determine if messages, such as HART messages, should be allowed or processed. A whitelist learning application automatically creates and configures whitelists, and a whitelist configuration application discovers Device Specific and Common Practice HART commands by issuing device description requests to specific devices, parsing the response, and communicating the whitelist configuration information with the parsed command types to the relevant process controllers and safety controllers for use in the whitelists.

Abstract: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.

Abstract: A method of access control includes receiving an access request transaction from one of a first identity sensor. Current confidence information is determined for the access request transaction. Prior confidence information is determined for at least one prior access request transaction associated with the user from at least one second identity sensor. A total confidence score value is generated based on a confidence function applied to the current confidence information and the prior confidence information. The total confidence score value is compared with a confidence threshold value for the secure resource associated with the access request transaction. Access to the secure resource is granted, in response to determining that the total confidence score value meets the confidence threshold value. The access to the secure resource is denied, in response to determining that the total confidence score value does not meet the confidence threshold value.

Abstract: A server apparatus includes an accepting unit configured to accept, from a personal computer, first deadline information indicating a deadline for transmitting answer information for teaching material contents, a first print of which was sent in advance, from a multifunction peripheral to the server apparatus, a first notifying unit configured to notify second deadline information corresponding to the first deadline information to at least one of a smartphone and the multifunction peripheral, and a second notifying unit configured to notify, to the personal computer, deadline determination information indicating whether an answer image has been received from the multifunction peripheral by the deadline. The multifunction peripheral includes a reading executing unit configured to read a second print including an image corresponding to the answer information and generate the answer image and a transmitting unit configured to transmit the answer image to the server apparatus.

Abstract: A service providing system, an information processing system, and a use permission assigning method. The service providing system registers one or more users in one or more groups in a tenant, assigns application use permission to a specific group, assigns the application use permission assigned to the specific group to a user in the specific group, generates screen information for restricting an assignment of the application use permission to a user registered in other group in the tenant, the other group to whom the application is not assigned, displays a screen based on the screen information, permit use of the application to the user to whom the application use permission is assigned among users registered in the specific group, and restrict a user registered in the other group to use the application.

Abstract: A method for securing memory via an external memory controller, that includes receiving, by the external memory controller, an allocation request to allocate a memory region from a processor core, and in response to receiving the allocation request, allocating the memory region from the memory, associating the processor core with the memory region, and associating an encryption key and a decryption key with the memory region.

Abstract: Provided is a digital/analog signal processing apparatus and method for controlling exposure of personally identifiable information to be transferred from storage in a secure enclave, comprising a memory and an integrated circuit coupled to the memory, configured to: select a data set stored in the storage; individuate personally identifiable information in the data set; determine an individual person's subset of personally identifiable information; extract an identifier for the individual person from the subset; interrogate stored data using the identifier to locate metadata comprising permission to expose the individual person's subset; and responsive to a failure to locate the metadata comprising permission, either: emit a signal seeking the permission; or apply a protective measure to the individual person's subset of individuated personally identifiable information prior to transfer of the data set in a digital/analog signal outside the secure enclave.

Abstract: The present disclosure relates to a system, method, and apparatus for securing electronic personal identifying information. The system enhances data privacy, by minimizing the amount of authentic personal identifying information that is shared with a third party. Namely, the system includes a database of known websites, apps, etc. that require personal identifying information to sign up—and then classifies whether any given type of information is strictly necessary to the functioning of the website. The system then generates placeholder “dummy” data for any fields that are required for signup, but are not strictly necessary for the website to function. The system allows for creation of several user profiles that vary the amount of authentic personal identifying information to be shared, based on the user's preferences. The system therefore helps to secure personal information in the event that, for example, the website later has a data breach.

Abstract: Systems and methods are provided for a hypergraph representation and transformation process enabling the cogeneration and analysis of multiple system attributes alongside system node relationships within real world data models. Embodiments of the present disclosure allow for the cogeneration of attribute embeddings, along with node embeddings, within a single, graph-based data set model. Embodiments of the present disclosure provide a higher level of accuracy in problem space representation compared to conventional systems and methods and help to reveal more complex relationships in real world problems.

Abstract: A steganography method and an apparatus embedding a hidden message in a video stream of an original cover video to produce a stego video using a generative neural network. The original cover video is a video stream as opposed using an image. A discriminant neural network is used to correct a generated video compared to an original cover video. The generated neural network is trained when the generated video is determined to be real by the discriminant neural network. A second stego video is acquired by adversarial training through a mutually adversarial relationship between a generative neural network and an discriminant neural network. The embedding technique is one of pre-embedding, intra-embedding, or post-embedding.

Abstract: Systems, methods and computer readable products are provided for enabling dynamic loading of one or more digital image branding functions associated with one or more distribution rules. A distribution rule is used to target a group of end users that are selected from a dataset mapping a plurality of end-users according to one or more distribution rules. Instructions are forwarded to present an indication the digital image branding function to each member of the end users group.

Abstract: A request to access a destination device associated may be received from a user device. The request may comprise a digital certificate. The digital certificate may comprise a public key of the user device. A distributed ledger address of the user device may be determined by applying a deterministic function to the public key of the user device. A distributed ledger entry may be created on a distributed ledger. The distributed ledger entry may comprise the address of the user device. Based on the distributed ledger entry, access to the destination device may be granted to the user device.

Abstract: Implementations of the present disclosure are directed to providing remote access to electronic documents stored in a server system using a virtual secure room, and include actions of authenticating a user at least partially based on credentials of the user, at least partially in response to authenticating the user, providing a secure connection between a computing device of the user and the server system, transmitting at least one electronic document for display to the user on the computing device, monitoring the user, while the at least one electronic document is displayed to the user on the computing device, and selectively closing the secure connection in response to one or more of at least one activity and at least one state of the user.

Abstract: Disclosed herein is a non-transitory computer-readable recording medium storing computer-readable instructions for a terminal device. The computer-readable instructions, when executed by a processor of the terminal device, may cause the terminal device to: display a predetermined screen related to a printing device on a display unit of the terminal device; and in a case where a predetermined instruction for purchasing a consumable article for the printing device is received from a user while the predetermined screen is displayed on the display unit, display service-related information related to a service provided by a vendor of the printing device on the display unit.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: An internet profile dilution device and method are provided. To prevent the sale of individual user's internet searches to advertisers, an internet profile dilution software is configured to significantly dilute the individual search and browsing by opening a site the individual has selected, or in the default state, will automatically select from a variety of news outlet websites for dilution of the individual's internet profile. The internet profile dilution software will scan the site, for links to another article, and will navigate to that article and spend a random amount of time appearing to read the article. The software will search for particular words from the title of the article to continue to further dilute the internet profile of the individual. The individual's internet search is sufficiently diluted by the internet profile dilution software so that an accurate profile of the individual's internet search and browsing cannot be established.

Abstract: The disclosed computer-implemented method for dynamically classifying browser fingerprinting into user tracking and cloaking may include identifying, by a computing device, one or more website scripts as one or more candidates for cloaking based on function hooking and execution attribution. The method may additionally include identifying, in response to the identification of the one or more candidates for cloaking, at least one of the candidates for cloaking that lacks a direct connection to fingerprinting based on the function hooking and the execution attribution. The method may also include classifying, in response to the identification of the at least one of the candidates for cloaking that lacks a direct connection to fingerprinting, the at least one of the candidates for cloaking based on a hierarchical analysis. The method may further include performing a security action based on the classification. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A data processing method, apparatus, and device based on a smart contract, and a storage medium can improve execution speed of a smart contract and reduce a running time. A contract call request used for executing a transaction service is acquired. An asynchronous variable statement corresponding to the asynchronous variable function name in a smart contract is also acquired. A first memory and a second memory associated with the first variable parameter are queried based on the first asynchronous variable statement. A data read request is transmitted to the first memory and a separate data read request is transmitted to the second memory in an asynchronous request manner indicated by the first asynchronous variable statement to obtain first to-be-read data and second to-be-read data used for executing the transaction service.

Abstract: A method includes capturing a first image associated with a portion of a display screen being shared. The method further includes rendering the first image in a preview window of the display screen being shared to form a second image. The second image is captured so as to determine whether the first image is duplicated in the second image. The duplication of the first image in the second image is masked to form a third image. The third image is rendered in the preview window.