Abstract: Systems, computer program products, and methods are described herein for generating and monitoring digital certificate rights in a distributed network. The present invention may be configured to receive a first request for certification of a first user, cause a first user device to display a first interface including one or more input fields for receiving information associated with the first user, receive data input by the first user to the one or more input fields of the first interface, and determine, based on the data, whether the first user satisfies requirements for the certification. The present invention may be configured to generate, based on determining that the first user satisfies the requirements for the certification, a non-fungible token certifying the first user, store the non-fungible token on a distributed ledger, and record, on the distributed ledger, the first user as owner of the non-fungible token.

Abstract: A method, computer program product, and computing system for receiving content for securely transmitting from an initiator device across a fabric to a target device. The content may be encrypted with a predefined encryption key, thus defining encrypted content. The encrypted content may be encapsulated in a Non-volatile Memory Express (NVMe) Over Fabrics (NVMe-oF) command, thus defining an encapsulated NVMe-oF security command. The encapsulated NVMe-oF security command may be transmitted across the fabric to the target device.

Abstract: A system for protecting non-public information from a malicious user determines a set of input data entered into a web application. The system determines whether each input data is associated with non-public information. In this process, the system compares each input data with each of a set of keywords that are known to be associated with non-public information. In response to determining that input data corresponds to a keyword, the system determines that the input data comprises non-public information. In response, the system masks the input data and tags an authentication instruction to the masked input data. The system may receive a request to unmask the masked input data. In response to receiving the request, the system executes the authentication instruction.

Abstract: A rogue Wi-Fi 6E access points are identified by on-wire data traffic of authorized Wi-Fi 6E access points. Data traffic is monitored across all access points for the rogue Wi-Fi 6E access points according to an SSID/BSSID scan table. In response, modified CSA values are sent from spoofed action frames that have a source BSSID of the rogue access points rather than the authenticated access point that transmits.

Abstract: A method for authenticating a user, which is performed by at least one processor, includes obtaining an image an identity (ID) card, assigning a parameter score to at least one parameter included in the image of the ID card, assigning an accuracy score to the at least one parameter extracted through character recognition, based on the image of the ID card, setting a first weight for the parameter score and a second weight for the accuracy score, setting a weight related to a priority for the at least one parameter, and calculating an authentication score based on the parameter score, the accuracy score, the first weight, the second weight, and the weight related to the priority.

Abstract: Systems and techniques are provided for establishing a connection. For instance, a process may include receiving, by a first root of trust (C-ROT) of a first chiplet of a plurality of chiplets from a second C-RoT of a second chiplet, a second certificate along with security state information and debug information for the second chiplet; authenticating a security state and a debug state of the second chiplet based on the security state information and the debug information; authenticating the second certificate; and establishing a security boundary with the second chiplet.

Abstract: A radio wave anomaly detection system outputs a detection result about a radio wave anomaly that is included in received data and has been detected using a first feature that is a feature extracted from the received data every first predetermined time period, and a second feature that is a feature extracted from the received data every second predetermined time period longer than the first predetermined time period.

Abstract: Methods and systems for securing network access for edge gateway devices are disclosed. The network access may be secured for edge gateway devices through establishment of a communication channel. The communication channel may be established between an edge gateway device and an edge orchestrator. The edge orchestrator may manage operations of the edge gateway device after authenticating the edge gateway device. If the edge gateway device cannot be authenticated, then the edge orchestrator may limit activity with respect to the edge gateway device.

Abstract: An information handling system may establish a secure channel between an embedded controller and a processor, and request access to a resource of the embedded controller through the secured channel. The system may also receive a response to the request via the secure channel, wherein the response is based on the embedded controller validating whether the processor has a right to access the resource.

Abstract: Embodiments of the present disclosure include a processing device that receives a proposed block for inclusion on a blockchain, the proposed block including a proposed update to an access control policy and an update condition for evaluating the proposed update, transmits an access request to be evaluated according to a modified version of the access control policy that incorporates the proposed update to generate access results, and transmits a determination for the inclusion of the proposed block on the blockchain in view of the access results.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for an approach to securing information stored in a distributed network. The system allows for generating distributed identifiers for information entries, wherein the distributed identifiers mask the information entries using a hash function and the distributed identifiers are dispersed across distributed ledgers. The system also allows for originating nodes to access the information entries within the distributed identifiers, while permitting other nodes and domains to reference the distributed identifiers themselves instead of referencing the information entries.

Abstract: A system is provided for implementing technology infrastructure upgrades using an automated electronic data aggregation tool. In particular, the system may receive a request from an endpoint device to generate a technology remediation framework for remediating a technology infrastructure issue. In response to the request, the system may use an automated electronic data aggregation tool to receive data associated with the technology infrastructure issue from one or more data sources. The system may then automatically generate the technology remediation framework using the received data and present the framework to one or more users associated with the technology infrastructure issue. In this way, the system provides an efficient way to implement upgrades and remediate issues within a technology infrastructure.

Abstract: A method or a system accesses an envelope stored in a first database. The envelope includes a set of secure electronic documents, a workflow of tasks, and one or more events associated with the tasks. The system also accesses a second database that stores a credential of an entity associated with the envelope. In response to authenticating the credential, the system receives and caches an access token in a third database. Further, the system monitors the events associated with the tasks in the workflow. In response to detecting an occurrence of at least one event, the system generates and sends a message with the cached access token to a webhook listener. After authentication of the entity using the access token, the webhook listener is caused to generate and send a notification to an administrator of the entity.

Abstract: Systems and methods are directed to building annotated models based on eyes-off data. Specifically, a synthetic data generation model is trained and used to further train a target model. The synthetic data generation model is trained within an eyes-off environment using an anonymity technique on confidential data. The synthetic data generation model is then used to create synthetic data that closely represents the confidential data but without any specific details that can be linked back to the confidential data. The synthetic data is then annotated and used to train the target model within an eyes-on environment. Subsequently, the target model is deployed back within the eyes-off environment to classify the confidential data.

Abstract: A secure biometric collection (SBC) system for a secure transaction. The system contains inter alia a storage device, an input device receiving user information of the secure transaction, a camera capturing the user's image. A fingerprint scanner scanning the user's fingerprint, a second fingerprint scanner scanning a witness' fingerprint, a camera encoder combining and hashing the user's image into combined data sets being stored in the storage device. A fingerprint encoder processes the fingerprint scans of the user and witness into fingerprint template data sets and stores the fingerprint template data sets in the storage device. A privacy encoder combines and encrypts the combined data sets and fingerprint template data sets into encrypted data sets memorializing the secure transaction. A copy of the secure transaction is produced including encrypted data sets for the user, and the storage device purges of all the user collected data once the copy is produced.

Abstract: The system and methods described allow a content delivery application to provide temporary access to a content item for display on a content access device based on a user obtaining access to the content item initially on another system. The content delivery application receives content accessed confirmation that user access a content item and then monitors whether that access was interrupted. If the access was interrupted, the content delivery application generates a content access bookmark based on a content timeline and stores a content access authorization comprising the content access bookmark and an identifier from the profile. When the user requests the content item, the content delivery application transmits access information corresponding to segments of the content item, based on the content access bookmark to a user's device.

Abstract: A device includes a general purpose input/output (GPIO) pin and a chipset that has a bootloader component, a secure driver component, and a countermeasure handler component. The bootloader component loads an intrusion detection (ID) configuration for detecting intrusion events at the device, authenticates the ID configuration, and initializes the countermeasure handler component. The secure driver component receives, from the GPIO pin, an electrical signal associated with a hardware interrupt at the device and causes a notification to be provided to a user associated with the device. The counter secure driver component also perform at least one countermeasure in response to the intrusion event.

Abstract: Stateless network address privacy may be provided. A data packing may be received with an obfuscated destination address and an un-obfuscated source address. An un-obfuscated destination address may be determined based on the obfuscated destination address. An obfuscated source address may be determined based on the un-obfuscated source address. The obfuscated destination address may be replaced with the un-obfuscated destination address and the un-obfuscated source address may be replaced with the obfuscated source address. The packet may be forwarded.

Abstract: A method for distributing user data and permission settings is provided. The method includes receiving user inputs that identify at least one experience provider for data sharing and at least one data sharing preference of the user, configuring a rules engine of the platform computing system with rules based on the user inputs where the rules engine is configured to apply rules to implement data sharing preferences of the user, receiving a request for data of the user, transmitting the request for data of the user, receiving the applicable data of the user, providing the applicable data of the user, determining an amount of funds received from the experience provider and due to the user, and crediting an account associated with the user in the amount of the funds due to the user.

Abstract: Techniques for determining one or more attributes in relation to transitional activities for a client well are provided. Embodiments include receiving structured data and unstructured data related to a well from one or more data sources and extracting, from the structured data and the unstructured data related to the well, numerical features, text features, and categorical features. Embodiments include generating embeddings based on the text features and generating encoding vectors based on the categorical features. Embodiments include providing, as inputs to one or more machine learning models, the numerical features, the embeddings, and the encoding vectors. Embodiments include receiving, as outputs from the one or more machine learning models in response to the inputs, one or more predicted values related to one or more transitional activities for the well. Embodiments include generating, based on the one or more predicted values, a transitional recommendation for the well.

Abstract: An information handling system may include at least one processor and a computer-readable medium having instructions thereon that are executable by the at least one processor. The instructions may be executable for: prior to initialization of an operating system, executing a first-party pre-boot firmware application, wherein the first-party pre-boot firmware application is configured to provide system-level context information; executing a third-party pre-boot firmware application, wherein the third-party pre-boot firmware application is configured to receive the system-level context information from the first-party pre-boot firmware application; and displaying a user interface for the third-party pre-boot firmware application, wherein at least one element of the user interface is based on the system-level context information.

Abstract: Systems, methods and computer readable products are provided for enabling dynamic loading of one or more digital image branding functions associated with one or more distribution rules. A distribution rule is used to target a group of end users that are selected from a dataset mapping a plurality of end-users according to one or more distribution rules. Instructions are forwarded to present an indication the digital image branding function to each member of the end users group.

Abstract: An information processing apparatus has a deployment unit configured to deploy an image file and to create files used for a virtual environment, a virtual environment creator configured to create the virtual environment using the files, a recorder configured to record information about a first file included in the files, a manager configured to access the first file stored in the virtual environment and to determine, based on information acquired by accessing the first file, whether to execute software whose execution was detected in the virtual environment, and a normality determinator configured to determine, based on a difference between information acquired by accessing the first file and information about the recorded first file, whether the first file is normal.

Abstract: A plurality of queries are input into an artificial intelligence (AI) model. The AI model is made up of a plurality of layers including an input layer, an output layer, and at least one intermediate layer between the input layer and the output layer. Each intermediate layer, during inference, can output a plurality of activations. Thereafter, for each query, activations are intercepted from at least one of the intermediate layers. It is then determined whether a distribution of the intercepted activations across the queries indicates that the queries seek to cause the AI model to behave in an undesired manner by conducting a distance-based similarity analysis between the intercepted activations and reference activations. Data characterizing such determination is then provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: One example method includes monitoring a data access pattern, registering a data access request directed to data, comparing metadata associated with the data access request to a rule, based on a result of the comparing, sending a trigger to a graph service, and using information in the trigger to generate a visual representation of the data access request, wherein the visual representation indicates an extent to which the data access request is considered to constitute a potential threat to the data.

Abstract: Mechanisms are provided to minimize personally identifiable information (PII) in an electronic document. An iterative personally identifiable information minimization (IPIIM) engine receives an electronic document comprising natural language content having a mention of a protected entity and obfuscates the mention of the protected entity to thereby generate a minimized natural language content. A question answering system processes the minimized natural language content to generate a listing of candidate answers and corresponding confidence scores and the IPIIM engine determines whether or not the minimized natural language content is sufficiently obfuscated based on the listing of candidate answers and corresponding confidence scores. In response to determining that the minimized natural language content is sufficiently obfuscated, the minimized natural language content is provided for processing by a requestor computing device.

Abstract: A storage device for performing an access authority control and an operating method thereof are disclosed. The storage device including processing circuitry configured to store a plurality of security information associated with the plurality of namespaces in response to a command from the host, each of the security information including virtual machine information associated with a corresponding one of the plurality of virtual machines and unique information associated with the corresponding virtual machine, the virtual machine information including an identifier for the corresponding virtual machine, and the unique information including unique information uniquely set for the corresponding virtual machine, extract at least first information by decoding a data access request received from the host device, and abort processing of the data access request based on the security information and the extracted at least one first information.

Abstract: A monitoring apparatus configured to monitor a network device that is a management target of a device management service, wherein software is executed that operates in different operation modes according to a usage format, compares a version of a license agreement related to the update and linked to the current usage format for the monitoring apparatus with the current version of the license agreement in the case in which an update related to the software is necessary, and in the case in which the versions are the same, performs the update related to the software.

Abstract: Methods, system, and non-transitory processor-readable storage medium for a design obfuscation system are provided herein. An example method includes a design obfuscation system that receives software code to be compiled on a system running a software compiler. The design obfuscation system generates obfuscated code from at least a portion of the software code, where the obfuscated code, when decompiled, avoids identification of design patterns in the software code. The design obfuscation system provides the obfuscated code to the software compiler for compiling, and the software compiler compiles the obfuscated code.

Abstract: A video data loss prevention (vDLP) system that uses machine-learning for protection against data exfiltration of sensitive content across multiple tenants in a cloud-based network. The vDLP system consists of tenants that include end-user devices and a vDLP server. The vDLP server is configured to intercept traffic at an application layer of the cloud-based network and receive a video file from traffic. A viewer for the video file is remote from the cloud-based network. The vDLP server further recognizes text of audio and frames extracted from the video file using a machine-learning engine. The vDLP server then analyzes the frames and text using machine-learning classifiers, enforces policies against machine-learning classifiers for protection against data exfiltration of sensitive content in the video file, and sends a notification away from the cloud-based network upon detection of violation of a policy.

Abstract: A universal resource locator (URL) collider processes a click event referencing a URL and directs a browser to a page at the URL. While the page is being rendered by the browser with page data from a web server, the URL collider intercepts the page data including events associated with rendering the page, determines microfeatures of the page such as Document Object Model objects and any URLs referenced by the page, applies detection rules, tags as evidence any detected bad microfeature, bad URL, or suspicious sequence of events, and stores the evidence in an evidence database. Based on the evidence, a judge module dynamically determines whether to condemn the URL before or just in time as the page at the URL is fully rendered by the browser. If so, the browser is directed to a safe location or a notification page.

Abstract: A configurable, customizable privacy-protecting tool permits users to specify a personal/corporate privacy charter which is used to engage with digital service providers (DSPs) and similar entities. The privacy charter can be adapted to reflect individual and corporate goals and requirements for data treatment across a number of domains and in accordance with different standards/thresholds.

Abstract: A program license management method disposed in the present disclosure includes an operation of receiving an authentication request from a mediation device, an operation of transmitting a request message for requesting installation of an application from a server to the authenticated mediation device after the mediation device is successfully authenticated, the request message including device identification information of a camera device, an operation of receiving signed information and application data from the mediation device, an operation of performing license validation including determination of whether the signed information includes the device identification information and determination of whether the signed information according to the server is valid, and an operation of installing the application data in the device when the license validation is successful.

Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

Abstract: Systems, methods, and computer-readable for endpoint integration and mapping are disclosed. A system can include one or more processing circuits configured to identify endpoints and access information. The processing circuits can generate an object package corresponding to the endpoint by initiating the object package based on an identifier corresponding to an endpoint type of which the object package is structured and mapping the access information to an access scheme corresponding to formatted requests to access the endpoints for protection data. The processing circuits can perform an endpoint request by invoking the object package using at least one formatted request and receiving output data with a response to the endpoint request by a DCDSI system. The processing circuits can further update a distributed ledger or data source based on the output data.

Abstract: A method for providing response-hiding searchable encryption includes receiving a search query for a keyword from a user device associated with a user. The keyword appears in one or more encrypted documents within a corpus of encrypted documents stored on an untrusted storage device. The method also includes accessing a document oblivious key-value storage (OKVS) to obtain a list of document identifiers associated with the keyword. Each document identifier in the list of document identifiers associated with a respective keyword identifier is concatenated with the keyword and uniquely identifies a respective one of the one or more encrypted documents that the keyword appears in. The method also includes returning the list of document identifiers obtained from the document OKVS to the user device.

Abstract: Techniques for data classification. A method includes sampling a dataset into first and second samples. Each first sample is a numerical value, and each second sample is a string of characters. A truth table is applied to the first samples from a dataset. The truth table includes multiple first columns, each of which accepts an input value determined for each of the first samples, and a second column which outputs first scores representing likelihoods for respective classifications. Classifiers are applied to features extracted from the second samples, where each classifier is a machine learning model trained to output a second score representing a likelihood for a respective classification for each second sample. Classifications are determined based on the first and second scores. The classifications include a classification for each first sample determined based on the first scores and a classification for each second sample determined based on the second scores.

Abstract: A method for extending a blockchain comprises, at a space server: allocating an amount of drive storage for generating proofs-of-space; or accessing a first challenge based on a prior block of the blockchain, the prior block comprising a first proof-of-space and a first proof-of-time; in response to accessing the first challenge, generating a second proof-of-space based on the first challenge and the amount of drive storage, the second proof-of-space indicating allocation of the amount of drive storage; accessing a second proof-of-time based on the prior block and indicating a first time delay elapsed after extension of the blockchain with the prior block; generating a new block comprising the second proof-of-space and the second proof-of-time; and broadcasting the new block over a distributed network.

Abstract: Various embodiments are directed to an example apparatus, computer-implemented method, and computer program product for rapid machine learning in a data-constrained environment. Such embodiments may include using a decision space generation model to generate candidate content data objects based on content generation objectives. Such embodiments may further include generating a first plurality of rated content data objects for a first target client based on a first experimental classification group and generating a second plurality of rated content data objects for a second target client based on a second experimental classification group. Such embodiments may further generate, based on a learning model, the first experimental classification group, and the second experimental classification group, a custom output content set including one or more of the first plurality of rated content data objects and one or more of the second plurality of rated content data objects.

Abstract: A method of investigating a host computer uses an investigation system remote to the host computer. The investigation system includes at least one computer system. The method includes establishing a connection with the remote host computer, and sending at least one investigative module to the host computer. The at least one investigative module is configured to run on the host computer to perform at least one investigative function on the host computer. The at least one investigative module includes an agentless computer program configured to run on the host computer to perform at least one investigative function on the host computer to investigate the host computer to ascertain if the host computer has any data or process (hereinafter collectively referred to as data forms) with suspicious attributes.

Abstract: Various embodiments of the present invention provide a system and method for open digital media distribution. According to one embodiment, a system is provided which performs the operations of: creating a profile (e.g., artist or label profile) based on an input from a first party; receiving a digital media upload from the first party, wherein the digital media upload contains media content and the first party has a property interest in the media content; receiving from the first party an assignment of a payment account to the digital media upload, such that money from sales relating to the digital media upload is deposited into the payment account; receiving from the first party a sales parameters associated with the digital media upload; presenting through a computing device the digital media upload for sale to a second party; and selling the digital media upload to the second party through a computing device.

Abstract: A system and method for applying a policy on a network path is presented. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is deployed in a cloud computing environment, having access to an external network; actively inspecting an external network path to determine if the network path of the reachable resource is accessible from the external network; determining that the network path is a valid path, in response to determining that the reachable resource is accessible from the external network path; applying a policy on the valid path; and initiating a mitigation action, in response to determining that the policy is violated.

Abstract: The present application discloses a method, system, and computer system for deleting, auditing, and/or performing disaster recovery for personal identifiable information (PII). The method includes determining to delete from a dataset PII data corresponding to an individual, determining a PII key associated with the individual, and performing a lookup with respect to the dataset for PII data associated with the individual using the PII key.

Abstract: A digital object is associated with a smart contract that stores a first hash value to represent a user device used to acquire ownership of the digital object. When a request to transfer ownership of the digital object from a first user to a second user is received, a user account of the first user is accessed to retrieve information identifying a user device associated with the user account of the first user. The first hash value in the smart contract is authenticated based on the information representing the first user's device. If the first hash value is determined to match the user device information stored in the first user's account, a token representing the digital object is transferred to a wallet associated with the second user. The smart contract is updated to include a second hash value that represents a user device used by the second user to request the ownership transfer of the digital object.

Abstract: An information processing apparatus includes circuitry to read identification information of an application and a program of the application from a recording medium; generate license information using unique information assigned to the information processing apparatus, the identification information, and the program; and store the generated license information in the recording medium. The license information is for using the application on the information processing apparatus.

Abstract: According to computerized methods of distributing software and data, software components may be distributed electronically for execution in controlled environments. Such a controlled environment may, for example, restrict the components' ability to communicate through a network to one or more specified hosts. When a component requests data, such as a stream of financial data, the request may specify a source of the data, and the request may be granted or denied by the distributor based on whether the specified source is an authorized source of the data and/or whether the requested data is available from an authorized source.

Abstract: The application discloses a method of data processing based on a cloud document component, which can be executed by the first client. The first client may send an access token to the cloud document component, to cause the cloud document component to perform authentication on the first client. After the cloud document component receives the access token, authentication can be performed on the first client with the access token. After the cloud document component confirms that the first client has passed the authentication, the first client can load a cloud document in the first client with the cloud document component in response to the cloud document component determining that the first client has passed the authentication. The cloud document component can load the cloud document with a first component provided by the first client, and the first component can provide a capability of rendering a web page.

Abstract: An information processing device comprising a processor configured to determine a first timing designated for a product registered as a purchased product. The processor is also configured to determine a first registration position where the product is designated. The processor is also configured to determine a second timing designated for the product. The processor is also configured to determine a second registration position where the product is designated. The processor is also configured to determine, based on the first timing, the first registration position, the second timing, and the second registration position, a first reliability of the first registration position. The processor is also configured to generate first tracking data relating to the product by associating the second timing, the second registration position, and the first reliability.

Abstract: Interaction events collected across disparate customer communication channels of an enterprise are processed to generate an encoded unique content item identifier for each content item referenced in an interaction event such that the content item is resolvable to a location in a content repository. A training data set is built using the interaction events thus processed and a multi-channel content recommendation model is trained using the training data set. The multi-channel content recommendation model thus trained stores data points representing intersections of customers and content items that the enterprise has been tracking, with each data point having an effectiveness score for an associated content item.

Abstract: A method, system and computer program product are configured to access data, the data including a plurality of attributes, classify each of the attributes into one of a plurality of classifications, receive a privacy objective and a utility objective, determine a data transformation to achieve the privacy objective and the utility objective, apply the data transformation to the data, wherein the data transformation is applied to at least one of the attributes of the data based on the classifications to produce selectively modified data, iteratively refine data transformations through adjustment of utility objectives, and present the data for disclosure.